9 matches found
CVE-2026-26977
Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.44.0 and below, unauthorized users are able to access the details of unpublished courses via API endpoints. A fix for this issue is planned for the 2.45.0 release...
CVE-2026-26977
Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.44.0 and below, unauthorized users are able to access the details of unpublished courses via API endpoints. A fix for this issue is planned for the 2.45.0 release...
CVE-2026-26977
Frappe Learning Management System (LMS)
CVE-2026-26977 Frappe Learning Management System exposes details of unpublished courses to unauthorized users
Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.44.0 and below, unauthorized users are able to access the details of unpublished courses via API endpoints. A fix for this issue is planned for the 2.45.0 release...
CVE-2026-26977
Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.44.0 and below, unauthorized users are able to access the details of unpublished courses via API endpoints. A fix for this issue is planned for the 2.45.0 release...
CVE-2026-26977 Frappe Learning Management System exposes details of unpublished courses to unauthorized users
Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.44.0 and below, unauthorized users are able to access the details of unpublished courses via API endpoints. A fix for this issue is planned for the 2.45.0 release...
Frappe Learning Management System 安全漏洞
Frappe Learning Management System is an easy-to-use open-source learning management system developed by Frappe. Versions of the Frappe Learning Management System 2.44.0 and earlier contained security vulnerabilities. These vulnerabilities were caused by improper access control of API endpoints,...
PT-2026-20980
Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.44.0 and below, unauthorized users are able to access the details of unpublished courses via API endpoints. A fix for this issue is planned for the 2.45.0 release...
CVE-2025-11281
CVE-2025-11281 affects Frappe LMS 2.35.0 and involves an unknown function in the /courses/ path of the Unpublished Course Handler, leading to improper access controls. The issue is exploitable remotely, with high attack complexity and low privileges required; exploitation is described as possible...