| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-24669 | Open eClass Insecure Password Reset Token Reuse Enables Account Takeover | gunet | openeclass | High | 7.8 | 2026-02-03 17:00:39 | Deep Dive |
| CVE-2026-24668 | Open eClass Broken Access Control Allows Students to Add Content to Course Units | gunet | openeclass | Medium | 6.5 | 2026-02-03 16:59:48 | Deep Dive |
| CVE-2026-24667 | Open eClass's Active Sessions Not Invalidated After Password Change Allow Persistent Account Access | gunet | openeclass | Medium | 5.0 | 2026-02-03 16:59:32 | Deep Dive |
| CVE-2026-24666 | Open eClass is Vulnerable to CSRF in Teacher-Restricted Endpoints Allows Unauthorized Actions | gunet | openeclass | Medium | 6.5 | 2026-02-03 16:58:58 | Deep Dive |
| CVE-2026-24665 | Open eClass is Vulnerable to Stored Cross-Site Scripting (XSS) via Student Assignment Upload | gunet | openeclass | High | 8.7 | 2026-02-03 16:58:29 | Deep Dive |
| CVE-2026-24774 | Open eClass Business Logic Flaw Allows Students to Mark Attendance in Expired Activities | gunet | openeclass | Medium | 4.3 | 2026-02-03 16:58:10 | Deep Dive |
| CVE-2026-24773 | Open eClass Unauthenticated IDOR Allows Access to Arbitrary User Files | gunet | openeclass | High | 7.5 | 2026-02-03 16:57:58 | Deep Dive |
| CVE-2026-24674 | Open eClass is Vulnerable to Reflected Cross-Site Scripting (XSS) in Multiple Endpoints | gunet | openeclass | Medium | 4.7 | 2026-02-03 16:57:08 | Deep Dive |
| CVE-2026-24673 | Open eClass Has File Upload Filter Bypass via ZIP Archive Extraction | gunet | openeclass | Medium | 4.3 | 2026-02-03 16:57:00 | Deep Dive |
| CVE-2026-24672 | Open eClass is Vulnerable to Stored Cross-Site Scripting (XSS) in User Profile Fields | gunet | openeclass | High | 7.3 | 2026-02-03 16:56:37 | Deep Dive |
| CVE-2026-24671 | Open eClass is Vulnerable to Stored Cross-Site Scripting (XSS) in Multiple High-Privilege User Fields | gunet | openeclass | Medium | 6.1 | 2026-02-03 16:56:26 | Deep Dive |
| CVE-2026-24670 | Open eClass Has Broken Access Control in Course Units Module Allows Students to Create Units | gunet | openeclass | Medium | 6.5 | 2026-02-03 16:56:17 | Deep Dive |
| CVE-2026-24664 | Open eClass is Vulnerable to Username Enumeration via Login Response Discrepancies | gunet | openeclass | Medium | 5.3 | 2026-02-03 16:56:07 | Deep Dive |
| CVE-2020-37116 | GUnet OpenEclass 1.7.3 E-learning platform - phpMyAdmin Remote Access | Openeclass | GUnet OpenEclass | High | 8.8 | 2026-02-03 16:52:47 | Deep Dive |
| CVE-2020-37115 | GUnet OpenEclass 1.7.3 E-learning platform - Plaintext Password Storage | Openeclass | GUnet OpenEclass | Medium | 6.5 | 2026-02-03 16:52:47 | Deep Dive |
| CVE-2020-37114 | GUnet OpenEclass 1.7.3 E-learning platform - Information Disclosure | Openeclass | GUnet OpenEclass | Medium | 4.3 | 2026-02-03 16:52:46 | Deep Dive |
| CVE-2020-37113 | GUnet OpenEclass 1.7.3 E-learning platform - File Upload Extension Bypass | Openeclass | GUnet OpenEclass | High | 8.8 | 2026-02-03 16:52:46 | Deep Dive |
| CVE-2020-37112 | GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection | Openeclass | GUnet OpenEclass | High | 7.1 | 2026-02-03 16:52:45 | Deep Dive |
| CVE-2026-22241 | Open eClass has Unrestricted File Upload that Leads to Remote Code Execution (RCE) | gunet | openeclass | 中危 | - | 2026-01-08 15:07:02 | Deep Dive |
| CVE-2024-38530 | Open eClass Platform allows Arbitrary File Upload in "modules/h5p/save.php" | gunet | openeclass | Critical | 9.8 | 2024-08-12 14:50:32 | Deep Dive |