Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now
Associated Vulnerability
Clear Filters
Found 394 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-5502 Tutor LMS <= 3.9.8 - Authenticated (Subscriber+) Arbitrary Course Content Manipulation via tutor_update_course_content_order themeumTutor LMS – eLearning and online course solution Medium 5.3 2026-04-17 03:36:45 Deep Dive
CVE-2026-6080 Tutor LMS <= 3.9.8 - Authenticated (Admin+) SQL Injection via 'date' Parameter themeumTutor LMS – eLearning and online course solution Medium 6.5 2026-04-17 03:36:44 Deep Dive
CVE-2026-4817 MasterStudy LMS <= 3.7.25 - Authenticated (Subscriber+) Time-based Blind SQL Injection via 'order' and 'orderby' Parameters stylemixMasterStudy LMS WordPress Plugin – for Online Courses and Education Medium 6.5 2026-04-17 01:24:37 Deep Dive
CVE-2026-40740 WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability ThemeumTutor LMS 中危 -2026-04-15 10:21:34 Deep Dive
CVE-2026-40291 Chamilo LMS has Privilege Escalation via API User Role Modification chamilochamilo-lms High 8.8 2026-04-14 21:37:55 Deep Dive
CVE-2026-35196 Chamilo LMS has OS Command Injection via export_all_certificates action chamilochamilo-lms High 8.8 2026-04-14 21:33:14 Deep Dive
CVE-2026-34602 Chamilo LMS: IDOR in /api/course_rel_users Allows Unauthorized Enrollment of Arbitrary Users into Courses chamilochamilo-lms High 7.1 2026-04-14 21:29:07 Deep Dive
CVE-2026-34370 Chamilo LMS: IDOR in the Notebook Module allows an attacker to view other users' private notes chamilochamilo-lms Medium 6.5 2026-04-14 21:25:29 Deep Dive
CVE-2026-34161 Chamilo LMS: Stored XSS via Malicious File Upload in Social Post Attachments Leads to Arbitrary JavaScript Execution chamilochamilo-lms 中危 -2026-04-14 21:12:48 Deep Dive
CVE-2026-34160 Chamilo LMS: Unauthenticated SSRF via PENS Plugin allows attacker to probe internal network and reach cloud metadata services chamilochamilo-lms High 8.6 2026-04-14 21:09:37 Deep Dive
CVE-2026-33715 Chamilo LMS has Unauthenticated SSRF and Open Email Relay via install.ajax.php test_mailer action chamilochamilo-lms High 7.2 2026-04-14 21:05:35 Deep Dive
CVE-2026-33714 Chamilo LMS has Authenticated SQL Injection in statistics.ajax.php users_active action (2.0 RC2) chamilochamilo-lms 中危 -2026-04-14 21:00:19 Deep Dive
CVE-2026-4365 LearnPress <= 4.3.2.8 - Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion thimpressLearnPress – WordPress LMS Plugin for Create and Sell Online Courses Critical 9.1 2026-04-14 01:25:00 Deep Dive
CVE-2026-3371 Tutor LMS <= 3.9.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Course Content Modification themeumTutor LMS – eLearning and online course solution Medium 4.3 2026-04-11 01:25:01 Deep Dive
CVE-2026-5207 LifterLMS <= 9.2.1 - Authenticated (Custom+) SQL Injection via 'order' Parameter chrisbadgettLifterLMS – WP LMS for eLearning, Online Courses, & Quizzes Medium 6.5 2026-04-11 01:24:58 Deep Dive
CVE-2026-3358 Tutor LMS <= 3.9.7 - Missing Authorization to Authenticated (Subscriber+) Unauthorized Private Course Enrollment themeumTutor LMS – eLearning and online course solution Medium 5.4 2026-04-11 01:24:57 Deep Dive
CVE-2026-33737 Chamilo LMS has an XML External Entity (XXE) Injection chamilochamilo-lms Medium 5.3 2026-04-10 19:05:09 Deep Dive
CVE-2026-33736 Chamilo LMS has an Insecure Direct Object Reference (IDOR) - User Data Exposure chamilochamilo-lms Medium 6.5 2026-04-10 19:03:19 Deep Dive
CVE-2026-33710 Chamilo LMS has Weak REST API Key Generation (Predictable) chamilochamilo-lms High 7.5 2026-04-10 18:59:24 Deep Dive
CVE-2026-33708 Chamilo LMS has REST API PII Exposure via get_user_info_from_username chamilochamilo-lms Medium 6.5 2026-04-10 18:54:35 Deep Dive