|
31
|
7.1 |
HIGH
Network
|
-
|
-
|
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the /api/course_rel_users endpoint is vulnerable to Insecure Direct Object Reference (IDOR), allowing an aut…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-34602
|
2026-04-15 07:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
32
|
6.5 |
MEDIUM
Network
|
-
|
-
|
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the notebook module contains an Insecure Direct Object Reference (IDOR) vulnerability that allows any authen…
New
|
CWE-285
CWE-639
Improper Authorization
Authorization Bypass Through User-Controlled Key
|
CVE-2026-34370
|
2026-04-15 07:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
33
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Docmost is open-source collaborative wiki and documentation software. Starting in version 0.3.0 and prior to version 0.71.0, improper authorization in Docmost allows a low-privileged authenticated us…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-34213
|
2026-04-15 07:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
34
|
5.4 |
MEDIUM
Network
|
-
|
-
|
Docmost is open-source collaborative wiki and documentation software. In versions prior to 0.71.0, improper neutralization of attachment URLs in Docmost allows a low-privileged authenticated user to …
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-34212
|
2026-04-15 07:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
35
|
4.6 |
MEDIUM
Network
|
-
|
-
|
Docmost is open-source collaborative wiki and documentation software. Versions prior to 0.70.0 are vulnerable to a stored cross-site scripting (XSS) attack due to improper handling of MIME type spoof…
New
|
CWE-79
Cross-site Scripting
|
CVE-2026-33193
|
2026-04-15 07:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
36
|
4.3 |
MEDIUM
Network
|
-
|
-
|
Docmost is open-source collaborative wiki and documentation software. An authorization bypass vulnerability in versions 0.70.0 through 0.70.2 exposes restricted child page titles and text snippets th…
New
|
CWE-285
Improper Authorization
|
CVE-2026-33146
|
2026-04-15 07:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
37
|
7.1 |
HIGH
Local
|
-
|
-
|
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain an integer overflow which leads to a heap buffer overflow via sixel_frame_convert_to_rg…
New
|
CWE-122
CWE-190
Heap-based Buffer Overflow
Integer Overflow or Wraparound
|
CVE-2026-33020
|
2026-04-15 07:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
38
|
7.1 |
HIGH
Local
|
-
|
-
|
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain an integer overflow leading to an out-of-bounds heap read in the --crop option handling…
New
|
CWE-125
CWE-190
Out-of-bounds Read
Integer Overflow or Wraparound
|
CVE-2026-33019
|
2026-04-15 07:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
39
|
7.0 |
HIGH
Local
|
-
|
-
|
libsixel is a SIXEL encoder/decoder implementation derived from kmiya's sixel. Versions 1.8.7 and prior contain a Use-After-Free vulnerability via the load_gif() function in fromgif.c, where a single…
New
|
CWE-416
Use After Free
|
CVE-2026-33018
|
2026-04-15 07:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
40
|
2.4 |
LOW
Adjacent
|
-
|
-
|
ColdFusion versions 2023.18, 2025.6 and earlier are affected by an Uncontrolled Resource Consumption vulnerability that could lead to application denial-of-service. A high-privileged attacker could e…
New
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2026-27308
|
2026-04-15 07:16 |
2026-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
