21927 matches found
CVE-2026-32930 Chamilo LMS has an IDOR in Gradebook Allows Cross-Course Evaluation Edit Without Ownership Check
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the gradebook evaluation edit page allows any authenticated teacher to view and modify the settings name, max score, weight of evaluations belonging to any other...
CVE-2026-32930
Chamilo LMS -- IDOR in the gradebook evaluation edit page affects prior to 1.11.38 and 2.0.0-RC.3. Authenticated teachers could view and modify evaluation settings (name, max score, weight) for other courses by manipulating the editeval GET parameter. The issue is fixed in 1.11.38 and 2.0.0-RC.3....
CVE-2026-32930
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the gradebook evaluation edit page allows any authenticated teacher to view and modify the settings name, max score, weight of evaluations belonging to any other...
EUVD-2026-21527
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the gradebook result view page allows any authenticated teacher to delete any student's grade result across the entire platform by manipulating the deletemark or...
CVE-2026-32894 Chamilo LMS has an IDOR in Gradebook Allows Cross-Course Deletion of Any Student's Grade Result
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the gradebook result view page allows any authenticated teacher to delete any student's grade result across the entire platform by manipulating the deletemark or...
CVE-2026-32894
CVE-2026-32894 affects Chamilo LMS. Affected: gradebook result view in Chamilo before 1.11.38 and 2.0.0-RC.3. Issue: Insecure Direct Object Reference (IDOR) allows any authenticated teacher to delete any student’s grade result across the platform by manipulating delete_mark or resultdelete GET pa...
CVE-2026-32894 Chamilo LMS has an IDOR in Gradebook Allows Cross-Course Deletion of Any Student's Grade Result
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the gradebook result view page allows any authenticated teacher to delete any student's grade result across the entire platform by manipulating the deletemark or...
MINI-CQ67-6PXR-H5V9
Bulletin has no description...
MINI-48MW-599H-MR63
Bulletin has no description...
CLSA-2026-1775817651 poppler: Fix of CVE-2025-52886
CVE-2025-52886: limit amount of annotations per document/page to prevent use-after-free via reference count overflow...
CVE-2026-6030
creationtimestamp| type| source ---|---|--- 2026-04-10 10:37:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj54w4ws432d...
MINI-GR79-V7GV-CWCV
Bulletin has no description...
CVE-2025-50229
creationtimestamp| type| source ---|---|--- 2026-04-10 08:33:54+00:00| seen| https://gist.github.com/4iFei/14ad89c3b44348dd575bf5ae0ed5a19c 2026-04-25 23:00:17+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mke5g5sqds2s...
MINI-Q33G-WG3H-PF8X
Bulletin has no description...
MINI-8GF2-GPP5-8W35
Bulletin has no description...
CVE-2026-4432 YITH WooCommerce Wishlist < 4.13.0 - Unauthenticated Arbitrary Wishlist Renaming via IDOR
The YITH WooCommerce Wishlist WordPress plugin before 4.13.0 does not properly validate wishlist ownership in the savetitle AJAX handler before allowing wishlist renaming operations. The function only checks for a valid nonce, which is publicly exposed in the page source of the /wishlist/ page,...
CGA-458X-W2FF-FPFM
Bulletin has no description...
EUVD-2026-21257
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authentication and authorization checks in the payincompleteorder function. The function accepts an...
MINI-JR72-CF64-5F3V
Bulletin has no description...
MINI-2WCX-GMGJ-RW9C
Bulletin has no description...