Lucene search
K

4 matches found

Vulnrichment
Vulnrichment
added 2026/04/10 6:54 p.m.2 views

CVE-2026-33708 Chamilo LMS has REST API PII Exposure via get_user_info_from_username

Chamilo LMS is a learning management system. Prior to 1.11.38, the getuserinfofromusername REST API endpoint returns personal information email, first name, last name, user ID, active status of any user to any authenticated user, including students. There is no authorization check. This...

6.5CVSS5.8AI score0.00209EPSS
Exploits0References2
OSV
OSV
added 2026/03/16 9:18 p.m.2 views

GHSA-G375-5WMP-XR78 Admidio is Missing Authorization on Forum Topic and Post Deletion

Summary The forum module in Admidio does not verify whether the current user has permission to delete forum topics or posts. Both the topicdelete and postdelete actions in forum.php only validate the CSRF token but perform no authorization check before calling delete. Any authenticated user with...

6.5CVSS5.9AI score0.00226EPSS
Exploits1References4
CNNVD
CNNVD
added 2024/06/12 12:0 a.m.5 views

WordPress plugin Pricing Deals for WooCommerce security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS6.8AI score0.00295EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2017/04/06 12:0 a.m.334 views

Cisco IOS XE Smart Install Protocol Misuse (cisco-sr-20170214-smi)

The remote Cisco IOS XE device has the Smart Install Feature enabled. The Smart Install SMI protocol does not require authentication by design. The absence of an authorization or authentication mechanism in the SMI protocol between the integrated branch clients IBC and the director can allow a...

5.9AI score
Exploits0References1
Rows per page
Query Builder