CVE-2021-47907

Rocket LMS 1.1 contains a persistent cross-site scripting vulnerability in the support ticket module that allows authenticated users to inject malicious script code through the title parameter. Attackers can submit support tickets with embedded HTML/JavaScript payloads that execute in the browser...

CoreExploit-Final

CoreExploit 🔐 Ethical Penetration Testing Learning Platfor...

📄 GUnet OpenEclass E-learning Remote Code Execution

GUnet OpenEclass E-learning versions prior to 4.2 suffer from a remote code execution vulnerability. Exploit Title: GUnet OpenEclass E-learning platform """ def banner: printf'''YELLOW ┏━╸╻ ╻┏━╸ ┏━┓┏━┓┏━┓┏━┓ ┏━┓┏━┓┏━┓╻ ╻╺┓ ┃ ┃┏┛┣╸ ╺━╸┏━┛┃┃┃┏━┛┣━┓╺━╸┏━┛┏━┛┏━┛┗━┫ ┃ ┗━╸┗┛ ┗━╸ ┗━╸┗━┛┗━╸┗━┛ ┗━╸┗━╸┗━╸...

CVE-2026-31939

Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path traversal in main/exercise/savescores.php leading to arbitrary file feletion. User input from $REQUEST'test' is concatenated directly into filesystem path without canonicalization or traversal checks. This vulnerabilit...

CVE-2026-33708

Chamilo LMS is a learning management system. Prior to 1.11.38, the getuserinfofromusername REST API endpoint returns personal information email, first name, last name, user ID, active status of any user to any authenticated user, including students. There is no authorization check. This...

CVE-2026-33879

Federated Learning and Interoperability Platform FLIP is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP login page in versions 0.1.1 and prior has no rate limiting or CAPTCHA, enabling brute-force and...

CVE-2026-33879 FLIP doesn't have rate limiting or brute-force protection on login

Federated Learning and Interoperability Platform FLIP is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP login page in versions 0.1.1 and prior has no rate limiting or CAPTCHA, enabling brute-force and...

CVE-2026-33879

FLIP (Federated Learning and Interoperability Platform) login page, affected in version 0.1.1 and earlier, lacks rate limiting and CAPTCHA. This enables brute-force and credential-stuffing attacks, with external users increasing credential reuse risk across institutions. The available documents d...

CVE-2026-33879

Federated Learning and Interoperability Platform FLIP is an open-source platform for federated training and evaluation of medical imaging AI models across healthcare institutions. The FLIP login page in versions 0.1.1 and prior has no rate limiting or CAPTCHA, enabling brute-force and...

Federated Learning and Interoperability Platform 安全漏洞

Federated Learning and Interoperability Platform is an open-source medical imaging learning platform developed by the London AI Centre. Versions of the Federated Learning and Interoperability Platform FLIP prior to 0.1.1 contained security vulnerabilities. These vulnerabilities stemmed from the...

PT-2026-28547

Name of the Vulnerable Software and Affected Versions Federated Learning and Interoperability Platform FLIP versions prior to 0.1.1 Description The Federated Learning and Interoperability Platform FLIP login page lacks rate limiting or CAPTCHA protection, which could allow brute-force and...

CVE-2026-4484 Masteriyo LMS <= 2.1.6 - Missing Authorization to Authenticated (Student+) Privilege Escalation to Administrator

The Masteriyo LMS plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.1.6. This is due to the plugin allowing a user to update the user role through the 'InstructorsController::prepareobjectfordatabase' function. This makes it possible for...

EUVD-2025-208848

A vulnerability in MLflow's pyfunc extraction process allows for arbitrary file writes due to improper handling of tar archive entries. Specifically, the use of tarfile.extractall without path validation enables crafted tar.gz files containing .. or absolute paths to escape the intended extractio...

CVE-2026-30876 Chamilo LMS: User enumeration vulnerability via response

Chamilo LMS is a learning management system. Prior to version 1.11.36, Chamilo is vulnerable to user enumeration with valid/invalid username. This issue has been patched in version 1.11.36...

CVE-2026-1106 Chamilo LMS Legal Consent SocialController.php deleteLegal improper authorization

A security flaw has been discovered in Chamilo LMS up to 2.0.0 Beta 1. This issue affects the function deleteLegal of the file src/CoreBundle/Controller/SocialController.php of the component Legal Consent Handler. Performing a manipulation of the argument userId results in improper authorization...

CVE-2023-31800

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via the forum title parameter...

PT-2025-48176

Name of the Vulnerable Software and Affected Versions Classroomio LMS version 0.1.13 Description An authenticated attacker can execute arbitrary code through crafted SVG cover images. The issue is a stored Cross Site Scripting XSS condition. Recommendations Update to a newer version that contains...

CVE-2025-11086

Summary of CVE-2025-11086 (Academy LMS Pro for WordPress) : The plugin up to version 3.3.7 is vulnerable to unauthenticated privilege escalation during user registration via the Social Login addon. The root cause is improper validation of the user’s role before registering the new user, allowing ...

EUVD-2021-22597

Malware in sbrugna...

EUVD-2021-11941

Malware in sbrugna...