| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-32210 | Microsoft Dynamics 365 (online) Spoofing Vulnerability | Microsoft | Microsoft Dynamics 365 (online) | Critical | 9.3 | 2026-04-23 21:35:48 | Deep Dive |
| CVE-2026-6376 | Missing authentication for critical function in SpiceJet Online Booking System | SpiceJet | Online Booking System | - | - | 2026-04-23 20:10:20 | Deep Dive |
| CVE-2026-6375 | Authorization bypass through User-Controlled key in SpiceJet Online Booking System | SpiceJet | Online Booking System | - | - | 2026-04-23 20:07:24 | Deep Dive |
| CVE-2026-6651 | erponline.xyz ERP Online Inventory Edit Item cross site scripting | erponline.xyz | ERP Online | Low | 2.4 | 2026-04-20 14:45:12 | Deep Dive |
| CVE-2026-5502 | Tutor LMS <= 3.9.8 - Authenticated (Subscriber+) Arbitrary Course Content Manipulation via tutor_update_course_content_order | themeum | Tutor LMS – eLearning and online course solution | Medium | 5.3 | 2026-04-17 03:36:45 | Deep Dive |
| CVE-2026-6080 | Tutor LMS <= 3.9.8 - Authenticated (Admin+) SQL Injection via 'date' Parameter | themeum | Tutor LMS – eLearning and online course solution | Medium | 6.5 | 2026-04-17 03:36:44 | Deep Dive |
| CVE-2026-4817 | MasterStudy LMS <= 3.7.25 - Authenticated (Subscriber+) Time-based Blind SQL Injection via 'order' and 'orderby' Parameters | stylemix | MasterStudy LMS WordPress Plugin – for Online Courses and Education | Medium | 6.5 | 2026-04-17 01:24:37 | Deep Dive |
| CVE-2025-15635 | WordPress Smart Online Order for Clover plugin <= 1.6.0 - Cross Site Request Forgery (CSRF) vulnerability | ZAYTECH | Smart Online Order for Clover | Medium | 4.3 | 2026-04-15 15:49:53 | Deep Dive |
| CVE-2026-32199 | Microsoft Excel Remote Code Execution Vulnerability | Microsoft | Microsoft 365 Apps for Enterprise | High | 7.8 | 2026-04-14 16:58:36 | Deep Dive |
| CVE-2026-32198 | Microsoft Excel Remote Code Execution Vulnerability | Microsoft | Microsoft 365 Apps for Enterprise | High | 7.8 | 2026-04-14 16:58:35 | Deep Dive |
| CVE-2026-32197 | Microsoft Excel Remote Code Execution Vulnerability | Microsoft | Microsoft 365 Apps for Enterprise | High | 7.8 | 2026-04-14 16:58:34 | Deep Dive |
| CVE-2026-32189 | Microsoft Excel Remote Code Execution Vulnerability | Microsoft | Microsoft 365 Apps for Enterprise | High | 7.8 | 2026-04-14 16:57:35 | Deep Dive |
| CVE-2026-32188 | Microsoft Excel Information Disclosure Vulnerability | Microsoft | Microsoft 365 Apps for Enterprise | High | 7.1 | 2026-04-14 16:57:34 | Deep Dive |
| CVE-2026-4365 | LearnPress <= 4.3.2.8 - Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion | thimpress | LearnPress – WordPress LMS Plugin for Create and Sell Online Courses | Critical | 9.1 | 2026-04-14 01:25:00 | Deep Dive |
| CVE-2026-6201 | CodeAstro Online Job Portal Delete Job Posting job-delete.php access control | CodeAstro | Online Job Portal | Medium | 5.4 | 2026-04-13 19:00:19 | Deep Dive |
| CVE-2026-3371 | Tutor LMS <= 3.9.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Course Content Modification | themeum | Tutor LMS – eLearning and online course solution | Medium | 4.3 | 2026-04-11 01:25:01 | Deep Dive |
| CVE-2026-5207 | LifterLMS <= 9.2.1 - Authenticated (Custom+) SQL Injection via 'order' Parameter | chrisbadgett | LifterLMS – WP LMS for eLearning, Online Courses, & Quizzes | Medium | 6.5 | 2026-04-11 01:24:58 | Deep Dive |
| CVE-2026-3358 | Tutor LMS <= 3.9.7 - Missing Authorization to Authenticated (Subscriber+) Unauthorized Private Course Enrollment | themeum | Tutor LMS – eLearning and online course solution | Medium | 5.4 | 2026-04-11 01:24:57 | Deep Dive |
| CVE-2026-6033 | CodeAstro Online Classroom updatedetailsfromstudent.php sql injection | CodeAstro | Online Classroom | Medium | 6.3 | 2026-04-10 07:30:14 | Deep Dive |
| CVE-2026-6010 | CodeAstro Online Classroom takeassessment2.php sql injection | CodeAstro | Online Classroom | Medium | 6.3 | 2026-04-10 03:30:15 | Deep Dive |