|
1
|
9.8 |
CRITICAL
Network
|
chamilo
|
chamilo_lms
|
Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allow an unauthenticated attacker to modify …
New
|
CWE-552
Files or Directories Accessible to External Parties
|
CVE-2026-33698
|
2026-04-17 03:48 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2
|
7.1 |
HIGH
Network
|
chamilo
|
chamilo_lms
|
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an Insecure Direct Object Reference (IDOR) vulnerability in the Learning Path progress saving endpoi…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-33702
|
2026-04-17 03:48 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
3
|
6.5 |
MEDIUM
Network
|
chamilo
|
chamilo_lms
|
Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the /social-network/personal-data/{userId} endpoint allows any authentica…
New
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-33703
|
2026-04-17 03:48 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4
|
5.5 |
MEDIUM
Local
|
juniper
|
junos
junos_os_evolved
|
A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information.
A local user with low privil…
New
|
CWE-862
Missing Authorization
|
CVE-2026-33776
|
2026-04-17 03:46 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
5
|
6.7 |
MEDIUM
Local
|
juniper
|
junos
junos_os_evolved
|
An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker executing specific, crafted CLI commands to inje…
New
|
CWE-78
OS Command
|
CVE-2026-33791
|
2026-04-17 03:44 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
6
|
7.8 |
HIGH
Local
|
juniper
|
junos
junos_os_evolved
|
An Execution with Unnecessary Privileges vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, th…
New
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2026-33793
|
2026-04-17 03:42 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
7
|
7.4 |
HIGH
Adjacent
|
juniper
|
junos
junos_os_evolved
|
An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already establis…
New
|
CWE-20
Improper Input Validation
|
CVE-2026-33797
|
2026-04-17 03:37 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
8
|
8.8 |
HIGH
Network
|
chamilo
|
chamilo_lms
|
Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user (including students) can write arbitrary content to files on the server via the BigUpload endpoint. The key param…
New
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-33704
|
2026-04-17 03:34 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
9
|
5.3 |
MEDIUM
Network
|
chamilo
|
chamilo_lms
|
Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files (.tpl) under /main/template/default/ are directly accessible without authentication via HTTP GET requests. These tem…
New
|
CWE-538
File and Directory Information Exposure
|
CVE-2026-33705
|
2026-04-17 03:29 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
10
|
7.1 |
HIGH
Network
|
chamilo
|
chamilo_lms
|
Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user with a REST API key can modify their own status field via the update_user_from_username endpoint. A student (stat…
New
|
CWE-269
Improper Privilege Management
|
CVE-2026-33706
|
2026-04-17 03:27 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
