21901 matches found
CVE-2026-34602
Chamilo LMS is affected by an IDOR in the /api/course_rel_users endpoint prior to version 2.0.0-RC.3. An authenticated attacker can modify the user parameter in the request body to enroll arbitrary users into courses without proper authorization checks, bypassing enrollment controls and potential...
CVE-2026-34602 Chamilo LMS: IDOR in /api/course_rel_users Allows Unauthorized Enrollment of Arbitrary Users into Courses
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the /api/courserelusers endpoint is vulnerable to Insecure Direct Object Reference IDOR, allowing an authenticated attacker to modify the user parameter in the request body to enroll any arbitrary user into...
CVE-2026-34602 Chamilo LMS: IDOR in /api/course_rel_users Allows Unauthorized Enrollment of Arbitrary Users into Courses
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the /api/courserelusers endpoint is vulnerable to Insecure Direct Object Reference IDOR, allowing an authenticated attacker to modify the user parameter in the request body to enroll any arbitrary user into...
CVE-2026-34370 Chamilo LMS: IDOR in the Notebook Module allows an attacker to view other users' private notes
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the notebook module contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated student to read the private course notes of any other user on the platform by manipulating t...
CVE-2026-34370
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the notebook module contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated student to read the private course notes of any other user on the platform by manipulating t...
CVE-2026-34370 Chamilo LMS: IDOR in the Notebook Module allows an attacker to view other users' private notes
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the notebook module contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated student to read the private course notes of any other user on the platform by manipulating t...
CVE-2026-32087
Summary (CVE-2026-32087): Heap-based buffer overflow in Function Discovery Service (fdwsd.dll) on Windows can allow an authorized, locally authenticated attacker to elevate privileges. Reported base CVSS v3.1 score: 7.0 (HIGH) with LOCAL attack vector, HIGH impact on confidentiality, integrity, a...
MINI-PHWJ-XF6G-PMCG
Bulletin has no description...
MINI-J3VR-HWCR-X86Q
Bulletin has no description...
MINI-5RG6-F788-768Q
Bulletin has no description...
MINI-PC5C-WJ3G-CGVW
Bulletin has no description...
MITRE: CVE-2026-25250 Secure Boot disable Eazy Fix
Missing cryptographic step in Windows Secure Boot allows an authorized attacker to bypass a security feature locally...
JLSEC-2026-97
An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wlshm buffer objects, or if it...
ECHO-A92E-9791-007A
Bulletin has no description...
Command injection via malicious Perforce source reference/url
Impact The Perforce::syncCodeBase method appended the $sourceReference parameter to a shell command without proper escaping, allowing an attacker to inject arbitrary commands through a crafted source reference containing shell metacharacters. Further as in GHSA-wg36-wvj6-r67p / CVE-2026-40176 the...
CVE-2024-22000
creationtimestamp| type| source ---|---|--- 2026-04-14 02:35:41+00:00| seen| https://bsky.app/profile/madre-ia.bsky.social/post/3mjgduccc7l2d...
CVE-2026-6220
creationtimestamp| type| source ---|---|--- 2026-04-14 01:42:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mjgauzyo6p2t...
Sigstore Timestamp Authority has Improper Certificate Validation in verifier
Authorization bypass via certificate bag manipulation in sigstore/timestamp-authority verifier An authorization bypass vulnerability exists in sigstore/timestamp-authority verifier timestamp-authority/v2/pkg/verification: VerifyTimestampResponse function correctly verifies the certificate chain b...
CVE-2026-27678
Due to missing authorization checks in the SAP S/4HANA backend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...
CVE-2026-27677
Due to missing authorization checks in the SAP S/4HANA OData Service Manage Reference Equipment, an attacker could update and delete child entities via OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and availability are not...