3 matches found
CVE-2026-34160
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the PENS Package Exchange Notification Services plugin endpoint at public/plugin/Pens/pens.php is accessible without authentication and accepts a user-controlled package-url parameter that the server fetche...
EUVD-2026-21567
Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, any authenticated user including ROLESTUDENT can enumerate all platform users and access personal information email, phone, roles via GET /api/users, including administrator accounts. This vulnerability is fixed in 2.0.0-RC.3...
PT-2024-11768
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.0.0-rc3+ Description The issue arises from the psb gem unpin function calling dma resv lock while the underlying ww mutex is destroyed by drm gem object release. To fix this, the drm gem object release call in...