Lucene search
+L

1463 matches found

EUVD
EUVD
added 4 days ago5 views

EUVD-2026-43290

The Tutor LMS WordPress plugin before 3.9.13 does not, in its Droip and Kirki page-builder integration, perform the enrollment, purchase, and private-course capability checks it enforces in its core course handler, allowing authenticated users with subscriber-level access to enroll in paid or...

7.1CVSS6.2AI score0.00171EPSS
Exploits0References2
NVD
NVD
added 4 days ago4 views

CVE-2026-12275

The Tutor LMS WordPress plugin before 3.9.13 does not, in its Droip and Kirki page-builder integration, perform the enrollment, purchase, and private-course capability checks it enforces in its core course handler, allowing authenticated users with subscriber-level access to enroll in paid or...

7.1CVSS0.00171EPSS
Exploits0References1
CVE
CVE
added 4 days ago14 views

CVE-2026-12275

Affected software: Tutor LMS WordPress plugin (before 3.9.13) with Droip and Kirki page-builder integrations. What is vulnerable: The core course handler does not perform enrollment, purchase, and private-course capability checks when using Droip/Kirki integrations, permitting authenticated users...

7.1CVSS6.2AI score0.00171EPSS
Exploits0References1
Cvelist
Cvelist
added 4 days ago30 views

CVE-2026-12275 Tutor LMS < 3.9.13 - Subscriber+ Unauthorized Course Enrollment and Private Course Content Disclosure via Droip/Kirki Integration

The Tutor LMS WordPress plugin before 3.9.13 does not, in its Droip and Kirki page-builder integration, perform the enrollment, purchase, and private-course capability checks it enforces in its core course handler, allowing authenticated users with subscriber-level access to enroll in paid or...

0.00171EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 12:30 a.m.7 views

EUVD-2026-41793

A security vulnerability has been detected in SourceCodester Onlne Examination & Learning Management System 1.0. This affects an unknown part of the file /ajaxenroll.php of the component Enrollment Management. The manipulation of the argument studentid/scheduleid/action leads to improper...

7.5CVSS6.6AI score0.00294EPSS
Exploits0References7
NVD
NVD
added 2026/07/06 12:16 a.m.9 views

CVE-2026-14778

A security vulnerability has been detected in SourceCodester Onlne Examination & Learning Management System 1.0. This affects an unknown part of the file /ajaxenroll.php of the component Enrollment Management. The manipulation of the argument studentid/scheduleid/action leads to improper...

7.5CVSS0.00294EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/05 11:30 p.m.6 views

CVE-2026-14778

A security vulnerability has been detected in SourceCodester Onlne Examination & Learning Management System 1.0. This affects an unknown part of the file /ajaxenroll.php of the component Enrollment Management. The manipulation of the argument studentid/scheduleid/action leads to improper...

7.5CVSS6.6AI score0.00294EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2026/07/05 11:30 p.m.40 views

CVE-2026-14778 SourceCodester Onlne Examination & Learning Management System Enrollment Management ajax_enroll.php improper authorization

A security vulnerability has been detected in SourceCodester Onlne Examination & Learning Management System 1.0. This affects an unknown part of the file /ajaxenroll.php of the component Enrollment Management. The manipulation of the argument studentid/scheduleid/action leads to improper...

7.5CVSS0.00294EPSS
Exploits0References6
CVE
CVE
added 2026/07/05 11:30 p.m.14 views

CVE-2026-14778

The CVE concerns SourceCodester Onlne Examination & Learning Management System 1.0. The vulnerability is in the Enrollment Management component, specifically the /ajax_enroll.php file, where manipulation of the arguments student_id, schedule_id, or action leads to improper authorization. This all...

7.5CVSS6.6AI score0.00294EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.17 views

PT-2026-55835

Name of the Vulnerable Software and Affected Versions SourceCodester Onlne Examination & Learning Management System version 1.0 Description Improper authorization occurs in the Enrollment Management component within the /ajax enroll.php endpoint. A remote attacker can manipulate the student id,...

7.5CVSS7.1AI score0.00294EPSS
Exploits0References9
OSV
OSV
added 2026/07/02 4:55 p.m.9 views

GHSA-XR4F-MJXJ-W6W5 OpenClaw: Non-owner chat senders could issue device-pairing bootstrap codes

Summary The bundled device-pair plugin exposed /pair on normal chat command surfaces. In affected releases, authorized non-owner chat senders could issue device-pairing bootstrap codes without having owner, admin, or pairing scope. This issue does not affect unauthenticated users. The caller must...

8.3CVSS5.9AI score0.0023EPSS
Exploits0References2
NVD
NVD
added 2026/06/30 5:16 p.m.11 views

CVE-2026-58165

OpenZiti through 2.0.0, fixed in commit 3027fdf, contains a privilege escalation vulnerability that allows authenticated non-admin identities with fine-grained enrollment management permissions to create enrollments for any identity, including the default administrator, because the ApplyCreate...

8.8CVSS0.00244EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/30 3:49 p.m.6 views

CVE-2026-58165 OpenZiti - Privilege Escalation to Admin via Unauthorized Enrollment Creation

OpenZiti through 2.0.0, fixed in commit 3027fdf, contains a privilege escalation vulnerability that allows authenticated non-admin identities with fine-grained enrollment management permissions to create enrollments for any identity, including the default administrator, because the ApplyCreate...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/30 3:49 p.m.7 views

EUVD-2026-40371

OpenZiti through 2.0.0, fixed in commit 3027fdf, contains a privilege escalation vulnerability that allows authenticated non-admin identities with fine-grained enrollment management permissions to create enrollments for any identity, including the default administrator, because the ApplyCreate...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/30 3:49 p.m.36 views

CVE-2026-58165 OpenZiti - Privilege Escalation to Admin via Unauthorized Enrollment Creation

OpenZiti through 2.0.0, fixed in commit 3027fdf, contains a privilege escalation vulnerability that allows authenticated non-admin identities with fine-grained enrollment management permissions to create enrollments for any identity, including the default administrator, because the ApplyCreate...

8.8CVSS0.00244EPSS
Exploits0References4
CVE
CVE
added 2026/06/30 3:49 p.m.20 views

CVE-2026-58165

OpenZiti (up to v2.0.0) contains a privilege-escalation via Unauthorized Enrollment Creation. The ApplyCreate function in controller/model/enrollment_manager.go validates only that the target identity exists, with no authorization binding the caller to the target. Authenticated non-admin users wi...

8.8CVSS5.8AI score0.00244EPSS
Exploits0References4
OSV
OSV
added 2026/06/30 3:49 p.m.4 views

CVE-2026-58165 OpenZiti - Privilege Escalation to Admin via Unauthorized Enrollment Creation

OpenZiti through 2.0.0, fixed in commit 3027fdf, contains a privilege escalation vulnerability that allows authenticated non-admin identities with fine-grained enrollment management permissions to create enrollments for any identity, including the default administrator, because the ApplyCreate...

8.7CVSS6AI score0.00244EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.8 views

PT-2026-53916

Name of the Vulnerable Software and Affected Versions OpenZiti versions prior to 2.0.1 Description A privilege escalation flaw exists in the controller enrollment management path. An authenticated non-admin identity with fine-grained enrollment management permissions can create enrollments for an...

8.8CVSS6AI score0.00244EPSS
Exploits0References11
EUVD
EUVD
added 2026/06/26 12:32 a.m.8 views

EUVD-2026-39591

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior have a predictable registration ID derived from IMEI. The enrollment system lacks additional authentication before assignment. If an attacker is able to obtain the registration ID, they would be able to arbitrarily...

8.3CVSS5.9AI score0.00203EPSS
Exploits0References2
NVD
NVD
added 2026/06/26 12:16 a.m.12 views

CVE-2026-9219

Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior have a predictable registration ID derived from IMEI. The enrollment system lacks additional authentication before assignment. If an attacker is able to obtain the registration ID, they would be able to arbitrarily...

8.3CVSS0.00203EPSS
Exploits0References1
Rows per page
Query Builder