Vulnerabilidades en gunet
15 resultadosCVE-2026-22241HIGHOpen eClass has Unrestricted File Upload that Leads to Remote Code Execution (RCE)EPSS 3.1%CVE-2024-38530CRITICALOpen eClass Platform allows Arbitrary File Upload in "modules/h5p/save.php"EPSS 0.8%CVE-2026-24773HIGHOpen eClass Unauthenticated IDOR Allows Access to Arbitrary User FilesEPSS 0.4%CVE-2026-24664MEDIUMOpen eClass is Vulnerable to Username Enumeration via Login Response DiscrepanciesEPSS 0.3%CVE-2026-24673MEDIUMOpen eClass Has File Upload Filter Bypass via ZIP Archive ExtractionEPSS 0.2%CVE-2026-24670MEDIUMOpen eClass Has Broken Access Control in Course Units Module Allows Students to Create UnitsEPSS 0.2%CVE-2026-24668MEDIUMOpen eClass Broken Access Control Allows Students to Add Content to Course UnitsEPSS 0.2%CVE-2026-24774MEDIUMOpen eClass Business Logic Flaw Allows Students to Mark Attendance in Expired ActivitiesEPSS 0.2%CVE-2026-24671MEDIUMOpen eClass is Vulnerable to Stored Cross-Site Scripting (XSS) in Multiple High-Privilege User FieldsEPSS 0.2%CVE-2026-24665HIGHOpen eClass is Vulnerable to Stored Cross-Site Scripting (XSS) via Student Assignment UploadEPSS 0.2%CVE-2026-24672HIGHOpen eClass is Vulnerable to Stored Cross-Site Scripting (XSS) in User Profile FieldsEPSS 0.2%CVE-2026-24674MEDIUMOpen eClass is Vulnerable to Reflected Cross-Site Scripting (XSS) in Multiple EndpointsEPSS 0.2%CVE-2026-24666MEDIUMOpen eClass is Vulnerable to CSRF in Teacher-Restricted Endpoints Allows Unauthorized ActionsEPSS 0.2%CVE-2026-24669HIGHOpen eClass Insecure Password Reset Token Reuse Enables Account TakeoverEPSS 0.2%CVE-2026-24667MEDIUMOpen eClass's Active Sessions Not Invalidated After Password Change Allow Persistent Account AccessEPSS 0.1%