1463 matches found
EUVD-2026-43290
The Tutor LMS WordPress plugin before 3.9.13 does not, in its Droip and Kirki page-builder integration, perform the enrollment, purchase, and private-course capability checks it enforces in its core course handler, allowing authenticated users with subscriber-level access to enroll in paid or...
CVE-2026-12275
The Tutor LMS WordPress plugin before 3.9.13 does not, in its Droip and Kirki page-builder integration, perform the enrollment, purchase, and private-course capability checks it enforces in its core course handler, allowing authenticated users with subscriber-level access to enroll in paid or...
CVE-2026-12275
Affected software: Tutor LMS WordPress plugin (before 3.9.13) with Droip and Kirki page-builder integrations. What is vulnerable: The core course handler does not perform enrollment, purchase, and private-course capability checks when using Droip/Kirki integrations, permitting authenticated users...
CVE-2026-12275 Tutor LMS < 3.9.13 - Subscriber+ Unauthorized Course Enrollment and Private Course Content Disclosure via Droip/Kirki Integration
The Tutor LMS WordPress plugin before 3.9.13 does not, in its Droip and Kirki page-builder integration, perform the enrollment, purchase, and private-course capability checks it enforces in its core course handler, allowing authenticated users with subscriber-level access to enroll in paid or...
EUVD-2026-41793
A security vulnerability has been detected in SourceCodester Onlne Examination & Learning Management System 1.0. This affects an unknown part of the file /ajaxenroll.php of the component Enrollment Management. The manipulation of the argument studentid/scheduleid/action leads to improper...
CVE-2026-14778
A security vulnerability has been detected in SourceCodester Onlne Examination & Learning Management System 1.0. This affects an unknown part of the file /ajaxenroll.php of the component Enrollment Management. The manipulation of the argument studentid/scheduleid/action leads to improper...
CVE-2026-14778
A security vulnerability has been detected in SourceCodester Onlne Examination & Learning Management System 1.0. This affects an unknown part of the file /ajaxenroll.php of the component Enrollment Management. The manipulation of the argument studentid/scheduleid/action leads to improper...
CVE-2026-14778 SourceCodester Onlne Examination & Learning Management System Enrollment Management ajax_enroll.php improper authorization
A security vulnerability has been detected in SourceCodester Onlne Examination & Learning Management System 1.0. This affects an unknown part of the file /ajaxenroll.php of the component Enrollment Management. The manipulation of the argument studentid/scheduleid/action leads to improper...
CVE-2026-14778
The CVE concerns SourceCodester Onlne Examination & Learning Management System 1.0. The vulnerability is in the Enrollment Management component, specifically the /ajax_enroll.php file, where manipulation of the arguments student_id, schedule_id, or action leads to improper authorization. This all...
PT-2026-55835
Name of the Vulnerable Software and Affected Versions SourceCodester Onlne Examination & Learning Management System version 1.0 Description Improper authorization occurs in the Enrollment Management component within the /ajax enroll.php endpoint. A remote attacker can manipulate the student id,...
GHSA-XR4F-MJXJ-W6W5 OpenClaw: Non-owner chat senders could issue device-pairing bootstrap codes
Summary The bundled device-pair plugin exposed /pair on normal chat command surfaces. In affected releases, authorized non-owner chat senders could issue device-pairing bootstrap codes without having owner, admin, or pairing scope. This issue does not affect unauthenticated users. The caller must...
CVE-2026-58165
OpenZiti through 2.0.0, fixed in commit 3027fdf, contains a privilege escalation vulnerability that allows authenticated non-admin identities with fine-grained enrollment management permissions to create enrollments for any identity, including the default administrator, because the ApplyCreate...
CVE-2026-58165 OpenZiti - Privilege Escalation to Admin via Unauthorized Enrollment Creation
OpenZiti through 2.0.0, fixed in commit 3027fdf, contains a privilege escalation vulnerability that allows authenticated non-admin identities with fine-grained enrollment management permissions to create enrollments for any identity, including the default administrator, because the ApplyCreate...
EUVD-2026-40371
OpenZiti through 2.0.0, fixed in commit 3027fdf, contains a privilege escalation vulnerability that allows authenticated non-admin identities with fine-grained enrollment management permissions to create enrollments for any identity, including the default administrator, because the ApplyCreate...
CVE-2026-58165 OpenZiti - Privilege Escalation to Admin via Unauthorized Enrollment Creation
OpenZiti through 2.0.0, fixed in commit 3027fdf, contains a privilege escalation vulnerability that allows authenticated non-admin identities with fine-grained enrollment management permissions to create enrollments for any identity, including the default administrator, because the ApplyCreate...
CVE-2026-58165
OpenZiti (up to v2.0.0) contains a privilege-escalation via Unauthorized Enrollment Creation. The ApplyCreate function in controller/model/enrollment_manager.go validates only that the target identity exists, with no authorization binding the caller to the target. Authenticated non-admin users wi...
CVE-2026-58165 OpenZiti - Privilege Escalation to Admin via Unauthorized Enrollment Creation
OpenZiti through 2.0.0, fixed in commit 3027fdf, contains a privilege escalation vulnerability that allows authenticated non-admin identities with fine-grained enrollment management permissions to create enrollments for any identity, including the default administrator, because the ApplyCreate...
PT-2026-53916
Name of the Vulnerable Software and Affected Versions OpenZiti versions prior to 2.0.1 Description A privilege escalation flaw exists in the controller enrollment management path. An authenticated non-admin identity with fine-grained enrollment management permissions can create enrollments for an...
EUVD-2026-39591
Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior have a predictable registration ID derived from IMEI. The enrollment system lacks additional authentication before assignment. If an attacker is able to obtain the registration ID, they would be able to arbitrarily...
CVE-2026-9219
Setracker2 Android Companion App com.tgelec.setracker versions 3.1.5 and prior have a predictable registration ID derived from IMEI. The enrollment system lacks additional authentication before assignment. If an attacker is able to obtain the registration ID, they would be able to arbitrarily...