21944 matches found
EUVD-2026-21527
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the gradebook result view page allows any authenticated teacher to delete any student's grade result across the entire platform by manipulating the deletemark or...
CVE-2026-32894 Chamilo LMS has an IDOR in Gradebook Allows Cross-Course Deletion of Any Student's Grade Result
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the gradebook result view page allows any authenticated teacher to delete any student's grade result across the entire platform by manipulating the deletemark or...
CVE-2026-32894
CVE-2026-32894 affects Chamilo LMS. Affected: gradebook result view in Chamilo before 1.11.38 and 2.0.0-RC.3. Issue: Insecure Direct Object Reference (IDOR) allows any authenticated teacher to delete any student’s grade result across the platform by manipulating delete_mark or resultdelete GET pa...
CVE-2026-32894 Chamilo LMS has an IDOR in Gradebook Allows Cross-Course Deletion of Any Student's Grade Result
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference IDOR vulnerability in the gradebook result view page allows any authenticated teacher to delete any student's grade result across the entire platform by manipulating the deletemark or...
MINI-CQ67-6PXR-H5V9
Bulletin has no description...
MINI-48MW-599H-MR63
Bulletin has no description...
CLSA-2026-1775817651 poppler: Fix of CVE-2025-52886
CVE-2025-52886: limit amount of annotations per document/page to prevent use-after-free via reference count overflow...
CVE-2026-6030
creationtimestamp| type| source ---|---|--- 2026-04-10 10:37:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mj54w4ws432d...
MINI-GR79-V7GV-CWCV
Bulletin has no description...
CVE-2025-50229
creationtimestamp| type| source ---|---|--- 2026-04-10 08:33:54+00:00| seen| https://gist.github.com/4iFei/14ad89c3b44348dd575bf5ae0ed5a19c 2026-04-25 23:00:17+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mke5g5sqds2s...
MINI-Q33G-WG3H-PF8X
Bulletin has no description...
MINI-8GF2-GPP5-8W35
Bulletin has no description...
CVE-2026-4432 YITH WooCommerce Wishlist < 4.13.0 - Unauthenticated Arbitrary Wishlist Renaming via IDOR
The YITH WooCommerce Wishlist WordPress plugin before 4.13.0 does not properly validate wishlist ownership in the savetitle AJAX handler before allowing wishlist renaming operations. The function only checks for a valid nonce, which is publicly exposed in the page source of the /wishlist/ page,...
CGA-458X-W2FF-FPFM
Bulletin has no description...
EUVD-2026-21257
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authentication and authorization checks in the payincompleteorder function. The function accepts an...
MINI-JR72-CF64-5F3V
Bulletin has no description...
MINI-2WCX-GMGJ-RW9C
Bulletin has no description...
MINI-RMM6-47RW-H22C
Bulletin has no description...
CVE-2026-3360
The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authentication and authorization checks in the payincompleteorder function. The function accepts an...
CVE-2026-39859 vulnerabilities
Vulnerabilities for packages: kibana...