2 matches found
CVE-2026-33736
Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, any authenticated user including ROLESTUDENT can enumerate all platform users and access personal information email, phone, roles via GET /api/users, including administrator accounts. This vulnerability is fixed in 2.0.0-RC.3...
Arbitrary Password Reset Vulnerability in Chickie's Travel Android App
Chickie Mobility Android App is an app that provides public bike rental services. There is an arbitrary password reset vulnerability in Qiqi Travel Android APP. It allows an attacker to reset another person's password simply by knowing their cell phone number, and can view any other person's...