CVE-2026-24668 Open eClass Broken Access Control Allows Students to Add Content to Course Units

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to add content to existing course units, an action normally restricted to higher-privileged roles. This issue h...

CVE-2026-24670

The CVE-2026-24670 entry covers the Open eClass platform (formerly GUnet eClass). Affected versions are those prior to 4.2 where a broken access control vulnerability permits authenticated students to create new course units, an action normally restricted to higher-privilege roles. The issue has ...

Forma Learning Management System 代码问题漏洞

Forma Learning Management System LMS is a learning management system LMS. A security vulnerability exists in Forma Learning Management System version 3.1.0, which originates from the ability to upload a zip file when having student privileges, which could lead to remote code execution...

Forma Learning Management System SQL注入漏洞

Forma Learning Management System LMS is a Learning Management System LMS. A security vulnerability exists in the Forma Learning Management System version 3.1.0, which originates from an SQl injection of the dynfilter parameter of the appLms/ajax.admserver.php?r=widget/userselector/getusertabledat...

CVE-2021-24184

Several AJAX endpoints in the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their privileges among many other actions...

Information disclosure

Several AJAX endpoints in the Tutor LMS – eLearning and online course solution WordPress plugin before 1.7.7 were unprotected, allowing students to modify course information and elevate their privileges among many other actions...