Security Vulnerabilities
Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG profile pictures.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-11-26
Stored Cross site scripting (XSS) vulnerability in Classroomio LMS 0.1.13 allows authenticated attackers to execute arbitrary code via crafted SVG cover images.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-11-26
An issue was discovered in classroomio 0.1.13. Student accounts are able to delete courses from the Explore page without any authorization or authentication checks, bypassing the expected admin-only deletion restriction.
CVSS Score
9.1
EPSS Score
0.002
Published
2025-11-26
Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows unauthorized share and invite access to course settings.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-11-26
Incorrect access control in youlai-boot v2.21.1 allows attackers to escalate privileges and access the Administrator backend.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-11-26
Incorrect access control in the getUserFormData function of youlai-boot v2.21.1 allows attackers to access sensitive information for other users.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-11-26
Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-11-26
An issue was discovered in Ruoyi 4.8.1 allowing attackers to gain escalated privileges due to the owning department having higher rights than the active user.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-11-26
Ruoyi v4.8.0 vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the resetPwd Method of SysUserController.java.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-11-26
BPv7 dissector crash in Wireshark 4.6.0 allows denial of service
CVSS Score
5.5
EPSS Score
0.0
Published
2025-11-26