Latest CVE Vulnerabilities

6.9 MEDIUM

CVE-2025-59544 — Chamilo: Unauthorized access to update category of any user

Chamilo is a learning management system. Prior to version 1.11.34, the functionality for the user to update the category does not implement authorization checks for the "category_id" parameter which …

chamilo_lms | Remote | Authorization

Mar 06, 2026 Mar 09, 2026

Mar 06, 2026

Mar 09, 2026

9.0 CRITICAL

CVE-2025-59543 — Chamilo: Account Takeover via Stored XSS in Course Description

Chamilo is a learning management system. Prior to version 1.11.34, there is a stored cross-site scripting (XSS) vulnerability. By injecting malicious JavaScript into the course description field, an …

chamilo_lms | Remote | Cross-Site Scripting

Mar 06, 2026 Mar 09, 2026

Mar 06, 2026

Mar 09, 2026

9.0 CRITICAL

CVE-2025-59542 — Chamilo: Account Takeover via Stored XSS in Course Learning Paths

Chamilo is a learning management system. Prior to version 1.11.34, there is a stored cross-site scripting (XSS) vulnerability. By injecting malicious JavaScript into the course learning path Settings…

chamilo_lms | Remote | Cross-Site Scripting

Mar 06, 2026 Mar 09, 2026

Mar 06, 2026

Mar 09, 2026

8.1 HIGH

CVE-2025-59541 — Chamilo: CSRF Vulnerability in Project Deletion

Chamilo is a learning management system. Prior to version 1.11.34, a Cross-Site Request Forgery (CSRF) vulnerability allows an attacker to delete projects inside a course without the victim’s consent…

chamilo_lms | Remote | Cross-Site Request Forgery

Mar 06, 2026 Mar 09, 2026

Mar 06, 2026

Mar 09, 2026

6.4 MEDIUM

CVE-2025-59540 — Chamilo: Stored Cross-Site Scripting (XSS) in Chamilo LMS Exercise Feedback

Chamilo is a learning management system. Prior to version 1.11.34, a stored XSS vulnerability exists in Chamilo LMS that allows a staff account to execute arbitrary JavaScript in the browser of highe…

chamilo_lms | Remote | Cross-Site Scripting

Mar 06, 2026 Mar 09, 2026

Mar 06, 2026

Mar 09, 2026

9.0 CRITICAL

CVE-2025-55289 — Chamilo: Stored Cross Site Scripting in Skills Argumentation

Chamilo is a learning management system. Prior to version 1.11.34, there is a stored XSS vulnerability in Chamilo LMS (Verison 1.11.32) allows an attacker to inject arbitrary JavaScript into the plat…

chamilo_lms | Remote | Cross-Site Scripting

Mar 06, 2026 Mar 09, 2026

Mar 06, 2026

Mar 09, 2026

6.5 MEDIUM

CVE-2026-3616 — DefaultFuction Jeson Customer Relationship Management System edit.php sql injection

A vulnerability was detected in DefaultFuction Jeson Customer Relationship Management System 1.0.0. Impacted is an unknown function of the file /modules/customers/edit.php. Performing a manipulation …

Remote | Injection

Mar 06, 2026 Mar 09, 2026

Mar 06, 2026

Mar 09, 2026

8.3 HIGH

CVE-2026-3613 — Wavlink WL-NU516U1 login.cgi sub_401A0C stack-based overflow

A vulnerability was identified in Wavlink WL-NU516U1 V240425. This vulnerability affects the function sub_401A0C of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to stac…

wl-nu516u1_firmware wl-nu516u1 | Remote | Memory Corruption

Mar 06, 2026 Mar 10, 2026

Mar 06, 2026

Mar 10, 2026

8.3 HIGH

CVE-2026-3612 — Wavlink WL-NU516U1 OTA Online Upgrade adm.cgi sub_405AF4 command injection

A vulnerability was determined in Wavlink WL-NU516U1 V240425. This affects the function sub_405AF4 of the file /cgi-bin/adm.cgi of the component OTA Online Upgrade. This manipulation of the argument …

wl-nu516u1_firmware wl-nu516u1 | Remote | Injection

Mar 06, 2026 Mar 10, 2026

Mar 06, 2026

Mar 10, 2026

5.3 MEDIUM

CVE-2026-3610 — HSC Cybersecurity Mailinspector URL mliUserValidation.php cross site scripting

A vulnerability was found in HSC Cybersecurity Mailinspector up to 5.3.2-3. Affected by this issue is some unknown functionality of the file /mailinspector/mliUserValidation.php of the component URL …

Remote | Cross-Site Scripting

Mar 06, 2026 Mar 09, 2026

Mar 06, 2026

Mar 09, 2026

Browse by Apps

Latest CVE Feed

Cookie Preferences