Security Vulnerabilities
Chamilo is a learning management system. Prior to version 1.11.34, a Cross-Site Request Forgery (CSRF) vulnerability allows an attacker to delete projects inside a course without the victim’s consent. The issue arises because sensitive actions such as project deletion do not implement anti-CSRF protections (tokens) and GET based requests. As a result, an authenticated user (Trainer) can be tricked into executing this unwanted action by simply visiting a malicious page. This issue has been patched in version 1.11.34.
CVSS Score
8.1
EPSS Score
0.0
Published
2026-03-06
A vulnerability was identified in Wavlink WL-NU516U1 V240425. This vulnerability affects the function sub_401A0C of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure.
CVSS Score
7.2
EPSS Score
0.001
Published
2026-03-06
A vulnerability was determined in Wavlink WL-NU516U1 V240425. This affects the function sub_405AF4 of the file /cgi-bin/adm.cgi of the component OTA Online Upgrade. This manipulation of the argument firmware_url causes command injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure.
CVSS Score
7.2
EPSS Score
0.004
Published
2026-03-06
Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.
CVSS Score
7.3
EPSS Score
0.0
Published
2026-03-06
Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.
CVSS Score
7.3
EPSS Score
0.0
Published
2026-03-06
Unauthorized report deletion due to insufficient access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
CVSS Score
4.3
EPSS Score
0.0
Published
2026-03-06
Unauthorized data access due to insufficient access control validation. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
CVSS Score
4.3
EPSS Score
0.0
Published
2026-03-06
Sensitive information disclosure due to improper configuration of a headless browser. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
CVSS Score
5.5
EPSS Score
0.0
Published
2026-03-06
Sensitive information disclosure due to improper access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
CVSS Score
4.3
EPSS Score
0.0
Published
2026-03-06
Local privilege escalation due to insecure Unix socket permissions. The following products are affected: Acronis Cyber Protect 17 (macOS) before build 41186, Acronis Cyber Protect Cloud Agent (macOS) before build 41124.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-03-06