PT-2026-20980

Frappe Learning Management System LMS is a learning system that helps users structure their content. In versions 2.44.0 and below, unauthorized users are able to access the details of unpublished courses via API endpoints. A fix for this issue is planned for the 2.45.0 release...

CVE-2026-26031 Frappe LMS affected by unauthorised user was able to access the full list of batch enrolled students

Frappe Learning Management System LMS is a learning system that helps users structure their content. Prior to 2.44.0, security issue was identified in Frappe Learning, where unauthorised users were able to access the full list of enrolled students by email in batches. This vulnerability is fixed ...

PT-2026-7726

Name of the Vulnerable Software and Affected Versions Frappe Learning Management System versions prior to 2.44.0 Description A security issue was identified in Frappe Learning Management System where unauthorized users could access the full list of enrolled students, including their email...

EUVD-2026-2666

Frappe Learning Management System LMS is a learning system that helps users structure their content. In 2.44.0 and earlier, there is a stored XSS vulnerability where a specially crafted image filename could execute malicious JavaScript when rendered on course or jobs pages...

Novastar CX40 安全漏洞

Novastar CX40 is a 4K LED display controller from Novastar. A security vulnerability exists in Novastar CX40 version 2.44.0 and earlier, which originates from a stack buffer overflow in the NetFilter Utility component...

CVE-2024-45053

Fides is an open-source privacy engineering platform. Starting in version 2.19.0 and prior to version 2.44.0, the Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code...

CVE-2024-45053 Remote Code Execution Vulnerability via SSTI in Fides Webserver Jinja Email Templating Engine

Fides is an open-source privacy engineering platform. Starting in version 2.19.0 and prior to version 2.44.0, the Email Templating feature uses Jinja2 without proper input sanitization or rendering environment restrictions, allowing for Server-Side Template Injection that grants Remote Code...

CVE-2024-45052 Fides Webserver Authentication Timing-Based Username Enumeration Vulnerability

Fides is an open-source privacy engineering platform. Prior to version 2.44.0, a timing-based username enumeration vulnerability exists in Fides Webserver authentication. This vulnerability allows an unauthenticated attacker to determine the existence of valid usernames by analyzing the time it...

PT-2024-31404 · Fides · Fides

Name of the Vulnerable Software and Affected Versions: Fides versions prior to 2.44.0 Description: A timing-based username enumeration vulnerability exists in Fides Webserver authentication, allowing an unauthenticated attacker to determine the existence of valid usernames by analyzing the time i...