Lucene search
K

8 matches found

OSV
OSV
added 2026/06/25 9:16 a.m.4 views

UBUNTU-CVE-2026-53162

In the Linux kernel, the following vulnerability has been resolved: memcg: use round-robin victim selection in refillstock Harry Yoo reported that getrandomu32below is not safe to call in the nmi context and memcg charge draining can happen in nmi context. More specifically getrandomu32below is...

7.8CVSS5.8AI score0.00136EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/04/13 7:23 p.m.6 views

CVE-2026-33707

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism generates tokens using sha1$email with no random component, no expiration, and no rate limiting. An attacker who knows a user's email can compute the reset token and change the...

9.8CVSS5.8AI score0.00426EPSS
Exploits0References1
NVD
NVD
added 2026/04/10 7:16 p.m.5 views

CVE-2026-33707

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism generates tokens using sha1$email with no random component, no expiration, and no rate limiting. An attacker who knows a user's email can compute the reset token and change the...

9.8CVSS0.00426EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/10 6:52 p.m.22 views

CVE-2026-33707 Weak Password Recovery Mechanism for Forgotten Password in chamilo/chamilo-lms

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism generates tokens using sha1$email with no random component, no expiration, and no rate limiting. An attacker who knows a user's email can compute the reset token and change the...

9.4CVSS0.00426EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/10 6:52 p.m.3 views

CVE-2026-33707 Weak Password Recovery Mechanism for Forgotten Password in chamilo/chamilo-lms

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism generates tokens using sha1$email with no random component, no expiration, and no rate limiting. An attacker who knows a user's email can compute the reset token and change the...

9.4CVSS5.8AI score0.00426EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/10 6:52 p.m.2 views

CVE-2026-33707

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism generates tokens using sha1$email with no random component, no expiration, and no rate limiting. An attacker who knows a user's email can compute the reset token and change the...

9.4CVSS5.8AI score0.00426EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2026/04/10 6:52 p.m.26 views

CVE-2026-33707

Chamilo LMS (affected: prior to 1.11.38 and 2.0.0-RC.3) uses a weak password reset token by generating tokens as sha1(email) with no randomness, no expiration, and no rate limiting. An attacker who knows a user’s email can compute the reset token and change the password without authentication. Th...

9.8CVSS5.8AI score0.00426EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2023/03/14 12:0 a.m.5 views

Combodo iTop 安全特征问题漏洞

Combodo iTop is a French company Combodo ITIL-based development and for the daily operation of the IT environment of open source Web applications. The program provides incident management, configuration management and problem management. A security signature issue vulnerability exists in Combodo...

9.8CVSS8.2AI score0.00912EPSS
Exploits0References4
Rows per page
Query Builder