A client-side authorization flaw in Lightspeed Classroom v5.1.2.1763770643 allows unauthenticated attackers to impersonate users by bypassing integrity checks and abusing client-generated authorizatio
An object-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows unauthorized access to student grades. A malicious student user can view grades of
A Broken Access Control vulnerability exists in ClassroomIO v0.1.13 where an authenticated low-privileged "student" user can access unauthorized course-level information by modifying intercepted API r
A security flaw was identified in the Ansible Lightspeed API conversation endpoints that handle AI chat interactions. The APIs do not properly verify whether a conversation identifier belongs to the a
A flaw was found in the OpenShift Lightspeed Service, which is vulnerable to unauthenticated API request flooding. Repeated queries to non-existent endpoints inflate metrics storage and processing, co
An Incorrect Access Control vulnerability was found in /smsa/view_students.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view STUDENT de
Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4.
An Incorrect Access Control vulnerability was found in /smsa/view_class.php in Kashipara Responsive School Management System v3.2.0, which allows remote unauthenticated attackers to view CLASS details
Incorrect Authorization vulnerability identified in OpenText ArcSight Intelligence.
A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without proper authorization. The vulnera
A flaw was found in the Lightspeed history service. Insufficient access controls allow a local, unprivileged user to access and manipulate the chat history of another user on the same system. By abusi
Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows unauthorized share and invite access to course settings.
Missing Authorization vulnerability in Mojoomla School Management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects School Management: from n/a through 93.2.0.
An issue in Student Study Center Desk Management System v1.0 allows attackers to bypass authentication via a crafted GET request to /php-sscdms/admin/login.php.
A vulnerability was detected in Portabilis i-Educar up to 2.10. Affected by this issue is some unknown functionality of the file /unificacao-aluno. Performing manipulation results in improper authoriz
A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /periodo-lancamento. Executing manipulation can lead to improper authorization. The attack can be exec
Missing Authorization vulnerability in Themeum Tutor LMS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through 2.7.3.
Missing Authorization vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.11.4.
A vulnerability has been found in yzk2356911358 StudentServlet-JSP cc0cdce25fbe43b6c58b60a77a2c85f52d2102f5/d4d7a0643f1dae908a4831206f2714b21820f991 and classified as problematic. This vulnerability a
A flaw has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part. This manipulation causes cross-site request forgery. The attack is possible to be carri
Page 1+ Next →