Lucene search
K

383 matches found

OSV
OSV
added 2026/02/11 9:32 p.m.5 views

CVE-2026-26031 Frappe LMS affected by unauthorised user was able to access the full list of batch enrolled students

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.44.0, security issue was identified in Frappe Learning, where unauthorised users were able to access the full list of enrolled students by email in batches. This vulnerability is fixed ...

5.3CVSS5.6AI score0.00177EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/11 9:32 p.m.25 views

CVE-2026-26031 Frappe LMS affected by unauthorised user was able to access the full list of batch enrolled students

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.44.0, security issue was identified in Frappe Learning, where unauthorised users were able to access the full list of enrolled students by email in batches. This vulnerability is fixed ...

5.3CVSS0.00177EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/11 9:32 p.m.3 views

CVE-2026-26031

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.44.0, security issue was identified in Frappe Learning, where unauthorised users were able to access the full list of enrolled students by email in batches. This vulnerability is fixed ...

5.3CVSS5.5AI score0.00177EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2026/02/11 12:0 a.m.7 views

Frappe Learning Management System 安全漏洞

Frappe Learning Management System is an easy-to-use open-source learning management system developed by Frappe. Versions of the Frappe Learning Management System prior to 2.44.0 contained security vulnerabilities. These vulnerabilities were due to improper access control, which could allow...

5.3CVSS5.8AI score0.00177EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.6 views

PT-2026-7726

Name of the Vulnerable Software and Affected Versions Frappe Learning Management System versions prior to 2.44.0 Description A security issue was identified in Frappe Learning Management System where unauthorized users could access the full list of enrolled students, including their email...

5.3CVSS5.4AI score0.00177EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/02/04 7:27 p.m.6 views

CVE-2026-24774

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a business logic vulnerability allows authenticated students to improperly mark themselves as present in attendance activities, including activities that have already expired, by...

4.3CVSS5.4AI score0.00201EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/04 7:27 p.m.5 views

CVE-2026-24670

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to create new course units, an action normally restricted to higher-privileged roles. This issue has been patch...

6.5CVSS5.3AI score0.00207EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/04 7:27 p.m.7 views

CVE-2026-24668

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to add content to existing course units, an action normally restricted to higher-privileged roles. This issue h...

6.5CVSS5.3AI score0.00207EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/04 7:27 p.m.6 views

CVE-2026-24672

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a Stored Cross-Site Scripting XSS vulnerability allows authenticated students to inject malicious JavaScript into user profile fields, which is executed when users with viewing...

7.3CVSS5.3AI score0.00182EPSS
Exploits1References1
NVD
NVD
added 2026/02/03 6:16 p.m.20 views

CVE-2026-24774

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a business logic vulnerability allows authenticated students to improperly mark themselves as present in attendance activities, including activities that have already expired, by...

4.3CVSS0.00201EPSS
Exploits1References1
NVD
NVD
added 2026/02/03 6:16 p.m.10 views

CVE-2026-24670

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to create new course units, an action normally restricted to higher-privileged roles. This issue has been patch...

6.5CVSS0.00207EPSS
Exploits1References1
NVD
NVD
added 2026/02/03 6:16 p.m.13 views

CVE-2026-24668

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to add content to existing course units, an action normally restricted to higher-privileged roles. This issue h...

6.5CVSS0.00207EPSS
Exploits1References1
NVD
NVD
added 2026/02/03 6:16 p.m.14 views

CVE-2026-24665

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a stored Cross-Site Scripting XSS vulnerability allows authenticated students to inject malicious JavaScript into uploaded assignment files, which is executed when instructors vie...

8.7CVSS0.00182EPSS
Exploits1References1
NVD
NVD
added 2026/02/03 6:16 p.m.7 views

CVE-2020-37114

GUnet OpenEclass 1.7.3 allows unauthenticated and authenticated users to access sensitive information, including system information, application version, and other students' uploaded assessments, due to improper access controls and information disclosure flaws in various modules. Attackers can...

6.5CVSS0.00326EPSS
Exploits1References4
OSV
OSV
added 2026/02/03 4:59 p.m.7 views

CVE-2026-24668 Open eClass Broken Access Control Allows Students to Add Content to Course Units

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to add content to existing course units, an action normally restricted to higher-privileged roles. This issue h...

6.5CVSS5.3AI score0.00207EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/03 4:59 p.m.6 views

CVE-2026-24668

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to add content to existing course units, an action normally restricted to higher-privileged roles. This issue h...

6.5CVSS5.3AI score0.00207EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/02/03 4:59 p.m.14 views

CVE-2026-24668

CVE-2026-24668 affects the Open eClass platform (formerly GUnet eClass). Before version 4.2, an access-control flaw lets authenticated students add content to existing course units, an action normally restricted to higher-privileged roles. The issue is mitigated in version 4.2. Impact stated in s...

6.5CVSS5.3AI score0.00207EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/03 4:59 p.m.4 views

CVE-2026-24668 Open eClass Broken Access Control Allows Students to Add Content to Course Units

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to add content to existing course units, an action normally restricted to higher-privileged roles. This issue h...

6.5CVSS5.3AI score0.00207EPSS
Exploits1References1
EUVD
EUVD
added 2026/02/03 4:59 p.m.5 views

EUVD-2026-5227

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a broken access control vulnerability allows authenticated students to add content to existing course units, an action normally restricted to higher-privileged roles. This issue h...

6.5CVSS5.3AI score0.00207EPSS
Exploits1References1
EUVD
EUVD
added 2026/02/03 4:58 p.m.8 views

EUVD-2026-5230

The Open eClass platform formerly known as GUnet eClass is a complete course management system. Prior to version 4.2, a stored Cross-Site Scripting XSS vulnerability allows authenticated students to inject malicious JavaScript into uploaded assignment files, which is executed when instructors vie...

8.7CVSS5.3AI score0.00182EPSS
Exploits1References1
Rows per page
Query Builder