CVE-2026-33736

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, any authenticated user including ROLESTUDENT can enumerate all platform users and access personal information email, phone, roles via GET /api/users, including administrator accounts. This vulnerability is fixed in 2.0.0-RC.3...

CVE-2026-33736

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, any authenticated user including ROLESTUDENT can enumerate all platform users and access personal information email, phone, roles via GET /api/users, including administrator accounts. This vulnerability is fixed in 2.0.0-RC.3...

Exploit for Deserialization of Untrusted Data in Nextgen Mirth_Connect

CVE-2023-43208 — Mirth Connect RCE !Pythonhttps://img.shie...

GHSA-CH3W-9456-38V3 Netmaker has Privilege Escalation from Admin to Super-Admin via User Update

The user update handler PUT /api/users/username lacks validation to prevent an admin-role user from assigning the super-admin role during account updates. While the code correctly blocks an admin from assigning the admin role to another user, it does not include an equivalent check for the...

Exploit for Deserialization of Untrusted Data in Nextgen Mirth_Connect

CVE-2023-43208-EXPLOIT Mirth Connect Remote Code Execution...

Exploit for Deserialization of Untrusted Data in Nextgen Mirth_Connect

CVE-2023-43208 — Mirth Connect Pre-Auth RCE Pre-authenticated...

CVE-2024-26478

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the /api/users endpoint...

CVE-2024-26478

An issue in Statping-ng v.0.91.0 allows an attacker to obtain sensitive information via a crafted request to the /api/users endpoint...

CVE-2025-65900

Kalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient permission validation and excessive data exposure in the backend, an authenticated user with basic read permissions can retrieve sensitive information for all...

EUVD-2017-16546

Malware in sbrugna...

EUVD-2023-42527

Malicious code in bioql PyPI...

EUVD-2023-42526

Malicious code in bioql PyPI...

PT-2025-13393 · Unknown · Hay-Kot Mealie

Name of the Vulnerable Software and Affected Versions: hay-kot mealie version 2.2.0 Description: A Broken Object Level Authorization vulnerability in the component "/api/users/user-id" of hay-kot mealie allows users to edit their own profile in order to give themselves more permissions or to chan...

CVE-2024-46624

An issue in InfoDom Performa 365 v4.0.1 allows authenticated attackers to elevate their privileges to Administrator via a crafted payload sent to /api/users...

CVE-2024-46624

CVE-2024-46624 affects InfoDom Performa 365 v4.0.1. An authenticated attacker can elevate privileges to Administrator by sending a crafted payload to the endpoint /api/users . The available data confirm the vulnerability and impact (high, with access network, low complexity, low privileges requir...

[SECURITY] [DLA 3953-1] icinga2 security update

Debian LTS Advisory DLA-3953-1 [email protected] https://www.debian.org/lts/security/ Daniel Leidert November 16, 2024 https://wiki.debian.org/LTS Package : icinga2 Version : 2.12.3-1+deb11u1 CVE ID : CVE-2021-32739 CVE-2021-32743 CVE-2021-37698 CVE-2024-49369 Debian Bug : 991494 108738...

SUSE CVE-2024-49369

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted clust...

FreeBSD : icinga2 -- TLS Certificate Validation Bypass (0a82bc4d-a129-11ef-8351-589cfc0f81b0)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 0a82bc4d-a129-11ef-8351-589cfc0f81b0 advisory. The Icinga project reports: Icinga is a monitoring system which checks the availability of network...

CVE-2024-49369

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted clust...

UBUNTU-CVE-2024-49369

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted clust...