383 matches found
CVE-2026-26031 Frappe LMS affected by unauthorised user was able to access the full list of batch enrolled students
Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.44.0, security issue was identified in Frappe Learning, where unauthorised users were able to access the full list of enrolled students by email in batches. This vulnerability is fixed ...
CVE-2026-26031 Frappe LMS affected by unauthorised user was able to access the full list of batch enrolled students
Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.44.0, security issue was identified in Frappe Learning, where unauthorised users were able to access the full list of enrolled students by email in batches. This vulnerability is fixed ...
CVE-2026-26031
Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.44.0, security issue was identified in Frappe Learning, where unauthorised users were able to access the full list of enrolled students by email in batches. This vulnerability is fixed ...
Frappe Learning Management System 安全漏洞
Frappe Learning Management System is an easy-to-use open-source learning management system developed by Frappe. Versions of the Frappe Learning Management System prior to 2.44.0 contained security vulnerabilities. These vulnerabilities were due to improper access control, which could allow...
PT-2026-7726
Name of the Vulnerable Software and Affected Versions Frappe Learning Management System versions prior to 2.44.0 Description A security issue was identified in Frappe Learning Management System where unauthorized users could access the full list of enrolled students, including their email...
CVE-2026-24774
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a business logic vulnerability allows authenticated students to improperly mark themselves as present in attendance activities, including activities that have already expired, by...
CVE-2026-24670
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to create new course units, an action normally restricted to higher-privileged roles. This issue has been patch...
CVE-2026-24668
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to add content to existing course units, an action normally restricted to higher-privileged roles. This issue h...
CVE-2026-24672
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated students to inject malicious JavaScript into user profile fields, which is executed when users with viewing...
CVE-2026-24774
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a business logic vulnerability allows authenticated students to improperly mark themselves as present in attendance activities, including activities that have already expired, by...
CVE-2026-24670
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to create new course units, an action normally restricted to higher-privileged roles. This issue has been patch...
CVE-2026-24668
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to add content to existing course units, an action normally restricted to higher-privileged roles. This issue h...
CVE-2026-24665
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a stored Cross-Site Scripting XSS vulnerability allows authenticated students to inject malicious JavaScript into uploaded assignment files, which is executed when instructors vie...
CVE-2020-37114
GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information, application version, and other students' uploaded assessments, due to improper access controls and information disclosure flaws in various modules. Attackers can...
CVE-2026-24668 Open eClass Broken Access Control Allows Students to Add Content to Course Units
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to add content to existing course units, an action normally restricted to higher-privileged roles. This issue h...
CVE-2026-24668
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to add content to existing course units, an action normally restricted to higher-privileged roles. This issue h...
CVE-2026-24668
CVE-2026-24668 affects the Open eClass platform (formerly GUnet eClass). Before version 4.2, an access-control flaw lets authenticated students add content to existing course units, an action normally restricted to higher-privileged roles. The issue is mitigated in version 4.2. Impact stated in s...
CVE-2026-24668 Open eClass Broken Access Control Allows Students to Add Content to Course Units
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to add content to existing course units, an action normally restricted to higher-privileged roles. This issue h...
EUVD-2026-5227
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to add content to existing course units, an action normally restricted to higher-privileged roles. This issue h...
EUVD-2026-5230
The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a stored Cross-Site Scripting XSS vulnerability allows authenticated students to inject malicious JavaScript into uploaded assignment files, which is executed when instructors vie...