avril 2025

Archives du Mois

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28	Microsoft Office Pro 2024 LTSC 2025-04-28 12:21:02 TNT Sécurité
29
30

Outils

Swiss Army Suite (SAS) | 9.35 MB

Télécharger

Mango Keywords 3.4.1 | 25.26 MB

Télécharger

Dork Searcher V3 | 64.46 MB

Télécharger

Magic Dork V3.4.5 | 14.59 MB

Télécharger

SQLi Dorks Generator | 1.62 MB

Télécharger

SQLi Dumper 10.5 | 31.46 KB

Télécharger

Scan Now UPnP | 5.91 MB

ScanNowUPnP

CVE-2026-33141 10 avril 2026

Medium Severity Description Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the REST API stats endpoint allows any authenticated user (including low-privilege students with ROLE_USER) to read any other user's learning progress, certificates, and gradebook scores for any course, without enrollment or supervisory relationship. This […]

CVE-2026-32892 10 avril 2026

Critical Severity Description Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an OS Command Injection vulnerability in the file move function. The move() function in fileManage.lib.php passes user-controlled path values directly into exec() shell commands without using escapeshellarg(). When a user moves a document via document.php, the move_to […]

CVE-2026-1502 10 avril 2026

Medium Severity Description CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host. Read more at https://www.tenable.com/cve/CVE-2026-1502

CVE-2026-32932 10 avril 2026

Medium Severity Description Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Open Redirect vulnerability in the session course edit page allows an attacker to redirect an authenticated administrator to an arbitrary external URL after saving coach assignment changes. The redirect also leaks the id_session parameter to the attacker's server. This […]

CVE-2026-32931 10 avril 2026

High Severity Description Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an unrestricted file upload vulnerability in the exercise sound upload function allows an authenticated teacher to upload a PHP webshell by spoofing the Content-Type header to audio/mpeg. The uploaded file retains its original .php extension and is placed in a […]

SEC Consult SA-20260401-0 :: Broken Access Control in Open WebUI 3 avril 2026

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 02SEC Consult Vulnerability Lab Security Advisory < 20260401-0 > ======================================================================= title: Broken Access Control product: Open WebUI vulnerable version:

SEC Consult SA-20260326-0 :: Local Privilege Escalation in Vienna Assistant (MacOS) - Vienna Symphonic Library 3 avril 2026

Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 02SEC Consult Vulnerability Lab Security Advisory < 20260326-0 > ======================================================================= title: Local Privilege Escalation product: Vienna Assistant (MacOS) - Vienna Symphonic Library vulnerable version: 1.2.542 fixed version: - CVE number: CVE-2026-24068 impact: high homepage:https://www.vsl.co.at/ ...

Apple OHTTP Relay: 14 Third-Party Endpoints, 6 Countries, Zero User Visibility 3 avril 2026

Posted by Joseph Goydish II via Fulldisclosure on Apr 02SUMMARY Apple's Oblivious HTTP relay for Live Caller ID Lookup (iOS 18+) routes traffic through 14 third-party endpoints across six countries. These include an anonymous Delaware LLC sharing data with OpenAI, a Russian endpoint (Yandex), and a Swiss GmbH whose privacy policy names "The Legal Entity […]

[KIS-2026-06] MetInfo CMS <= 8.1 (weixinreply.class.php) PHP Code Injection Vulnerability 3 avril 2026

Posted by Egidio Romano on Apr 02--------------------------------------------------------------------------- MetInfo CMS

[CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability 3 avril 2026

Posted by cyber security on Apr 02A vulnerability was identified in OWASP CRS where whitespace padding in filenames can bypass file upload extension checks, allowing uploads of dangerous files such as .php, .phar, .jsp, and .jspx. This issue has been assigned CVE‑2026‑33691. Impact: Attackers may evade CRS protections and upload web shells disguised with whitespace‑padded […]