CVE-2026-42291 SysReptor: Read-write access to personal notes by sharing-link creation with no authorization in SysReptor Professional

SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly authorized. This allows authenticated attackers who obtain the note ID of victim users to list and...

CVE-2026-42291

SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly authorized. This allows authenticated attackers who obtain the note ID of victim users to list and...

EUVD-2026-28848

SysReptor is a fully customizable pentest reporting platform. From version 2026.4 to before version 2026.27, the endpoints for reading and creating sharing links for personal notes is not properly authorized. This allows authenticated attackers who obtain the note ID of victim users to list and...

PT-2026-39204

Name of the Vulnerable Software and Affected Versions SysReptor versions 2026.4 through 2026.26 Description Improper authorization in endpoints used for reading and creating sharing links for personal notes allows authenticated attackers with a victim's note ID to list and create sharing links to...

CVE-2023-31807

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the personal notes function...

EUVD-2016-1178

Malware in sbrugna...

EUVD-2023-36098

Malicious code in bioql PyPI...

EUVD-2023-39001

Malicious code in bioql PyPI...

EUVD-2024-36575

Malicious code in bioql PyPI...

ReCIT: Reconstructing Full Private Data from Gradient in Parameter-Efficient Fine-Tuning of Large Language Models

Parameter-efficient fine-tuning PEFT has emerged as a practical solution for adapting large language models LLMs to custom datasets with significantly reduced computational cost. When carrying out PEFT under collaborative learning scenarios e.g., federated learning, it is often required to exchan...

CVE-2024-37317

The CVE-2024-37317 issue affects Nextcloud Notes: if an attacker shares a folder named Notes/ with a newly created user before login, the Notes app may store personal notes in that folder. This is tied to versions prior to 4.9.3. Exploitation status is not detailed in the provided documents. Reme...

Nextcloud Security Breach

Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Notes version 4.6.0 and earlier, which stems from the fact that if an attacker manages to share a folder named...

CVE-2023-34962

Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a student to arbitrarily access and modify another student's personal notes...

CVE-2023-34962

Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a student to arbitrarily access and modify another student's personal notes...

Improper access control

Incorrect access control in Chamilo v1.11.x up to v1.11.18 allows a student to arbitrarily access and modify another student's personal notes...

CVE-2023-34962

CVE-2023-34962 affects Chamilo LMS v1.11.x up to v1.11.18, where an incorrect access control allowed a student to arbitrarily access and modify another student’s personal notes. The issue is documented across multiple feeds (NVD, Red Hat, OSV, CVE List, etc.) with a high impact (C/H/I/H; CVSS 3.1...

PT-2023-25078 · Chamilo · Chamilo

Name of the Vulnerable Software and Affected Versions: Chamilo versions 1.11.x through 1.11.18 Description: The issue is related to incorrect access control, allowing a student to access and modify another student's personal notes. Recommendations: For Chamilo versions 1.11.x through 1.11.18,...

Chamilo LMS 安全漏洞

Chamilo LMS is an open source online learning and collaboration system from the Chamilo Association. The system supports the creation of instructional content, distance training, and online question and answer sessions. A security vulnerability exists in Chamilo versions v1.11.x through v1.11.18...

CVE-2023-31807

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the personal notes function...

CVE-2023-31807

Cross Site Scripting vulnerability found in Chamilo Lms v.1.11.18 allows a local attacker to execute arbitrary code via a crafted payload to the personal notes function...