Polarlearn

Polarlearn

6 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.04%
  • Veröffentlicht 07.04.2026 19:03:28
  • Zuletzt bearbeitet 14.04.2026 18:44:29

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, POST /api/v1/auth/sign-in creates a valid session for banned accounts before verifying the supplied password. That session is then accepted across authenticated /a...

Exploit
  • EPSS 0.04%
  • Veröffentlicht 07.04.2026 16:56:57
  • Zuletzt bearbeitet 16.04.2026 18:04:50

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-14 and earlier, setCustomPassword(userId, password) and deleteUser(userId) in the account-management module used an inverted admin check. Because of the inverted condition, authe...

Exploit
  • EPSS 0.05%
  • Veröffentlicht 09.02.2026 21:15:33
  • Zuletzt bearbeitet 20.02.2026 20:47:36

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-16 and earlier, the group chat WebSocket at wss://polarlearn.nl/api/v1/ws can be used without logging in. An unauthenticated client can subscribe to any group chat by providing a ...

Exploit
  • EPSS 0.02%
  • Veröffentlicht 02.02.2026 23:16:09
  • Zuletzt bearbeitet 20.02.2026 20:45:57

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for GitHub and Google login providers is vulnerable to Login Cross-Site Request Forgery (CSRF). The application fails to implement and...

Exploit
  • EPSS 0.04%
  • Veröffentlicht 02.02.2026 23:16:09
  • Zuletzt bearbeitet 20.02.2026 20:48:00

PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthenticated attackers to determine if a specific email address is registered on the platform. By me...

Exploit
  • EPSS 0.02%
  • Veröffentlicht 29.01.2026 22:06:37
  • Zuletzt bearbeitet 20.02.2026 20:46:35

PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote API route (`POST /api/v1/forum/vote`) trusts the JSON body’s `direction` value without runtime validation. TypeScript types are not enforced at runtime,...