Lucene search
K

21901 matches found

CVE
CVE
added 2026/04/14 9:29 p.m.12 views

CVE-2026-34602

Chamilo LMS is affected by an IDOR in the /api/course_rel_users endpoint prior to version 2.0.0-RC.3. An authenticated attacker can modify the user parameter in the request body to enroll arbitrary users into courses without proper authorization checks, bypassing enrollment controls and potential...

7.1CVSS5.8AI score0.00203EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2026/04/14 9:29 p.m.21 views

CVE-2026-34602 Chamilo LMS: IDOR in /api/course_rel_users Allows Unauthorized Enrollment of Arbitrary Users into Courses

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the /api/courserelusers endpoint is vulnerable to Insecure Direct Object Reference IDOR, allowing an authenticated attacker to modify the user parameter in the request body to enroll any arbitrary user into...

7.1CVSS0.00203EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/04/14 9:29 p.m.3 views

CVE-2026-34602 Chamilo LMS: IDOR in /api/course_rel_users Allows Unauthorized Enrollment of Arbitrary Users into Courses

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the /api/courserelusers endpoint is vulnerable to Insecure Direct Object Reference IDOR, allowing an authenticated attacker to modify the user parameter in the request body to enroll any arbitrary user into...

7.1CVSS5.8AI score0.00203EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/14 9:25 p.m.19 views

CVE-2026-34370 Chamilo LMS: IDOR in the Notebook Module allows an attacker to view other users' private notes

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the notebook module contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated student to read the private course notes of any other user on the platform by manipulating t...

6.5CVSS0.00227EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/14 9:25 p.m.3 views

CVE-2026-34370

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the notebook module contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated student to read the private course notes of any other user on the platform by manipulating t...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/14 9:25 p.m.3 views

CVE-2026-34370 Chamilo LMS: IDOR in the Notebook Module allows an attacker to view other users' private notes

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the notebook module contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated student to read the private course notes of any other user on the platform by manipulating t...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References2
CVE
CVE
added 2026/04/14 4:57 p.m.15 views

CVE-2026-32087

Summary (CVE-2026-32087): Heap-based buffer overflow in Function Discovery Service (fdwsd.dll) on Windows can allow an authorized, locally authenticated attacker to elevate privileges. Reported base CVSS v3.1 score: 7.0 (HIGH) with LOCAL attack vector, HIGH impact on confidentiality, integrity, a...

7CVSS6AI score0.00252EPSS
Exploits0References1Affected Software14
OSV
OSV
added 2026/04/14 4:10 p.m.5 views

MINI-PHWJ-XF6G-PMCG

Bulletin has no description...

6.3CVSS5.7AI score0.0051EPSS
Exploits0
OSV
OSV
added 2026/04/14 3:0 p.m.2 views

MINI-J3VR-HWCR-X86Q

Bulletin has no description...

7.5CVSS5.7AI score0.00535EPSS
Exploits1
OSV
OSV
added 2026/04/14 3:0 p.m.1 views

MINI-5RG6-F788-768Q

Bulletin has no description...

6.1CVSS5.7AI score0.0024EPSS
Exploits0
OSV
OSV
added 2026/04/14 2:30 p.m.4 views

MINI-PC5C-WJ3G-CGVW

Bulletin has no description...

7.5CVSS5.7AI score0.00535EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 2026/04/14 2:0 p.m.4 views

MITRE: CVE-2026-25250 Secure Boot disable Eazy Fix

Missing cryptographic step in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...

6CVSS6.2AI score
Exploits0
OSV
OSV
added 2026/04/14 12:58 p.m.6 views

JLSEC-2026-97

An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wlshm buffer objects, or if it...

6.6CVSS7AI score0.00294EPSS
Exploits1References2
OSV
OSV
added 2026/04/14 12:0 p.m.5 views

ECHO-A92E-9791-007A

Bulletin has no description...

4.8CVSS5.7AI score0.00112EPSS
Exploits0References2
Friends Of PHP
Friends Of PHP
added 2026/04/14 9:42 a.m.10 views

Command injection via malicious Perforce source reference/url

Impact The Perforce::syncCodeBase method appended the $sourceReference parameter to a shell command without proper escaping, allowing an attacker to inject arbitrary commands through a crafted source reference containing shell metacharacters. Further as in GHSA-wg36-wvj6-r67p / CVE-2026-40176 the...

8.8CVSS6.3AI score0.01688EPSS
Exploits4Affected Software1
Circl
Circl
added 2026/04/14 2:35 a.m.3 views

CVE-2024-22000

creationtimestamp| type| source ---|---|--- 2026-04-14 02:35:41+00:00| seen| https://bsky.app/profile/madre-ia.bsky.social/post/3mjgduccc7l2d...

5.7AI score
Exploits0References1
Circl
Circl
added 2026/04/14 1:42 a.m.1 views

CVE-2026-6220

creationtimestamp| type| source ---|---|--- 2026-04-14 01:42:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjgauzyo6p2t...

5.8CVSS5.7AI score0.00218EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2026/04/14 1:1 a.m.4 views

Sigstore Timestamp Authority has Improper Certificate Validation in verifier

Authorization bypass via certificate bag manipulation in sigstore/timestamp-authority verifier An authorization bypass vulnerability exists in sigstore/timestamp-authority verifier timestamp-authority/v2/pkg/verification: VerifyTimestampResponse function correctly verifies the certificate chain b...

7.5CVSS5.7AI score0.00188EPSS
Exploits1References4Affected Software1
NVD
NVD
added 2026/04/14 12:16 a.m.3 views

CVE-2026-27678

Due to missing authorization checks in the SAP S/4HANA backend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...

6.5CVSS0.00181EPSS
Exploits0References2
NVD
NVD
added 2026/04/14 12:16 a.m.4 views

CVE-2026-27677

Due to missing authorization checks in the SAP S/4HANA OData Service Manage Reference Equipment, an attacker could update and delete child entities via OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and availability are not...

6.5CVSS0.00181EPSS
Exploits0References2
Rows per page
Query Builder