36 matches found
CVE-2026-42860
The CVE-2026-42860 issue affects Open edX Openedx Enterprise Service (edx-enterprise). From 7.0.2 through 7.0.4, the sync_provider_data endpoint retrieves SAML metadata from a URL stored in SAMLProviderConfig.metadata_source. An authenticated Enterprise Admin can PATCH this field to an arbitrary ...
Open edX Platform 代码问题漏洞
The Open edX Platform is an open-source course management system developed by Open edX. This system can be used for MOOCs Massive Open Online Courses as well as smaller courses and training modules. The Open edX Platform has code vulnerabilities that stem from the syncproviderdata endpoint in the...
WordPress plugin MasterStudy LMS WordPress Plugin – for Online Courses and Education 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. WordPress plugin...
CVE-2025-68270 CourseLimitedStaff Role Allows Studio Access
The Open edX Platform is a learning management platform. Prior to commit 05d0d0936daf82c476617257aa6c35f0cd4ca060, CourseLimitedStaffRole users are able to access and edit courses in studio if they are granted the role on an org rather than on a course, and CourseLimitedStaffRole users are able t...
CVE-2025-68270
The CVE-2025-68270 issue affects the Open edX Platform. Before commit 05d0d0936daf82c476617257aa6c35f0cd4ca060, users with CourseLimitedStaffRole could access and edit courses in Studio if their role was granted at the organization level rather than per course, and could list courses they have th...
EUVD-2025-32489
A vulnerability was detected in zhuimengshaonian wisdom-education up to 1.0.4. The affected element is an unknown function of the file src/main/java/com/education/api/controller/student/WrongBookController.java. Performing manipulation of the argument subjectId results in authorization bypass. Th...
wisdom-education 安全漏洞
wisdom-education is a cloud intelligence education platform by zhuimengshaonian individual developer. A security vulnerability exists in wisdom-education 1.0.4 and earlier versions, which originates from the incorrect operation of subjectId in the file...
EUVD-2025-31441
Malicious code in bioql PyPI...
EUVD-2025-3973
Malicious code in bioql PyPI...
EUVD-2024-50304
Malicious code in bioql PyPI...
CVE-2024-9286
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TRtek Software Distant Education Platform allows SQL Injection, Parameter Injection. This issue affects Distant Education Platform: before 3.2024.11...
CVE-2025-24886
pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users admin not required to perform an LFI from the CTFd container. When a user clones or updates repositories, a check...
CVE-2025-24885 pwn.college has a XSS on dojo pages
pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Missing access control on rendering custom unprivileged dojo pages causes ability for users to create stored XSS...
CVE-2025-24886 pwn.college has Symlink LFI in Dojo repos
pwn.college is an education platform to learn about, and practice, core cybersecurity concepts in a hands-on fashion. Incorrect symlink checks on user specified dojos allows for users admin not required to perform an LFI from the CTFd container. When a user clones or updates repositories, a check...
CVE-2024-9286
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TRtek Software Distant Education Platform allows SQL Injection, Parameter Injection. This issue affects Distant Education Platform: before 3.2024.11...
CVE-2024-9286
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TRtek Software Distant Education Platform allows SQL Injection, Parameter Injection. This issue affects Distant Education Platform: before 3.2024.11...
CVE-2024-9286 SQLi in TRtek Software's Distant Education Platform
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TRtek Software Distant Education Platform allows SQL Injection, Parameter Injection. This issue affects Distant Education Platform: before 3.2024.11...
CVE-2024-9286 SQLi in TRtek Software's Distant Education Platform
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in TRtek Software Distant Education Platform allows SQL Injection, Parameter Injection. This issue affects Distant Education Platform: before 3.2024.11...
PT-2024-39543 · Trtek · Trtek Software Distant Education Platform
Name of the Vulnerable Software and Affected Versions: TRtek Software Distant Education Platform versions prior to 3.2024.11 Description: The issue is related to Improper Neutralization of Special Elements used in an SQL Command, also known as SQL Injection, and Improper Input Validation...
inxedu SQL注入漏洞
Inxedu inxedu is a set of open source online education platform of China Inxedu Inxedu company. The platform includes an online school system, a live broadcasting system, an examination system and a marketing website. Inxedu 2.0.6 version of the SQL injection vulnerability , the vulnerability ste...