CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

113 matches found

CVE-2026-47324

ProjectsAndPrograms school-management-system is vulnerable to Stored Cross‑Site Scripting XSS in multiple attributes of students and teachers objects. An authorized attacker e.g., a teacher or administrator can inject malicious JavaScript that is subsequently executed in other users’ browsers...

5.1CVSS

Exploits0References2

EUVD•added 9 hours ago•3 views

EUVD-2026-34093

5.1CVSS6.1AI score

Exploits0References2

Vulnrichment•added 9 hours ago•2 views

CVE-2026-47324 Stored XSS in Multiple Points in ProjectsAndPrograms school-management-system

5.1CVSS6.1AI score

Exploits0References2

Positive Technologies•added 22 hours ago•6 views

PT-2026-45942

5.1CVSS6.1AI score

Exploits0References3

Malwarebytes•added 2026/05/06 12:45 p.m.•4 views

Millions of students’ personal data stolen in major education breach

Instructure, the company behind the Canvas learning management system LMS, confirmed a cyber incident and subsequent data breach affecting its cloud‑hosted environment. The ShinyHunters ransomware group claims it is behind the attack and says it stole roughly 275 million records tied to students,...

5.7AI score

Exploits0

Cvelist•added 2026/04/24 12:0 a.m.•22 views

CVE-2025-67259

A Broken Access Control vulnerability exists in ClassroomIO v0.1.13 where an authenticated low-privileged "student" user can access unauthorized course-level information by modifying intercepted API requests. Changing a captured POST request to a GET request against the /rest/v1/course PostgREST...

0.00036EPSS

Exploits0References2

GithubExploit•added 2026/04/06 12:48 p.m.•85 views

Exploit for CVE-2026-35678

Vulnerability Research Report: All Eduplus ERP Insecure Direct...

6AI score

Exploits1

OSV•added 2026/01/26 2:49 p.m.•4 views

BIT-MOODLE-2025-3627 Moodle: partial data exposure in moodle before completing multi-factor authentication

A security vulnerability was discovered in Moodle that allows some users to access sensitive information about other students before they finish verifying their identities using two-factor authentication 2FA...

4.3CVSS5.9AI score0.00103EPSS

Exploits0References3

NVD•added 2026/01/08 7:15 a.m.•2 views

CVE-2025-13679

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getorderbyid function in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with...

6.5CVSS0.00061EPSS

Exploits0References2

NVD•added 2025/12/09 6:16 p.m.•1 views

CVE-2025-65594

OpenSIS 9.2 and below is vulnerable to Incorrect Access Control in Student.php, which allows an authenticated low-privilege user to perform unauthorized database write operations relating to the data of other users...

8.1CVSS0.00041EPSS

Exploits1References2

Cvelist•added 2025/11/26 12:0 a.m.•5 views

CVE-2025-65670

An Insecure Direct Object Reference IDOR in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulating course IDs in URLs, resulting in unauthorized disclosure of sensitive course, admin, and student data. The leak occurs momentarily before the system reverts t...

0.00041EPSS

Exploits2References3

GithubExploit•added 2025/11/15 3:25 p.m.•113 views

Exploit for CVE-2025-63955

CVE-2025-63955 – Cross-Site Request Forgery CSRF leading t...

7.5CVSS6.6AI score0.00062EPSS

Exploits2

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2021-11474

Malware in sbrugna...

7.5CVSS7.5AI score0.00609EPSS

Exploits2References3