浏览 21+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-39415 | Frappe Learning Management System has Client-Side Manipulation of Quiz Scores | frappe | lms | - | - | 2026-04-08 20:07:46 | Deep Dive |
| CVE-2026-34606 | Stored XSS in Frappe LMS | frappe | lms | - | - | 2026-04-02 17:50:01 | Deep Dive |
| CVE-2026-26977 | Frappe Learning Management System exposes details of unpublished courses to unauthorized users | frappe | lms | 中危 | - | 2026-02-20 00:56:43 | Deep Dive |
| CVE-2026-26031 | Frappe LMS affected by unauthorised user was able to access the full list of batch enrolled students | frappe | lms | - | - | 2026-02-11 21:32:15 | Deep Dive |
| CVE-2026-23497 | Frappe LMS has a Stored XSS via Unsanitized Image Filename in Course and Jobs Pages | frappe | lms | - | - | 2026-01-14 18:25:52 | Deep Dive |
| CVE-2025-67734 | Frappe Authenticated Users can Execute JavaScript through its Job Form | frappe | lms | - | - | 2025-12-12 19:48:59 | Deep Dive |
| CVE-2025-67730 | Frappe authenticated users can execute XSS through form description fields | frappe | lms | - | - | 2025-12-12 07:23:54 | Deep Dive |
| CVE-2025-66581 | Frappe LMS is Missing Server-Side Authorization in Business Logic | frappe | lms | 中危 | - | 2025-12-05 18:26:21 | Deep Dive |
| CVE-2025-64707 | Frappe LMS revoking access did not show immediate effect as roles were cached | frappe | lms | 低危 | - | 2025-11-12 22:27:55 | Deep Dive |
| CVE-2025-64705 | Frappe user was able to access the submission of other students | frappe | lms | 中危 | - | 2025-11-12 22:25:50 | Deep Dive |
| CVE-2025-62779 | Frappe Learning users were able to add HTML through input fields in the Job Form | frappe | lms | - | - | 2025-10-27 21:19:04 | Deep Dive |
| CVE-2025-62778 | Frappe Learning allowed students to access the Quiz Form via direct URL | frappe | lms | - | - | 2025-10-27 21:16:06 | Deep Dive |
| CVE-2025-62158 | Frappe had attachments made by students to their assignments of type Text set to public | frappe | lms | - | - | 2025-10-10 20:05:38 | Deep Dive |
| CVE-2025-11283 | Frappe LMS Course cross site scripting | Frappe | LMS | Low | 2.4 | 2025-10-05 05:02:06 | Deep Dive |
| CVE-2025-11282 | Frappe LMS Incomplete Fix CVE-2025-55006 cross site scripting | Frappe | LMS | Low | 2.4 | 2025-10-05 04:32:06 | Deep Dive |
| CVE-2025-11281 | Frappe LMS Unpublished Course courses access control | Frappe | LMS | Medium | 5.0 | 2025-10-05 04:02:06 | Deep Dive |
| CVE-2025-11280 | Frappe LMS Assignment Picture files direct request | Frappe | LMS | Low | 3.7 | 2025-10-05 03:32:06 | Deep Dive |
| CVE-2025-59415 | Frappe Learning vulnerable to Malicious Content upload via Profile bio field | frappe | lms | Medium | 4.6 | 2025-09-17 21:07:58 | Deep Dive |
| CVE-2025-55006 | Frappe Learning Holds Potential for Malicious SVG Upload in Image Upload Feature | frappe | lms | Medium | 4.3 | 2025-08-09 02:01:57 | Deep Dive |
| CVE-2023-5555 | Cross-site Scripting (XSS) - Generic in frappe/lms | frappe | frappe/lms | 中危 | - | 2023-10-12 10:32:06 | Deep Dive |