CVE-2026-25885
- EPSS 0.04%
- Veröffentlicht 09.02.2026 21:15:33
- Zuletzt bearbeitet 20.02.2026 20:47:36
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-16 and earlier, the group chat WebSocket at wss://polarlearn.nl/api/v1/ws can be used without logging in. An unauthenticated client can subscribe to any group chat by providing a ...
CVE-2026-25221
- EPSS 0.01%
- Veröffentlicht 02.02.2026 23:16:09
- Zuletzt bearbeitet 20.02.2026 20:45:57
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for GitHub and Google login providers is vulnerable to Login Cross-Site Request Forgery (CSRF). The application fails to implement and...
CVE-2026-25222
- EPSS 0.03%
- Veröffentlicht 02.02.2026 23:16:09
- Zuletzt bearbeitet 20.02.2026 20:48:00
PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the platform. By me...
CVE-2026-25126
- EPSS 0.02%
- Veröffentlicht 29.01.2026 22:06:37
- Zuletzt bearbeitet 20.02.2026 20:46:35
PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote API route (`POST /api/v1/forum/vote`) trusts the JSON body’s `direction` value without runtime validation. TypeScript types are not enforced at runtime,...