Latest CVE Feed
Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.
MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs allows course instructors to upload YAML files to create/update various entities (e.g…
MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs currently extracts zip files without any size or entry-count limits. For example, ins…
Chamilo is a learning management system. Prior to version 1.11.34, the functionality for the user to update the category does not implement authorization checks for the "category_id" parameter which …
Chamilo is a learning management system. Prior to version 1.11.34, there is a stored cross-site scripting (XSS) vulnerability. By injecting malicious JavaScript into the course description field, an …
Chamilo is a learning management system. Prior to version 1.11.34, there is a stored cross-site scripting (XSS) vulnerability. By injecting malicious JavaScript into the course learning path Settings…
Chamilo is a learning management system. Prior to version 1.11.34, a Cross-Site Request Forgery (CSRF) vulnerability allows an attacker to delete projects inside a course without the victim’s consent…
Chamilo is a learning management system. Prior to version 1.11.34, a stored XSS vulnerability exists in Chamilo LMS that allows a staff account to execute arbitrary JavaScript in the browser of highe…
Chamilo is a learning management system. Prior to version 1.11.34, there is a stored XSS vulnerability in Chamilo LMS (Verison 1.11.32) allows an attacker to inject arbitrary JavaScript into the plat…
A vulnerability was detected in DefaultFuction Jeson Customer Relationship Management System 1.0.0. Impacted is an unknown function of the file /modules/customers/edit.php. Performing a manipulation …
A vulnerability was identified in Wavlink WL-NU516U1 V240425. This vulnerability affects the function sub_401A0C of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to stac…
A vulnerability was determined in Wavlink WL-NU516U1 V240425. This affects the function sub_405AF4 of the file /cgi-bin/adm.cgi of the component OTA Online Upgrade. This manipulation of the argument …
A vulnerability was found in HSC Cybersecurity Mailinspector up to 5.3.2-3. Affected by this issue is some unknown functionality of the file /mailinspector/mliUserValidation.php of the component URL …
The Greenshift – animation and page builder blocks plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 12.8.3 via the automated Settings Backup …
Local privilege escalation due to insecure Unix socket permissions. The following products are affected: Acronis Cyber Protect 17 (macOS) before build 41186, Acronis Cyber Protect Cloud Agent (macOS)…
Sensitive information disclosure due to improper access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
Sensitive information disclosure due to improper configuration of a headless browser. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
Unauthorized data access due to insufficient access control validation. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
Unauthorized report deletion due to insufficient access control. The following products are affected: Acronis Cyber Protect 17 (Linux, Windows) before build 41186.
Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.
Local privilege escalation due to improper soft link handling. The following products are affected: Acronis Cyber Protect 17 (Windows) before build 41186.