Lucene search
K

5 matches found

CVE
CVE
added 2026/04/10 6:52 p.m.27 views

CVE-2026-33707

Chamilo LMS (affected: prior to 1.11.38 and 2.0.0-RC.3) uses a weak password reset token by generating tokens as sha1(email) with no randomness, no expiration, and no rate limiting. An attacker who knows a user’s email can compute the reset token and change the password without authentication. Th...

9.8CVSS5.8AI score0.00426EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2026/04/10 6:1 p.m.3 views

CVE-2026-33141 Chamilo LMS has an IDOR in REST API Stats Endpoint Exposes Any User's Learning Data

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the REST API stats endpoint allows any authenticated user including low-privilege students with ROLEUSER to read any other user's learning progress, certificates, and...

6.5CVSS6AI score0.00141EPSS
Exploits0References4
Patchstack
Patchstack
added 2025/12/02 9:24 a.m.11 views

WordPress Backup Migration plugin <= 1.4.9 - Information Exposure to Unauthenticated Back-up Download vulnerability

Information Exposure to Unauthenticated Back-up Download vulnerability discovered by ymmfty0 in WordPress Plugin Backup Migration versions = 1.4.9...

5.9CVSS6.6AI score0.00259EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-2131

Malware in sbrugna...

7.5CVSS7.5AI score0.04441EPSS
Exploits0References9
RedHat Linux
RedHat Linux
added 2020/09/29 8:15 p.m.5 views

freerdp: out-of-bounds read could result in aborting the session

In FreeRDP after 1.0 and before 2.0.0, there is an out-of-bounds read. It only allows to abort a session. No data extraction is possible. This has been fixed in 2.0.0...

3.5CVSS5.7AI score0.0185EPSS
Exploits1References4
Rows per page
Query Builder