Learning

This hub aggregates every CVE we track for Learning, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Learning.

• CVE-2026-39415Frappe Learning Management System has Client-Side Manipulation of Quiz Scores4.3Apr 8, 2026
• CVE-2026-34606Stored XSS in Frappe LMS6.1Apr 2, 2026
• CVE-2026-26977Frappe Learning Management System exposes details of unpublished courses to unauthorized users5.3Feb 20, 2026
• CVE-2026-26031Frappe LMS affected by unauthorised user was able to access the full list of batch enrolled students5.3Feb 11, 2026
• CVE-2026-23497Frappe LMS has a Stored XSS via Unsanitized Image Filename in Course and Jobs Pages5.4Jan 14, 2026
• CVE-2025-67734Frappe Authenticated Users can Execute JavaScript through its Job Form5.4Dec 12, 2025
• CVE-2025-67730Frappe authenticated users can execute XSS through form description fields5.4Dec 12, 2025
• CVE-2025-66581Frappe LMS is Missing Server-Side Authorization in Business Logic6.5Dec 5, 2025
• CVE-2025-64707Frappe LMS revoking access did not show immediate effect as roles were cached5.4Nov 12, 2025
• CVE-2025-64705Frappe user was able to access the submission of other students4.3Nov 12, 2025
• CVE-2025-62779Frappe Learning users were able to add HTML through input fields in the Job Form5.4Oct 27, 2025
• CVE-2025-62778Frappe Learning allowed students to access the Quiz Form via direct URL5.3Oct 27, 2025
• CVE-2025-62158Frappe had attachments made by students to their assignments of type Text set to public5.3Oct 10, 2025
• CVE-2025-11283Frappe LMS Course cross site scripting2.4Oct 5, 2025
• CVE-2025-11282Frappe LMS Incomplete Fix CVE-2025-55006 cross site scripting2.4Oct 5, 2025