CVE Tools

creativeitem

Enterprise Softwarecommercial

16

Cumulative CVEs

3

Monthly snapshots

#122

Peak rank

Top products

academy lms4 ekushey project manager crm3 ekushey crm3

Latest CVEs

The 15 most recently published vulnerabilities affecting creativeitem.

CVE-2025-71179Creativeitem Academy LMS 7.0 contains reflected Cross-Site Scripting (XSS) vulnerabilities via the search parameter to the /academy/blogs endpoint, and the string parameter to the /academy/course_b...6.1Feb 3, 2026
CVE-2023-53876Academy LMS 6.1 Arbitrary File Upload Vulnerability via Profile Settings5.4Dec 15, 2025
CVE-2025-56749Creativeitem Academy LMS up to and including 6.14 uses a hardcoded default JWT secret for token signing. This predictable secret allows attackers to forge valid JWT tokens, leading to authenticatio...9.4Oct 15, 2025
CVE-2025-56748Creativeitem Academy LMS up to and including 5.13 uses predictable password reset tokens based on Base64 encoded templates without rate limiting, allowing brute force attacks to guess valid reset t...6.4Oct 15, 2025
CVE-2025-56746Creativeitem Academy LMS up to and including 5.13 does not regenerate session IDs upon successful authentication, enabling session fixation attacks where attackers can hijack user sessions by prede...2.2Oct 15, 2025
CVE-2025-56747Creativeitem Academy LMS up to and including 5.13 contains a privilege escalation vulnerability in the Api_instructor controller where regular authenticated users can access instructor-only functio...6.5Oct 14, 2025
CVE-2025-40991Stored XSS in Creativeitem Ekushey CRM5.4Oct 2, 2025
CVE-2025-40990Stored XSS in Creativeitem Ekushey CRM5.4Oct 2, 2025
CVE-2025-40989Stored XSS in Creativeitem Ekushey CRM5.4Oct 2, 2025
CVE-2025-27264WordPress Doctor Appointment Booking Plugin <= 1.0.0 - Local File Inclusion vulnerability7.5Mar 3, 2025
CVE-2025-27263WordPress Doctor Appointment Booking Plugin <= 1.0.0 - SQL Injection vulnerability8.5Mar 3, 2025
CVE-2024-38959Cross Site Scripting vulnerability in Creativeitem Academy LMS Learning Management System v.6.8.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the string ...6.1Jul 9, 2024
CVE-2023-4974Academy LMS GET Parameter filter sql injection6.3Sep 15, 2023
CVE-2023-4973Academy LMS GET Parameter filter cross site scripting3.5Sep 15, 2023
CVE-2023-38964Creative Item Academy LMS 6.0 was discovered to contain a cross-site scripting (XSS) vulnerability.6.1Aug 4, 2023