Lucene search
K

21944 matches found

EUVD
EUVD
added 2026/04/10 5:44 p.m.3 views

EUVD-2026-21527

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the gradebook result view page allows any authenticated teacher to delete any student's grade result across the entire platform by manipulating the deletemark or...

7.1CVSS5.8AI score0.0028EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/04/10 5:44 p.m.21 views

CVE-2026-32894 Chamilo LMS has an IDOR in Gradebook Allows Cross-Course Deletion of Any Student's Grade Result

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the gradebook result view page allows any authenticated teacher to delete any student's grade result across the entire platform by manipulating the deletemark or...

7.1CVSS0.0028EPSS
Exploits1References3
CVE
CVE
added 2026/04/10 5:44 p.m.17 views

CVE-2026-32894

CVE-2026-32894 affects Chamilo LMS. Affected: gradebook result view in Chamilo before 1.11.38 and 2.0.0-RC.3. Issue: Insecure Direct Object Reference (IDOR) allows any authenticated teacher to delete any student’s grade result across the platform by manipulating delete_mark or resultdelete GET pa...

7.1CVSS5.8AI score0.0028EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/10 5:44 p.m.2 views

CVE-2026-32894 Chamilo LMS has an IDOR in Gradebook Allows Cross-Course Deletion of Any Student's Grade Result

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the gradebook result view page allows any authenticated teacher to delete any student's grade result across the entire platform by manipulating the deletemark or...

7.1CVSS5.8AI score0.0028EPSS
Exploits1References3
OSV
OSV
added 2026/04/10 2:47 p.m.4 views

MINI-CQ67-6PXR-H5V9

Bulletin has no description...

5.7AI score
Exploits0
OSV
OSV
added 2026/04/10 2:47 p.m.2 views

MINI-48MW-599H-MR63

Bulletin has no description...

5.7AI score
Exploits0
OSV
OSV
added 2026/04/10 10:40 a.m.8 views

CLSA-2026-1775817651 poppler: Fix of CVE-2025-52886

CVE-2025-52886: limit amount of annotations per document/page to prevent use-after-free via reference count overflow...

6.9CVSS6.9AI score0.00371EPSS
Exploits1References1
Circl
Circl
added 2026/04/10 10:37 a.m.6 views

CVE-2026-6030

creationtimestamp| type| source ---|---|--- 2026-04-10 10:37:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj54w4ws432d...

6.5CVSS5.7AI score0.00266EPSS
Exploits0References1
OSV
OSV
added 2026/04/10 8:47 a.m.2 views

MINI-GR79-V7GV-CWCV

Bulletin has no description...

8.8CVSS5.7AI score0.0022EPSS
Exploits1
Circl
Circl
added 2026/04/10 8:33 a.m.3 views

CVE-2025-50229

creationtimestamp| type| source ---|---|--- 2026-04-10 08:33:54+00:00| seen| https://gist.github.com/4iFei/14ad89c3b44348dd575bf5ae0ed5a19c 2026-04-25 23:00:17+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mke5g5sqds2s...

9.8CVSS4.8AI score0.00359EPSS
Exploits1References2
OSV
OSV
added 2026/04/10 8:31 a.m.2 views

MINI-Q33G-WG3H-PF8X

Bulletin has no description...

5.3CVSS5.7AI score0.0019EPSS
Exploits0
OSV
OSV
added 2026/04/10 8:31 a.m.3 views

MINI-8GF2-GPP5-8W35

Bulletin has no description...

8.8CVSS5.7AI score0.0022EPSS
Exploits1
Cvelist
Cvelist
added 2026/04/10 6:0 a.m.21 views

CVE-2026-4432 YITH WooCommerce Wishlist < 4.13.0 - Unauthenticated Arbitrary Wishlist Renaming via IDOR

The YITH WooCommerce Wishlist WordPress plugin before 4.13.0 does not properly validate wishlist ownership in the savetitle AJAX handler before allowing wishlist renaming operations. The function only checks for a valid nonce, which is publicly exposed in the page source of the /wishlist/ page,...

0.00226EPSS
Exploits0References1
OSV
OSV
added 2026/04/10 5:15 a.m.4 views

CGA-458X-W2FF-FPFM

Bulletin has no description...

7.5CVSS5.7AI score0.0036EPSS
Exploits0
EUVD
EUVD
added 2026/04/10 3:31 a.m.3 views

EUVD-2026-21257

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authentication and authorization checks in the payincompleteorder function. The function accepts an...

7.5CVSS5.9AI score0.00615EPSS
Exploits0References7
OSV
OSV
added 2026/04/10 3:2 a.m.3 views

MINI-JR72-CF64-5F3V

Bulletin has no description...

8.8CVSS5.7AI score0.0022EPSS
Exploits1
OSV
OSV
added 2026/04/10 2:47 a.m.2 views

MINI-2WCX-GMGJ-RW9C

Bulletin has no description...

8.8CVSS5.7AI score0.0022EPSS
Exploits1
OSV
OSV
added 2026/04/10 2:46 a.m.2 views

MINI-RMM6-47RW-H22C

Bulletin has no description...

5.3CVSS5.7AI score0.0019EPSS
Exploits0
NVD
NVD
added 2026/04/10 2:16 a.m.3 views

CVE-2026-3360

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authentication and authorization checks in the payincompleteorder function. The function accepts an...

7.5CVSS0.00615EPSS
Exploits0References6
Chainguard
Chainguard
added 2026/04/10 2:13 a.m.5 views

CVE-2026-39859 vulnerabilities

Vulnerabilities for packages: kibana...

7.5CVSS5.9AI score0.00447EPSS
Exploits0
Rows per page
Query Builder