Instructure Canvas Learning Management Service — known CVE vulnerabilities
Every CVE whose affected-product data names Instructure Canvas Learning Management Service, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (2)
CVE-2021-36539 — CVSS 6.5 (medium): Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file…
CVE-2020-5775 — CVSS 5.8 (medium): Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform…