Lucene search
K

21918 matches found

OSV
OSV
added 2026/04/11 2:47 p.m.3 views

MINI-FH5W-9WCH-J462

Bulletin has no description...

9CVSS5.7AI score0.00658EPSS
Exploits0
OSV
OSV
added 2026/04/11 2:47 p.m.2 views

MINI-856C-WX2J-HQQX

Bulletin has no description...

7.5CVSS5.7AI score0.00615EPSS
Exploits0
OSV
OSV
added 2026/04/11 2:46 p.m.3 views

MINI-2R77-MWJ5-RHRQ

Bulletin has no description...

6.4CVSS5.7AI score0.00292EPSS
Exploits0
OSV
OSV
added 2026/04/11 2:31 p.m.3 views

MINI-QXRC-WGQW-V799

Bulletin has no description...

8.8CVSS5.7AI score0.0034EPSS
Exploits0
OSV
OSV
added 2026/04/11 2:30 p.m.2 views

MINI-5R92-3M6R-26MR

Bulletin has no description...

7.5CVSS5.7AI score0.00615EPSS
Exploits0
NVD
NVD
added 2026/04/11 2:16 a.m.2 views

CVE-2026-3371

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authorization checks in the savecoursecontentorder private method, which is called unconditionally by the...

4.3CVSS0.00358EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/11 1:25 a.m.1 views

CVE-2026-3371

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authorization checks in the savecoursecontentorder private method, which is called unconditionally by the...

4.3CVSS5.8AI score0.00358EPSS
Exploits0References6
CVE
CVE
added 2026/04/11 1:25 a.m.7 views

CVE-2026-3371

The Tutor LMS WordPress plugin (versions ≤ 3.9.7) is vulnerable to Insecure Direct Object Reference due to missing authorization checks in the private save_course_content_order() method, which is called unconditionally by the tutor_update_course_content_order AJAX handler. Attackers with Subscrib...

4.3CVSS5.8AI score0.00358EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/04/11 1:25 a.m.30 views

CVE-2026-3371 Tutor LMS <= 3.9.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Course Content Modification

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authorization checks in the savecoursecontentorder private method, which is called unconditionally by the...

4.3CVSS0.00358EPSS
Exploits0References5
EUVD
EUVD
added 2026/04/11 1:25 a.m.3 views

EUVD-2026-21615

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authorization checks in the savecoursecontentorder private method, which is called unconditionally by the...

4.3CVSS5.8AI score0.00358EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/11 12:0 a.m.3 views

PT-2026-32085

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authorization checks in the save course content order private method, which is called unconditionally by...

4.3CVSS5.8AI score0.00358EPSS
Exploits0References6
OSV
OSV
added 2026/04/10 9:16 p.m.0 views

CGA-3X3M-J3X7-3F6W

Bulletin has no description...

6.4CVSS5.7AI score0.00292EPSS
Exploits0
NVD
NVD
added 2026/04/10 7:16 p.m.7 views

CVE-2026-33702

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an Insecure Direct Object Reference IDOR vulnerability in the Learning Path progress saving endpoint. The file lpajaxsaveitem.php accepts a uid user ID parameter directly from $REQUEST and uses it t...

7.1CVSS0.00238EPSS
Exploits0References3
NVD
NVD
added 2026/04/10 7:16 p.m.6 views

CVE-2026-33703

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the /social-network/personal-data/userId endpoint allows any authenticated user to access full personal data and API tokens of arbitrary users by modifying the userId...

7.1CVSS0.00174EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/10 7:3 p.m.17 views

CVE-2026-33736 Chamilo LMS has an Insecure Direct Object Reference (IDOR) - User Data Exposure

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, any authenticated user including ROLESTUDENT can enumerate all platform users and access personal information email, phone, roles via GET /api/users, including administrator accounts. This vulnerability is fixed in 2.0.0-RC.3...

6.5CVSS0.00209EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/10 7:3 p.m.2 views

CVE-2026-33736 Chamilo LMS has an Insecure Direct Object Reference (IDOR) - User Data Exposure

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, any authenticated user including ROLESTUDENT can enumerate all platform users and access personal information email, phone, roles via GET /api/users, including administrator accounts. This vulnerability is fixed in 2.0.0-RC.3...

6.5CVSS5.8AI score0.00209EPSS
Exploits0References2
vulnersOsv
vulnersOsv
added 2026/04/10 6:31 p.m.8 views

ch.cern:cerndb-sw-zkpolicy (=1.0.1-21), cloud.metaapi.sdk:metaapi-common-java (>=1.0.0 <=1.0.1) +258 more potentially affected by CVE-2026-34478 via org.apache.logging.log4j:log4j-core (>=3.0.0-beta1 <=3.0.0-beta3)

org.apache.logging.log4j:log4j-core MAVEN version =3.0.0-beta1, =1.0.0, =0.0.2, =00.00.03, =1.0.6, =1.0.7, =1.0.0, =2.0.21, =1.0, =1.0.2 - com.frostphyr:customappender =1.1.0 and more Source cves: CVE-2026-34478 Source advisory: OSV:GHSA-445C-VH5M-36RJ...

7.5CVSS6.5AI score0.00831EPSS
Exploits0
CVE
CVE
added 2026/04/10 6:23 p.m.20 views

CVE-2026-33703

CVE-2026-33703 affects Chamilo LMS prior to version 2.0.0-RC.3. An Insecure Direct Object Reference (IDOR) vulnerability exists in the /social-network/personal-data/{userId} endpoint, allowing any authenticated user to access full personal data and API tokens of arbitrary users by altering the us...

7.1CVSS6AI score0.00174EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/04/10 6:23 p.m.4 views

EUVD-2026-21543

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the /social-network/personal-data/userId endpoint allows any authenticated user to access full personal data and API tokens of arbitrary users by modifying the userId...

7.1CVSS6AI score0.00174EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/10 6:23 p.m.17 views

CVE-2026-33703 Chamilo LMS Critical IDOR: Any Authenticated User Can Extract All Users’ Personal Data and API Tokens

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the /social-network/personal-data/userId endpoint allows any authenticated user to access full personal data and API tokens of arbitrary users by modifying the userId...

7.1CVSS0.00174EPSS
Exploits0References1
Rows per page
Query Builder