CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/04/14 9:29 p.m.•20 views

CVE-2026-34602 Chamilo LMS: IDOR in /api/course_rel_users Allows Unauthorized Enrollment of Arbitrary Users into Courses

7.1CVSS0.00203EPSS

Vulnrichment•added 2026/04/14 9:29 p.m.•2 views

CVE-2026-34602 Chamilo LMS: IDOR in /api/course_rel_users Allows Unauthorized Enrollment of Arbitrary Users into Courses

CVE•added 2026/04/14 9:29 p.m.•9 views

CVE-2026-34602

Chamilo LMS is affected by an IDOR in the /api/course_rel_users endpoint prior to version 2.0.0-RC.3. An authenticated attacker can modify the user parameter in the request body to enroll arbitrary users into courses without proper authorization checks, bypassing enrollment controls and potential...

Exploits0References5Affected Software1

Vulnrichment•added 2026/04/14 9:25 p.m.•1 views

CVE-2026-34370 Chamilo LMS: IDOR in the Notebook Module allows an attacker to view other users' private notes

6.5CVSS5.8AI score0.00227EPSS

Exploits0References2

Cvelist•added 2026/04/14 9:25 p.m.•18 views

CVE-2026-34370 Chamilo LMS: IDOR in the Notebook Module allows an attacker to view other users' private notes

6.5CVSS0.00227EPSS

Exploits0References2

ATTACKERKB•added 2026/04/14 9:25 p.m.•2 views

CVE-2026-34370

6.5CVSS5.8AI score0.00227EPSS

Exploits0References3Affected Software1

CNNVD•added 2026/04/14 12:0 a.m.•4 views

Chamilo LMS 安全漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 2.0.0-RC.3 contained security vulnerabilities. These vulnerabilities stemmed fr...

6.5CVSS5.9AI score0.00227EPSS

Exploits0References3

Positive Technologies•added 2026/04/14 12:0 a.m.•5 views

PT-2026-32933

Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the /api/course rel users endpoint is vulnerable to Insecure Direct Object Reference IDOR, allowing an authenticated attacker to modify the user parameter in the request body to enroll any arbitrary user in...

CNNVD•added 2026/04/14 12:0 a.m.•6 views

Exploits0References8

Chamilo LMS 安全漏洞

NVD•added 2026/04/13 9:16 p.m.•3 views

CVE-2026-33740

EspoCRM is an open source customer relationship management application. In versions 9.3.3 and below, the POST /api/v1/Email/importEml endpoint contains an Insecure Direct Object Reference IDOR vulnerability where the attacker-supplied fileId parameter is used to fetch any attachment directly from...

5.4CVSS0.00211EPSS

Vulnrichment•added 2026/04/13 8:37 p.m.•1 views

CVE-2026-33740 EspoCRM: Email importEml can import and delete another user's attachment by raw fileId

ATTACKERKB•added 2026/04/13 8:37 p.m.•2 views

CVE-2026-33740

Exploits1References4Affected Software1

Cvelist•added 2026/04/13 8:37 p.m.•16 views

CVE-2026-33740 EspoCRM: Email importEml can import and delete another user's attachment by raw fileId

5.4CVSS0.00211EPSS

EUVD•added 2026/04/13 8:37 p.m.•5 views

EUVD-2026-22098

RedhatCVE•added 2026/04/13 7:23 p.m.•6 views

CVE-2026-33702

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an Insecure Direct Object Reference IDOR vulnerability in the Learning Path progress saving endpoint. The file lpajaxsaveitem.php accepts a uid user ID parameter directly from $REQUEST and uses it t...

7.1CVSS5.8AI score0.00238EPSS

Exploits0References1

Patchstack•added 2026/04/13 8:37 a.m.•3 views

WordPress BuddyPress Groupblog plugin <= 1.9.3 - Authenticated (Subscriber+) Privilege Escalation to Administrator via Group Blog IDOR vulnerability

Authenticated Subscriber+ Privilege Escalation to Administrator via Group Blog IDOR vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin BuddyPress Groupblog versions = 1.9.3...

8.8CVSS5.8AI score0.00406EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2026/04/13 12:0 a.m.•4 views

PT-2026-32522