|
1121
|
7.1 |
HIGH
Network
|
chamilo
|
chamilo_lms
|
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an Insecure Direct Object Reference (IDOR) vulnerability in the Learning Path progress saving endpoi…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-33702
|
2026-04-17 03:48 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1122
|
6.5 |
MEDIUM
Network
|
chamilo
|
chamilo_lms
|
Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the /social-network/personal-data/{userId} endpoint allows any authentica…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-33703
|
2026-04-17 03:48 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1123
|
5.5 |
MEDIUM
Local
|
juniper
|
junos
junos_os_evolved
|
A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information.
A local user with low privil…
|
CWE-862
Missing Authorization
|
CVE-2026-33776
|
2026-04-17 03:46 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1124
|
6.7 |
MEDIUM
Local
|
juniper
|
junos
junos_os_evolved
|
An OS Command Injection vulnerability in the CLI processing of Juniper Networks Junos OS and Junos OS Evolved allows a local, high-privileged attacker executing specific, crafted CLI commands to inje…
|
CWE-78
OS Command
|
CVE-2026-33791
|
2026-04-17 03:44 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1125
|
7.8 |
HIGH
Local
|
juniper
|
junos
junos_os_evolved
|
An Execution with Unnecessary Privileges vulnerability in the User Interface (UI) of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged attacker to gain root privileges, th…
|
CWE-250
Execution with Unnecessary Privileges
|
CVE-2026-33793
|
2026-04-17 03:42 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1126
|
7.4 |
HIGH
Adjacent
|
juniper
|
junos
junos_os_evolved
|
An Improper Input Validation vulnerability in Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, adjacent attacker, sending a specific genuine BGP packet in an already establis…
|
CWE-20
Improper Input Validation
|
CVE-2026-33797
|
2026-04-17 03:37 |
2026-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1127
|
8.8 |
HIGH
Network
|
chamilo
|
chamilo_lms
|
Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user (including students) can write arbitrary content to files on the server via the BigUpload endpoint. The key param…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2026-33704
|
2026-04-17 03:34 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1128
|
5.3 |
MEDIUM
Network
|
chamilo
|
chamilo_lms
|
Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files (.tpl) under /main/template/default/ are directly accessible without authentication via HTTP GET requests. These tem…
|
CWE-538
File and Directory Information Exposure
|
CVE-2026-33705
|
2026-04-17 03:29 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1129
|
7.1 |
HIGH
Network
|
chamilo
|
chamilo_lms
|
Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user with a REST API key can modify their own status field via the update_user_from_username endpoint. A student (stat…
|
CWE-269
Improper Privilege Management
|
CVE-2026-33706
|
2026-04-17 03:27 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1130
|
9.8 |
CRITICAL
Network
|
chamilo
|
chamilo_lms
|
Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism generates tokens using sha1($email) with no random component, no expiration, and no …
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2026-33707
|
2026-04-17 03:25 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
