CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

52 matches found

Vulnrichment•added 2026/05/20 7:34 p.m.•7 views

CVE-2026-39405 Frappe has Path Transversal via SCORM

Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.50.0 and below, a user with course editing role could upload a SCORM ZIP package to write files outside the intended directory. This issue has been resolved in version 2.50.1...

9.4CVSS5.7AI score0.00052EPSS

Exploits0References2

Vulnrichment•added 2026/04/13 12:0 a.m.•0 views

CVE-2026-31282

Totara LMS v19.1.5 and before is vulnerable to Incorrect Access Control. The login page code can be manipulated to reveal the login form. An attacker can chain that with missing rate-limit on the login form to launch a brute force attack. NOTE: this is disputed by the Supplier because 1 local log...

5.9AI score0.00059EPSS

Exploits0References2

CNNVD•added 2026/04/11 12:0 a.m.•1 views

WordPress plugin Tutor LMS – eLearning and online course solution 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.3CVSS5.8AI score0.00012EPSS

Exploits0References6

Positive Technologies•added 2026/04/10 12:0 a.m.•2 views

PT-2026-32014

Name of the Vulnerable Software and Affected Versions Chamilo LMS versions prior to 1.11.38 Description Chamilo LMS is a learning management system. A chained attack can enable otherwise-blocked PHP code from the main/install/ directory, allowing an unauthenticated attacker to modify existing fil...

9.3CVSS5.8AI score0.00122EPSS

Exploits0References6

Vulnrichment•added 2026/03/19 8:5 a.m.•2 views

CVE-2025-32223 WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through = 3.9.4...

6.5CVSS5.1AI score0.00015EPSS

Exploits0References1

RedhatCVE•added 2026/02/04 3:15 a.m.•2 views

CVE-2025-71179

Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting XSS vulnerabilities via the search parameter to the /academy/blogs endpoint, and the string parameter to the /academy/coursebundles/search/query endpoint. These vulnerabilities are distinct from the patch for CVE-2023-4119, whic...

6.1CVSS5.1AI score0.02607EPSS

Exploits4References1

EUVD•added 2026/02/03 12:0 a.m.•1 views

EUVD-2025-206696

6.1CVSS5.3AI score0.02607EPSS

Exploits4References4

Cvelist•added 2026/01/09 7:22 a.m.•23 views

CVE-2025-13935 Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Course Completion

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized course completion in all versions up to, and including, 3.9.2. This is due to missing enrollment verification in the 'markcoursecomplete' function. This makes it possible for authenticated...

4.3CVSS0.00014EPSS

Exploits0References2

NVD•added 2026/01/08 7:15 a.m.•2 views

CVE-2025-13679

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getorderbyid function in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with...

6.5CVSS0.00061EPSS

Exploits0References2

RedhatCVE•added 2026/01/07 9:48 a.m.•4 views

CVE-2022-27425

Chamilo LMS v1.11.13 was discovered to contain a cross-site scripting XSS vulnerability via the component /blog/blog.php...

6.1CVSS6.1AI score0.00317EPSS

Exploits0References1

Vulnrichment•added 2026/01/06 4:36 p.m.•2 views

CVE-2025-69359 WordPress Creator LMS plugin <= 1.1.12 - Broken Access Control vulnerability

Missing Authorization vulnerability in WPFunnels Creator LMS creatorlms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Creator LMS: from n/a through = 1.1.12...

5.3CVSS6.6AI score0.00054EPSS

Exploits0References1

CVE•added 2025/12/18 7:22 a.m.•5 views

CVE-2025-64270

CVE-2025-64270 is a publicly documented vulnerability in Masteriyo LMS (WordPress plugin) up to version 2.0.3, described as Exposure of Sensitive System Information to an Unauthorized Control Sphere. The description consistently states that the vulnerability allows retrieval of embedded sensitive...

6.5CVSS6.5AI score0.00041EPSS

Exploits0References1

CVE•added 2025/10/15 12:0 a.m.•5 views

CVE-2025-56749

The CVE-2025-56749 issue affects Creativeitem Academy LMS up to version 6.14, where a hardcoded default JWT secret allows forging valid tokens, enabling authentication bypass and unauthorized access to user accounts. Multiple connected sources corroborate the vulnerability across NVD, Red Hat, EN...

9.4CVSS6.7AI score0.00109EPSS

Exploits1References1Affected Software1

Positive Technologies•added 2025/10/14 12:0 a.m.•2 views

PT-2025-41934

Name of the Vulnerable Software and Affected Versions Creativeitem Academy LMS versions up to and including 5.13 Description A privilege escalation issue exists in the Api instructor controller. Authenticated users without the necessary permissions can access functions intended only for...

6.5CVSS6.6AI score0.0006EPSS

Exploits1References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2021-23959

Malware in sbrugna...

6.1CVSS6.3AI score0.00328EPSS

Exploits1References3

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-35224

Malicious code in bioql PyPI...

5.3CVSS6.4AI score0.00317EPSS

Exploits0References1