Lucene search
K

61 matches found

OSV
OSV
added 2026/02/03 4:58 p.m.6 views

CVE-2026-24774 Open eClass Business Logic Flaw Allows Students to Mark Attendance in Expired Activities

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a business logic vulnerability allows authenticated students to improperly mark themselves as present in attendance activities, including activities that have already expired, by...

4.3CVSS5.4AI score0.00201EPSS
Exploits1References3
EUVD
EUVD
added 2026/02/03 4:57 p.m.6 views

EUVD-2026-5232

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, an Insecure Direct Object Reference IDOR vulnerability allows unauthenticated remote attackers to access personal files of other users by directly requesting predictable user...

7.5CVSS5.4AI score0.00352EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 4:57 p.m.4 views

CVE-2026-24773

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, an Insecure Direct Object Reference IDOR vulnerability allows unauthenticated remote attackers to access personal files of other users by directly requesting predictable user...

7.5CVSS5.4AI score0.00352EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/03 4:57 p.m.6 views

CVE-2026-24773 Open eClass Unauthenticated IDOR Allows Access to Arbitrary User Files

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, an Insecure Direct Object Reference IDOR vulnerability allows unauthenticated remote attackers to access personal files of other users by directly requesting predictable user...

7.5CVSS5.4AI score0.00352EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 4:57 p.m.2 views

CVE-2026-24674

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Reflected Cross-Site Scripting XSS vulnerability allows remote attackers to execute arbitrary JavaScript in the context of authenticated users by crafting malicious URLs and...

4.7CVSS5.8AI score0.0018EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/02/03 4:57 p.m.5 views

EUVD-2026-5234

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Reflected Cross-Site Scripting XSS vulnerability allows remote attackers to execute arbitrary JavaScript in the context of authenticated users by crafting malicious URLs and...

4.7CVSS5.8AI score0.0018EPSS
Exploits1References1
EUVD
EUVD
added 2026/02/03 4:56 p.m.5 views

EUVD-2026-5237

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated students to inject malicious JavaScript into user profile fields, which is executed when users with viewing...

7.3CVSS5.3AI score0.00182EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/02/03 4:56 p.m.3 views

CVE-2026-24670 Open eClass Has Broken Access Control in Course Units Module Allows Students to Create Units

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to create new course units, an action normally restricted to higher-privileged roles. This issue has been patch...

6.5CVSS5.3AI score0.00207EPSS
Exploits1References1
EUVD
EUVD
added 2026/02/03 4:56 p.m.5 views

EUVD-2026-5239

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to create new course units, an action normally restricted to higher-privileged roles. This issue has been patch...

6.5CVSS5.3AI score0.00207EPSS
Exploits1References1
EUVD
EUVD
added 2026/02/03 4:56 p.m.7 views

EUVD-2026-5240

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a username enumeration vulnerability allows unauthenticated attackers to identify valid user accounts by analyzing differences in the login response behavior. This issue has been...

5.3CVSS5.3AI score0.0025EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/02/03 4:56 p.m.3 views

CVE-2026-24664

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a username enumeration vulnerability allows unauthenticated attackers to identify valid user accounts by analyzing differences in the login response behavior. This issue has been...

5.3CVSS5.3AI score0.0025EPSS
Exploits1References2Affected Software1
EUVD
EUVD
added 2026/01/08 3:7 p.m.6 views

EUVD-2026-1672

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, an arbitrary file upload vulnerability in the theme import functionality enables an attacker with administrative privileges to upload arbitrary files on the server's file system...

8.6CVSS7.8AI score0.03076EPSS
Exploits3References2
OSV
OSV
added 2026/01/08 3:7 p.m.9 views

CVE-2026-22241 Open eClass has Unrestricted File Upload that Leads to Remote Code Execution (RCE)

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, an arbitrary file upload vulnerability in the theme import functionality enables an attacker with administrative privileges to upload arbitrary files on the server's file system...

8.6CVSS8.2AI score0.03076EPSS
Exploits3References6
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2019-19240

Malware in sbrugna...

10CVSS9.5AI score0.0296EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2019-19241

Malware in sbrugna...

9.8CVSS9.5AI score0.02624EPSS
Exploits1References4
RedhatCVE
RedhatCVE
added 2025/02/05 9:5 a.m.7 views

CVE-2024-38530

The Open eClass platform formerly known as GUnet eClass is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may lead in unrestricted RC...

9.8CVSS7AI score0.00776EPSS
Exploits1
NVD
NVD
added 2024/08/12 3:15 p.m.33 views

CVE-2024-38530

The Open eClass platform formerly known as GUnet eClass is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may lead in unrestricted RC...

9.8CVSS0.00776EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/08/12 2:50 p.m.47 views

CVE-2024-38530 Open eClass Platform allows Arbitrary File Upload in "modules/h5p/save.php"

The Open eClass platform formerly known as GUnet eClass is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may lead in unrestricted RC...

9.8CVSS9.4AI score0.00776EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/08/12 2:50 p.m.37 views

CVE-2024-38530 Open eClass Platform allows Arbitrary File Upload in "modules/h5p/save.php"

The Open eClass platform formerly known as GUnet eClass is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may lead in unrestricted RC...

9.8CVSS0.00776EPSS
Exploits1References2
OSV
OSV
added 2024/08/12 2:50 p.m.24 views

CVE-2024-38530 Open eClass Platform allows Arbitrary File Upload in "modules/h5p/save.php"

The Open eClass platform formerly known as GUnet eClass is a complete Course Management System. An arbitrary file upload vulnerability in the "save" functionality of the H5P module enables unauthenticated users to upload arbitrary files on the server's filesystem. This may lead in unrestricted RC...

9.8CVSS7.1AI score0.00776EPSS
Exploits1References4
Rows per page
Query Builder