Lucene search
K

7 matches found

CVE
CVE
added 7 hours ago11 views

CVE-2026-5348

The CVE concerns the WordPress plugin Academy LMS (WordPress LMS Plugin for Complete eLearning Solution) up to version 3.8.1. The root cause is the REST API endpoint /topics being registered with a permission callback of __return_true, which permits unauthenticated access to course curriculum dat...

5.3CVSS5.8AI score
Exploits0References8
EUVD
EUVD
added 7 hours ago6 views

EUVD-2026-41250

The Academy LMS – WordPress LMS Plugin for Complete eLearning Solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.8.1. This is due to the '/topics' REST API endpoint being registered with a permission callback set to 'returntrue',...

5.3CVSS5.8AI score
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/04/06 10:57 a.m.2 views

CVE-2026-25742

Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, even after spectator access enablespectatoraccess / WEBPUBLICSTREAMSENABLED is disabled, attachments originating from web-public...

5.3CVSS5.8AI score0.00312EPSS
Exploits1References1
NVD
NVD
added 2026/04/03 9:17 p.m.9 views

CVE-2026-25742

Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, even after spectator access enablespectatoraccess / WEBPUBLICSTREAMSENABLED is disabled, attachments originating from web-public...

5.3CVSS0.00312EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/04/03 8:12 p.m.2 views

CVE-2026-25742

Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, even after spectator access enablespectatoraccess / WEBPUBLICSTREAMSENABLED is disabled, attachments originating from web-public...

5.3CVSS5.8AI score0.00312EPSS
Exploits1References5Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/03 8:12 p.m.1 views

CVE-2026-25742 Zulip: Anonymous File Access After Disabling Spectator Access

Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, even after spectator access enablespectatoraccess / WEBPUBLICSTREAMSENABLED is disabled, attachments originating from web-public...

5.3CVSS5.8AI score0.00312EPSS
Exploits1References4
Cvelist
Cvelist
added 2026/04/03 8:12 p.m.16 views

CVE-2026-25742 Zulip: Anonymous File Access After Disabling Spectator Access

Zulip is an open-source team collaboration tool. Prior to version 11.6, Zulip is an open-source team collaboration tool. From version 1.4.0 to before version 11.6, even after spectator access enablespectatoraccess / WEBPUBLICSTREAMSENABLED is disabled, attachments originating from web-public...

5.3CVSS0.00312EPSS
Exploits1References4
Rows per page
Query Builder