Polarnl Polarlearn
6 CVEs affecting Polarnl Polarlearn. Latest disclosed: 2026-04-07. Critical: 0, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-35610 | High | 8.8 | 2026-04-07 | PolarLearn is a free and open-source learning program. In 0-PRERELEASE-14 and earlier, setCustomPassword(userId, password) and deleteUser(userId) in the accou… |
CVE-2026-25126 | High | 7.1 | 2026-01-29 | PolarLearn is a free and open-source learning program. Prior to version 0-PRERELEASE-15, the vote API route (`POST /api/v1/forum/vote`) trusts the JSON body’s… |
CVE-2026-39322 | | 2026-04-07 | PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, POST /api/v1/auth/sign-in creates a valid session for banned accounts be… | |
CVE-2026-25885 | | 2026-02-09 | PolarLearn is a free and open-source learning program. In 0-PRERELEASE-16 and earlier, the group chat WebSocket at wss://polarlearn.nl/api/v1/ws can be used wi… | |
CVE-2026-25222 | | 2026-02-02 | PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, a timing attack vulnerability in the sign-in process allows unauthentica… | |
CVE-2026-25221 | | 2026-02-02 | PolarLearn is a free and open-source learning program. In 0-PRERELEASE-15 and earlier, the OAuth 2.0 implementation for GitHub and Google login providers is vu… |