Lucene search
K

21927 matches found

Vulnrichment
Vulnrichment
added 2026/04/10 5:48 p.m.3 views

CVE-2026-32930 Chamilo LMS has an IDOR in Gradebook Allows Cross-Course Evaluation Edit Without Ownership Check

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the gradebook evaluation edit page allows any authenticated teacher to view and modify the settings name, max score, weight of evaluations belonging to any other...

7.1CVSS5.8AI score0.00193EPSS
Exploits0References3
CVE
CVE
added 2026/04/10 5:48 p.m.17 views

CVE-2026-32930

Chamilo LMS -- IDOR in the gradebook evaluation edit page affects prior to 1.11.38 and 2.0.0-RC.3. Authenticated teachers could view and modify evaluation settings (name, max score, weight) for other courses by manipulating the editeval GET parameter. The issue is fixed in 1.11.38 and 2.0.0-RC.3....

7.1CVSS5.8AI score0.00193EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/04/10 5:48 p.m.4 views

CVE-2026-32930

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the gradebook evaluation edit page allows any authenticated teacher to view and modify the settings name, max score, weight of evaluations belonging to any other...

7.1CVSS5.8AI score0.00193EPSS
Exploits0References4Affected Software1
EUVD
EUVD
added 2026/04/10 5:44 p.m.3 views

EUVD-2026-21527

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the gradebook result view page allows any authenticated teacher to delete any student's grade result across the entire platform by manipulating the deletemark or...

7.1CVSS5.8AI score0.0028EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/10 5:44 p.m.21 views

CVE-2026-32894 Chamilo LMS has an IDOR in Gradebook Allows Cross-Course Deletion of Any Student's Grade Result

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the gradebook result view page allows any authenticated teacher to delete any student's grade result across the entire platform by manipulating the deletemark or...

7.1CVSS0.0028EPSS
Exploits1References3
CVE
CVE
added 2026/04/10 5:44 p.m.17 views

CVE-2026-32894

CVE-2026-32894 affects Chamilo LMS. Affected: gradebook result view in Chamilo before 1.11.38 and 2.0.0-RC.3. Issue: Insecure Direct Object Reference (IDOR) allows any authenticated teacher to delete any student’s grade result across the platform by manipulating delete_mark or resultdelete GET pa...

7.1CVSS5.8AI score0.0028EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/10 5:44 p.m.2 views

CVE-2026-32894 Chamilo LMS has an IDOR in Gradebook Allows Cross-Course Deletion of Any Student's Grade Result

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the gradebook result view page allows any authenticated teacher to delete any student's grade result across the entire platform by manipulating the deletemark or...

7.1CVSS5.8AI score0.0028EPSS
Exploits1References3
OSV
OSV
added 2026/04/10 2:47 p.m.4 views

MINI-CQ67-6PXR-H5V9

Bulletin has no description...

5.7AI score
Exploits0
OSV
OSV
added 2026/04/10 2:47 p.m.2 views

MINI-48MW-599H-MR63

Bulletin has no description...

5.7AI score
Exploits0
OSV
OSV
added 2026/04/10 10:40 a.m.8 views

CLSA-2026-1775817651 poppler: Fix of CVE-2025-52886

CVE-2025-52886: limit amount of annotations per document/page to prevent use-after-free via reference count overflow...

6.9CVSS6.9AI score0.00371EPSS
Exploits1References1
Circl
Circl
added 2026/04/10 10:37 a.m.5 views

CVE-2026-6030

creationtimestamp| type| source ---|---|--- 2026-04-10 10:37:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj54w4ws432d...

6.5CVSS5.7AI score0.00266EPSS
Exploits0References1
OSV
OSV
added 2026/04/10 8:47 a.m.2 views

MINI-GR79-V7GV-CWCV

Bulletin has no description...

8.8CVSS5.7AI score0.0022EPSS
Exploits1
Circl
Circl
added 2026/04/10 8:33 a.m.2 views

CVE-2025-50229

creationtimestamp| type| source ---|---|--- 2026-04-10 08:33:54+00:00| seen| https://gist.github.com/4iFei/14ad89c3b44348dd575bf5ae0ed5a19c 2026-04-25 23:00:17+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mke5g5sqds2s...

9.8CVSS4.8AI score0.00359EPSS
Exploits1References2
OSV
OSV
added 2026/04/10 8:31 a.m.2 views

MINI-Q33G-WG3H-PF8X

Bulletin has no description...

5.3CVSS5.7AI score0.0019EPSS
Exploits0
OSV
OSV
added 2026/04/10 8:31 a.m.3 views

MINI-8GF2-GPP5-8W35

Bulletin has no description...

8.8CVSS5.7AI score0.0022EPSS
Exploits1
Cvelist
Cvelist
added 2026/04/10 6:0 a.m.21 views

CVE-2026-4432 YITH WooCommerce Wishlist < 4.13.0 - Unauthenticated Arbitrary Wishlist Renaming via IDOR

The YITH WooCommerce Wishlist WordPress plugin before 4.13.0 does not properly validate wishlist ownership in the savetitle AJAX handler before allowing wishlist renaming operations. The function only checks for a valid nonce, which is publicly exposed in the page source of the /wishlist/ page,...

0.00226EPSS
Exploits0References1
OSV
OSV
added 2026/04/10 5:15 a.m.4 views

CGA-458X-W2FF-FPFM

Bulletin has no description...

7.5CVSS5.7AI score0.0036EPSS
Exploits0
EUVD
EUVD
added 2026/04/10 3:31 a.m.2 views

EUVD-2026-21257

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authentication and authorization checks in the payincompleteorder function. The function accepts an...

7.5CVSS5.9AI score0.00615EPSS
Exploits0References7
OSV
OSV
added 2026/04/10 3:2 a.m.2 views

MINI-JR72-CF64-5F3V

Bulletin has no description...

8.8CVSS5.7AI score0.0022EPSS
Exploits1
OSV
OSV
added 2026/04/10 2:47 a.m.2 views

MINI-2WCX-GMGJ-RW9C

Bulletin has no description...

8.8CVSS5.7AI score0.0022EPSS
Exploits1
Rows per page
Query Builder