Security
CVE Feed
Latest vulnerabilities from the National Vulnerability Database.
10846
Total
736
Critical
3127
High
3471
Medium
| CVE ID | Severity | Score | Description | Published |
|---|---|---|---|---|
| CVE-2026-33736 | MEDIUM | 6.5 | Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, any authenticated user (including ROLE_STUDENT) can enumerate all platform users and access personal information (email, … | Apr 10, 2026 |
| CVE-2026-33710 | HIGH | 7.5 | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5(time() + (user_id * 5) - rand(10000, … | Apr 10, 2026 |
| CVE-2026-33708 | MEDIUM | 6.5 | Chamilo LMS is a learning management system. Prior to 1.11.38, the get_user_info_from_username REST API endpoint returns personal information (email, first name, last name, user ID, … | Apr 10, 2026 |
| CVE-2026-33707 | CRITICAL | 9.4 | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism generates tokens using sha1($email) with no random component, … | Apr 10, 2026 |
| CVE-2026-33706 | HIGH | 7.1 | Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user with a REST API key can modify their own status field via … | Apr 10, 2026 |
| CVE-2026-33705 | MEDIUM | 5.3 | Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files (.tpl) under /main/template/default/ are directly accessible without authentication via HTTP GET requests. … | Apr 10, 2026 |
| CVE-2026-33704 | HIGH | 7.1 | Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user (including students) can write arbitrary content to files on the server via … | Apr 10, 2026 |
| CVE-2026-33703 | UNKNOWN | — | Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the /social-network/personal-data/{userId} endpoint allows any authenticated user … | Apr 10, 2026 |
| CVE-2026-33702 | HIGH | 7.1 | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an Insecure Direct Object Reference (IDOR) vulnerability in the Learning … | Apr 10, 2026 |
| CVE-2026-33698 | UNKNOWN | — | Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allow an … | Apr 10, 2026 |
| CVE-2026-33618 | HIGH | 8.8 | Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray() method uses PHP's eval() to parse platform settings from the database. An attacker … | Apr 10, 2026 |
| CVE-2026-27460 | MEDIUM | 6.5 | Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.5, a critical Denial of Service (DoS) vulnerability was … | Apr 10, 2026 |
| CVE-2026-5483 | HIGH | 8.5 | A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) allows for … | Apr 10, 2026 |
| CVE-2026-40163 | HIGH | 8.2 | Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.5, 1.5.5, and 1.6.0-beta.4, the POST /sync/offline_changes endpoint allows an unauthenticated attacker to … | Apr 10, 2026 |
| CVE-2026-40162 | HIGH | 7.1 | Bugsink is a self-hosted error tracking tool. In 2.1.0, an authenticated file write vulnerability was identified in Bugsink 2.1.0 in the artifact bundle assembly flow. … | Apr 10, 2026 |
| CVE-2026-33141 | MEDIUM | 6.5 | Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the REST API stats endpoint allows any … | Apr 10, 2026 |
| CVE-2026-32932 | MEDIUM | 4.7 | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Open Redirect vulnerability in the session course edit page allows an attacker … | Apr 10, 2026 |
| CVE-2026-32931 | HIGH | 7.5 | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an unrestricted file upload vulnerability in the exercise sound upload function allows an … | Apr 10, 2026 |
| CVE-2026-32930 | HIGH | 7.1 | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the gradebook evaluation edit page … | Apr 10, 2026 |
| CVE-2026-32894 | HIGH | 7.1 | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the gradebook result view page … | Apr 10, 2026 |
| CVE-2026-32893 | MEDIUM | 5.4 | Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, a Reflected Cross-Site Scripting (XSS) vulnerability in the exercise question list admin panel allows an … | Apr 10, 2026 |
| CVE-2026-32892 | CRITICAL | 9.1 | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an OS Command Injection vulnerability in the file move function. … | Apr 10, 2026 |
| CVE-2026-31941 | HIGH | 7.7 | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a Server-Side Request Forgery (SSRF) vulnerability in the Social Wall … | Apr 10, 2026 |
| CVE-2026-31940 | HIGH | 7.5 | Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, in main/lp/aicc_hacp.php, user-controlled request parameters are directly used to set the PHP session … | Apr 10, 2026 |
| CVE-2026-31939 | HIGH | 8.3 | Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path traversal in main/exercise/savescores.php leading to arbitrary file feletion. User input from … | Apr 10, 2026 |