Masteriyo LMS <= 1.7.3 - Insecure Direct Object Reference

Authentication Bypass Using an Alternate Path or Channel vulnerability in Masteriyo Masteriyo - LMS. Unauth access to course progress.This issue affects Masteriyo - LMS: from n/a through 1.7.3. id: CVE-2024-33939 info: name: Masteriyo LMS = 1.7.3 - Insecure Direct Object Reference author:...

Academy Learning Management System <5.9.1 - Cross-Site Scripting

Academy Learning Management System before 5.9.1 contains a cross-site scripting vulnerability via the Search parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

LMS by Masteriyo < 1.6.8 - Information Exposure

The plugin does not properly safeguards sensitive user information, like other user's email addresses, making it possible for any students to leak them via some of the plugin's REST API endpoints. id: CVE-2023-3345 info: name: LMS by Masteriyo 1.6.8 - Information Exposure author: DhiyaneshDK...

CVE-2026-12789

A vulnerability was identified in ILIAS Learning Management System 11.0. This issue affects the function ilTrQuery::executeQueries of the file components/ILIAS/Tracking/classes/class.ilTrQuery.php of the component Learning Progress Tracking. Such manipulation of the argument trouptablenav leads t...

EUVD-2026-38108

SP LMS comsplms 4.1.4 by JoomShaper deserializes user-controlled cookie data without validation, enabling an unauthenticated remote attacker to execute arbitrary code on the server...

PT-2026-51136

Name of the Vulnerable Software and Affected Versions SP LMS versions prior to 4.1.4 Description SP LMS com splms by JoomShaper contains a PHP Object injection flaw where user-controlled cookie data is deserialized without validation. Specifically, the application passes the lmsOrders cookie to a...

CVE-2026-39598

Unrestricted Upload of File with Dangerous Type vulnerability in Kodezen LLC Academy LMS Pro allows Upload a Web Shell to a Web Server. This issue affects Academy LMS Pro: from n/a before 3.5.2...

CVE-2026-42743

Unauthenticated Broken Authentication in Masteriyo - LMS = 2.1.8 versions...

EUVD-2026-36837

Unauthenticated Broken Authentication in Masteriyo - LMS = 2.1.8 versions...

CVE-2026-42743 WordPress Masteriyo - LMS plugin <= 2.1.8 - Broken Authentication vulnerability

Unauthenticated Broken Authentication in Masteriyo - LMS = 2.1.8 versions...

CVE-2026-42743

The CVE concerns WordPress Masteriyo LMS plugin versions ≤ 2.1.8 with an Unauthenticated Broken Authentication vulnerability. Impact is described as low confidentiality and integrity (CVSS v3.1: 6.5, MEDIUM). The issue is in Masteriyo-LMS prior to or at 2.1.8, enabling access without authenticati...

PT-2026-49411

Subscriber SQL Injection in MasterStudy LMS = 3.7.25 versions...

Frappe Learning Management System 注入漏洞

Frappe Learning Management System is an easy-to-use open-source learning management system developed by Frappe. Versions of the Frappe Learning Management System prior to 2.53.0 had a injection vulnerability. This vulnerability allowed authenticated users to provide malicious content in certain...

CVE-2026-46546

Summary: CVE-2026-46546 affects Frappe LMS. Before v2.53.0, an authenticated user could insert crafted content in certain user-editable fields, which—when surfaced in page metadata—caused visitors’ browsers to navigate to an attacker-chosen URL. The issue has been patched in v2.53.0. Impact (as s...

PT-2026-48339

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to version 2.53.0, an authenticated user could supply specially crafted content in certain user-editable fields that, when surfaced in page metadata, caused visitors' browsers to navigate to...

CVE-2026-11552

A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unknown functionality of the file importusers.php. The manipulation of the argument rawpassword with...

EUVD-2026-35174

A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unknown functionality of the file importusers.php. The manipulation of the argument rawpassword with...

CVE-2026-11552 SourceCodester Onlne Examination & Learning Management System import_users.php hard-coded password

A vulnerability has been found in SourceCodester Onlne Examination & Learning Management System and Syllabus-aligned Learning Management and Examination System 1.0. Affected by this issue is some unknown functionality of the file importusers.php. The manipulation of the argument rawpassword with...

CVE-2025-53209

Incorrect Privilege Assignment vulnerability in Themeisle Masteriyo LMS PRO allows Privilege Escalation. This issue affects Masteriyo LMS PRO: from n/a through 2.20.0...

CVE-2026-39415

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.46.0, a vulnerability has been identified in Frappe Learning where quiz scores can be modified by students before submission. The application currently relies on client-side calculated...