VYPR

Openedx

by Openedx

Source repositories

CVEs (5)

  • CVE-2026-42858HigMay 11, 2026
    risk 0.48cvss 8.5epss 0.00

    Open edX Platform enables the authoring and delivery of online learning at any scale. The sync_provider_data endpoint in SAMLProviderDataViewSet allows authenticated Enterprise Admin users to supply an arbitrary URL via the metadata_url POST parameter. This URL is passed…

  • CVE-2026-35404MedApr 6, 2026
    risk 0.24cvss 4.7epss 0.00

    Open edX Platform enables the authoring and delivery of online learning at any scale. The view_survey endpoint accepts a redirect_url GET parameter that is passed directly to HttpResponseRedirect() without any URL validation. When a non-existent survey name is provided, the…

  • CVE-2026-42857MedMay 11, 2026
    risk 0.23cvss 4.6epss 0.00

    Open edX Platform enables the authoring and delivery of online learning at any scale. The HTML sanitizer clean_thread_html_body() used for discussion notification emails fails to remove tags from user-generated discussion post content. This content is rendered with…

  • CVE-2025-69784Mar 16, 2026
    risk 0.00cvss epss 0.00

    A local, non-privileged attacker can abuse a vulnerable IOCTL interface exposed by the OpenEDR 2.5.1.0 kernel driver to modify the DLL injection path used by the product. By redirecting this path to a user-writable location, an attacker can cause OpenEDR to load an…

  • CVE-2025-69783Mar 16, 2026
    risk 0.00cvss epss 0.00

    A local attacker can bypass OpenEDR's 2.5.1.0 self-defense mechanism by renaming a malicious executable to match a trusted process name (e.g., csrss.exe, edrsvc.exe, edrcon.exe). This allows unauthorized interaction with the OpenEDR kernel driver, granting access to privileged…