Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
9.1 CRITICAL
CVE-2026-32892 — OS Command Injection in Chamilo LMS 1.11.36

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an OS Command Injection vulnerability in the file move function. The move() function in fileManage.l…

Remote | Injection
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
7.7 HIGH
CVE-2026-31941 — Server-Side Request Forgery (SSRF) in Chamilo LMS

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a Server-Side Request Forgery (SSRF) vulnerability in the Social Wall feature. The endpoint read_url…

Remote | Server-Side Request Forgery
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
7.5 HIGH
CVE-2026-31940 — Session Fixation in Chamilo LMS

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, in main/lp/aicc_hacp.php, user-controlled request parameters are directly used to set the PHP session ID before loading g…

Remote | Authentication
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
8.3 HIGH
CVE-2026-31939 — Path Traversal (Arbitrary File Delete) in Chamilo LMS

Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path traversal in main/exercise/savescores.php leading to arbitrary file feletion. User input from $_REQUEST['test'] is conca…

Remote | Path Traversal
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
5.7 MEDIUM
CVE-2026-1502 — HTTP client proxy tunnel headers not validated for CR/LF

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.

Remote | Misconfiguration
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
0.0 NONE
CVE-2025-66447 — Chamilo LMS has validation-less redirect on login page

Chamilo LMS is a learning management system. From 1.11.0 to 2.0-beta.1, anyone can trigger a malicious redirect through the use of the redirect parameter to /login. This vulnerability is fixed in 2.0…

Remote | Misconfiguration
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
0.0 NA
CVE-2026-33702 — Chamilo LMS has an Insecure Direct Object Reference (IDOR)

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an Insecure Direct Object Reference (IDOR) vulnerability in the Learning Path progress saving endpoi…

| Authorization
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
0.0 NA
CVE-2026-33698 — Chamilo LMS affected by unauthenticated RCE in main/install folder

Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allow an unauthenticated attacker to modify …

| Misconfiguration
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
0.0 NA
CVE-2026-33618 — Chamilo LMS Affected by Remote Code Execution via eval() in Platform Settings

Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray() method uses PHP's eval() to parse platform settings from the database. An at…

| Injection
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
8.1 HIGH
CVE-2026-40200 — Musl Libc Stack-Based Memory Corruption in qsort

An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number…

| Memory Corruption
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
7.1 HIGH
CVE-2026-40160 — PraisonAIAgents has SSRF via unvalidated URL in `web_crawl` httpx fallback

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, web_crawl's httpx fallback path passes user-supplied URLs directly to httpx.AsyncClient.get() with follow_redirects=True and no host v…

Remote | Server-Side Request Forgery
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
5.5 MEDIUM
CVE-2026-40159 — PraisonAI Exposes Sensitive Environment Variable via Untrusted MCP Subprocess Execution

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI’s MCP (Model Context Protocol) integration allows spawning background servers via stdio using user-supplied command strings (e.g.,…

| Supply Chain
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
8.6 HIGH
CVE-2026-40158 — PraisonAI has Improper Control of Generation of Code ('Code Injection') and Protection Me…

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI's AST-based Python sandbox can be bypassed using type.__getattribute__ trampoline, allowing arbitrary code execution when running …

| Authentication
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
9.4 CRITICAL
CVE-2026-40157 — PraisonAI affected by arbitrary file write via path traversal in `praisonai recipe unpack`

PraisonAI is a multi-agent teams system. Prior to 4.5.128, cmd_unpack in the recipe CLI extracts .praison tar archives using raw tar.extract() without validating archive member paths. A .praison bund…

Remote | Path Traversal
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
7.8 HIGH
CVE-2026-40156 — PraisonAI Affected by Implicit Execution of Arbitrary Code via Automatic `tools.py` Loadi…

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI automatically loads a file named tools.py from the current working directory to discover and register custom agent tools. This loa…

| Supply Chain
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
4.3 MEDIUM
CVE-2026-40103 — Vikunja's Scoped API tokens with projects.background permission can delete project backgr…

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's scoped API token enforcement for custom project background routes is method-confused. A token with only proje…

Remote | Authorization
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
5.3 MEDIUM
CVE-2026-40100 — FastGPT has Unauthenticated SSRF in /api/core/app/mcpTools/runTool via missing CHECK_INTE…

FastGPT is an AI Agent building platform. Prior to 4.14.10.3, the /api/core/app/mcpTools/runTool endpoint accepts arbitrary URLs without authentication. The internal IP check in isInternalAddress() o…

Remote | Server-Side Request Forgery
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
3.7 LOW
CVE-2026-40097 — Step CA affected by an index out of bounds panic in TPM attestation EKU validation

Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to before 0.30.0-rc3, an attacker can trigger an index out-of-bounds panic in Step CA b…

Remote | Misconfiguration
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
5.3 MEDIUM
CVE-2026-40086 — Rembg has a Path Traversal via Custom Model Loading

Rembg is a tool to remove images background. Prior to 2.0.75, a path traversal vulnerability in the rembg HTTP server allows unauthenticated remote attackers to read arbitrary files from the server's…

Remote | Path Traversal
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
6.3 MEDIUM
CVE-2026-40074 — SvelteKit's invalidated redirect in handle hook causes Denial-of-Service

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, redirect, when called from inside the handle server hook with a location parameter c…

Remote | Denial of Service
Apr 10, 2026 Apr 10, 2026
Apr 10, 2026
Apr 10, 2026
Showing 20 of 6441 Results