CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Creativeitem: >> Academy Lms >> 6.8.1 Security Vulnerabilities

CVE-2025-56749

Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authentication bypass and unauthorized access to any user account.

CVSS Score

9.4

EPSS Score

0.001

Published

2025-10-15

CVE-2024-38959

Cross Site Scripting vulnerability in Creativeitem Academy LMS Learning Management System v.6.8.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the string parameter.

CVSS Score

6.1

EPSS Score

0.009

Published

2024-07-09

Page 1

Vulnerabilities

Vulnerable Software

Creativeitem: >> Academy Lms >> 6.8.1 Security Vulnerabilities

Products

Pricing

Contact Us