Lucene search
+L

188 matches found

Packet Storm
Packet Storm
added 2025/01/12 12:0 a.m.136 views

CISA: VILT Fact Sheet

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

7.4AI score
Exploits0
Patchstack
Patchstack
added 2024/12/17 10:30 p.m.5 views

WordPress WPLMS plugin < 1.9.9.5.2 - Instructor+ Arbitrary File Upload vulnerability

Instructor+ Arbitrary File Upload vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WPLMS versions 1.9.9.5.2...

9.1CVSS7AI score0.00568EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/12/17 10:29 p.m.7 views

WordPress WPLMS plugin < 1.9.9.5.3 - Instructor+ SQL Injection vulnerability

Instructor+ SQL Injection vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin WPLMS versions 1.9.9.5.3...

8.8CVSS8.1AI score0.00425EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2024/11/25 7:19 p.m.25 views

CVE-2024-53258 download_all_submissions allows student to download another student's submissions in Autolab

Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the downloadallsubmissions feature. This can allow for leakage of...

7.1CVSS6.7AI score0.00469EPSS
Exploits0References2
CVE
CVE
added 2024/11/21 6:49 a.m.73 views

CVE-2024-10393

CVE-2024-10393 affects the WordPress Tutor LMS plugin, vulnerable in versions

5.3CVSS5.2AI score0.00563EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/11/20 9:15 p.m.5 views

CVE-2024-48530

An issue in the Instructor Appointment Availability module of eSoft Planner 3.24.08271-USA allows attackers to cause a Denial of Service DoS via a crafted POST request...

7.5CVSS5.8AI score0.0056EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/11/20 12:0 a.m.27 views

CVE-2024-48530

An issue in the Instructor Appointment Availability module of eSoft Planner 3.24.08271-USA allows attackers to cause a Denial of Service DoS via a crafted POST request...

0.0056EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/11/20 12:0 a.m.12 views

PT-2024-33131 · Unknown · Esoft Planner

Name of the Vulnerable Software and Affected Versions: eSoft Planner version 3.24.08271-USA Description: An issue in the Instructor Appointment Availability module allows attackers to cause a Denial of Service DoS via a crafted POST request. Recommendations: For version 3.24.08271-USA, consider...

7.5CVSS7AI score0.0056EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2024/11/20 12:0 a.m.9 views

CVE-2024-48530

An issue in the Instructor Appointment Availability module of eSoft Planner 3.24.08271-USA allows attackers to cause a Denial of Service DoS via a crafted POST request...

6.9AI score0.0056EPSS
Exploits1References1
NVD
NVD
added 2024/10/25 8:15 a.m.25 views

CVE-2024-47158

N-LINE 2.0.6 and prior versions contain a code injection vulnerability. If this vulnerability is exploited, arbitrary code may be executed on the instructor's browser, or the instructor may be directed to a malicious website...

7.4CVSS0.00219EPSS
Exploits0References1
OSV
OSV
added 2024/10/25 8:15 a.m.3 views

CVE-2024-47158

N-LINE 2.0.6 and prior versions contain a code injection vulnerability. If this vulnerability is exploited, arbitrary code may be executed on the instructor's browser, or the instructor may be directed to a malicious website...

5.4CVSS5.9AI score0.00219EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/10/18 5:48 a.m.2 views

N-LINE vulnerable to HTML injection

Overview N-LINE provided by NEUMANN CO.LTD. is an online learning management system for driving schools. N-LINE processes inputs with insufficient check CWE-94, and malicious inputs from an student's device may badly impact the instructor's screen. Ayato Shitomi of Fore-Z co.ltd reported this...

7.4CVSS6.8AI score0.00219EPSS
Exploits0References4
Patchstack
Patchstack
added 2024/08/09 12:0 a.m.12 views

WordPress Tutor LMS Plugin <= 2.7.3 is vulnerable to Cross Site Scripting (XSS)

Software Tutor LMS Type Plugin Vulnerable versions = 2.7.3 Fixed in 2.7.4 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-43231 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c09ff6728ca9 Credits justakazh Required privilege Instructor...

6.5CVSS6.6AI score0.00279EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/25 2:34 p.m.10 views

CVE-2024-41806 Open edX Platform's instructor upload CSV for cohort creation not Private by Default

The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become publicly available...

5.3CVSS6.7AI score0.00331EPSS
Exploits0References2
OSV
OSV
added 2024/07/25 2:34 p.m.11 views

CVE-2024-41806 Open edX Platform's instructor upload CSV for cohort creation not Private by Default

The Open edX Platform is a learning management platform. Instructors can upload csv files containing learner information to create cohorts in the instructor dashboard. These files are uploaded using the django default storage. With certain storage backends, uploads may become publicly available...

5.3CVSS6.8AI score0.00331EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/07/25 12:0 a.m.8 views

PT-2024-5257 · Amazon · Aws S3

Name of the Vulnerable Software and Affected Versions: Open edX Platform versions master, palm, olive, nutmeg, maple, lilac, koa, or juniper Description: The issue is related to inadequate access control in the Open edX Platform, specifically with the AWS S3 Bucket Handler component. This may all...

5.3CVSS7AI score0.00331EPSS
Exploits0References9
Patchstack
Patchstack
added 2024/07/22 6:36 a.m.7 views

WordPress MasterStudy LMS plugin < 3.3.24 - Privilege Escalation to Instructor vulnerability

Privilege Escalation to Instructor vulnerability discovered by Jaime F. Murillo in WordPress Plugin MasterStudy LMS versions 3.3.24...

9.1CVSS7AI score0.00493EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2024/07/22 6:15 a.m.39 views

CVE-2024-5973

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have...

9.1CVSS0.00493EPSS
Exploits1References1
OSV
OSV
added 2024/07/22 6:15 a.m.5 views

CVE-2024-5973

The MasterStudy LMS WordPress Plugin WordPress plugin before 3.3.24 does not prevent students from creating instructor accounts, which could be used to get access to functionalities they shouldn't have...

8.8CVSS5.8AI score0.00493EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/07/22 12:0 a.m.10 views

PT-2024-37284 · WordPress · Masterstudy Lms Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The MasterStudy LMS WordPress Plugin versions prior to 3.3.24 Description: The issue allows students to create instructor accounts, potentially granting them access to unauthorized functionalities. Recommendations: For versions prior to 3.3.2...

9.1CVSS7.2AI score0.00493EPSS
Exploits1References6
Rows per page
Query Builder