浏览 80+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-5502 | Tutor LMS <= 3.9.8 - Authenticated (Subscriber+) Arbitrary Course Content Manipulation via tutor_update_course_content_order | themeum | Tutor LMS – eLearning and online course solution | Medium | 5.3 | 2026-04-17 03:36:45 | Deep Dive |
| CVE-2026-6080 | Tutor LMS <= 3.9.8 - Authenticated (Admin+) SQL Injection via 'date' Parameter | themeum | Tutor LMS – eLearning and online course solution | Medium | 6.5 | 2026-04-17 03:36:44 | Deep Dive |
| CVE-2026-40740 | WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability | Themeum | Tutor LMS | 中危 | - | 2026-04-15 10:21:34 | Deep Dive |
| CVE-2026-3371 | Tutor LMS <= 3.9.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Course Content Modification | themeum | Tutor LMS – eLearning and online course solution | Medium | 4.3 | 2026-04-11 01:25:01 | Deep Dive |
| CVE-2026-3358 | Tutor LMS <= 3.9.7 - Missing Authorization to Authenticated (Subscriber+) Unauthorized Private Course Enrollment | themeum | Tutor LMS – eLearning and online course solution | Medium | 5.4 | 2026-04-11 01:24:57 | Deep Dive |
| CVE-2026-3360 | Tutor LMS <= 3.9.7 - Missing Authorization to Unauthenticated Arbitrary Billing Profile Overwrite via 'order_id' Parameter | themeum | Tutor LMS – eLearning and online course solution | High | 7.5 | 2026-04-10 01:24:58 | Deep Dive |
| CVE-2026-25406 | WordPress Tutor LMS Pro plugin <= 3.9.4 - Broken Authentication vulnerability | Themeum | Tutor LMS Pro | High | 8.1 | 2026-03-25 16:14:49 | Deep Dive |
| CVE-2025-32223 | WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability | Themeum | Tutor LMS | 中危 | - | 2026-03-19 08:05:59 | Deep Dive |
| CVE-2026-0953 | Tutor LMS Pro <= 3.9.5 - Authentication Bypass via Social Login | themeum | Tutor LMS Pro | Critical | 9.8 | 2026-03-10 05:26:29 | Deep Dive |
| CVE-2026-23799 | WordPress Tutor LMS plugin <= 3.9.5 - Broken Access Control vulnerability | Themeum | Tutor LMS | Medium | 6.5 | 2026-03-05 05:53:49 | Deep Dive |
| CVE-2025-13673 | Tutor LMS <= 3.9.6 - Unauthenticated SQL Injection via coupon_code | themeum | Tutor LMS – eLearning and online course solution | High | 7.5 | 2026-02-28 07:25:35 | Deep Dive |
| CVE-2026-1371 | Tutor LMS <= 3.9.5 - Authenticated (Subscriber+) Information Disclosure in Coupon Details via 'tutor_coupon_details' AJAX Action | themeum | Tutor LMS – eLearning and online course solution | Medium | 5.3 | 2026-02-03 07:31:24 | Deep Dive |
| CVE-2026-1375 | Tutor LMS <= 3.9.5 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Course Modification and Deletion | themeum | Tutor LMS – eLearning and online course solution | High | 8.1 | 2026-02-03 07:31:23 | Deep Dive |
| CVE-2026-24584 | WordPress Tutor LMS BunnyNet Integration plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability | Themeum | Tutor LMS BunnyNet Integration | 中危 | - | 2026-01-23 14:29:00 | Deep Dive |
| CVE-2025-47555 | WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability | Themeum | Tutor LMS | Low | 3.8 | 2026-01-22 16:51:41 | Deep Dive |
| CVE-2026-0548 | Tutor LMS – eLearning and online course solution <= 3.9.4 - Missing Authorization to Authenticated (Subscriber+) Limited Attachment Deletion | themeum | Tutor LMS – eLearning and online course solution | Medium | 5.4 | 2026-01-20 14:26:32 | Deep Dive |
| CVE-2025-13934 | Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Course Enrollment Bypass | themeum | Tutor LMS – eLearning and online course solution | Medium | 4.3 | 2026-01-09 07:22:12 | Deep Dive |
| CVE-2025-13935 | Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Course Completion | themeum | Tutor LMS – eLearning and online course solution | Medium | 4.3 | 2026-01-09 07:22:12 | Deep Dive |
| CVE-2025-13628 | Tutor LMS – eLearning and online course solution <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Coupon Modification | themeum | Tutor LMS – eLearning and online course solution | Medium | 4.3 | 2026-01-09 07:22:11 | Deep Dive |
| CVE-2025-13679 | Tutor LMS <= 3.9.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure via tutor_order_details | themeum | Tutor LMS – eLearning and online course solution | Medium | 6.5 | 2026-01-08 07:04:13 | Deep Dive |