4 matches found
CVE-2026-25126
PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote API route POST /api/v1/forum/vote trusts the JSON body’s direction value without runtime validation. TypeScript types are not enforced at runtime, so an attacker can send arbitrary strings e.g., "x" ...
CVE-2026-25126 PolarLearn's unvalidated vote direction allows vote count manipulation
PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote API route POST /api/v1/forum/vote trusts the JSON body’s direction value without runtime validation. TypeScript types are not enforced at runtime, so an attacker can send arbitrary strings e.g., "x" ...
CVE-2026-25126 PolarLearn's unvalidated vote direction allows vote count manipulation
PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote API route POST /api/v1/forum/vote trusts the JSON body’s direction value without runtime validation. TypeScript types are not enforced at runtime, so an attacker can send arbitrary strings e.g., "x" ...
PT-2026-5369
Name of the Vulnerable Software and Affected Versions PolarLearn versions prior to 0-PRERELEASE-15 Description PolarLearn is a free and open-source learning program. The POST /api/v1/forum/vote API route trusts the direction value within the JSON body without runtime validation. TypeScript types...