Latest CVE Vulnerabilities

4.9 MEDIUM

CVE-2026-27807 — MarkUs: YAML alias (‘billion laughs’) DoS in config upload

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs allows course instructors to upload YAML files to create/update various entities (e.g…

markus | Remote | XML External Entity

Mar 06, 2026 Mar 12, 2026

Mar 06, 2026

Mar 12, 2026

6.5 MEDIUM

CVE-2026-25962 — MarkUs: Zip bomb in config upload enables DoS

MarkUs is a web application for the submission and grading of student assignments. Prior to version 2.9.4, MarkUs currently extracts zip files without any size or entry-count limits. For example, ins…

markus | Remote | Denial of Service

Mar 06, 2026 Mar 12, 2026

Mar 06, 2026

Mar 12, 2026

6.9 MEDIUM

CVE-2025-59544 — Chamilo: Unauthorized access to update category of any user

Chamilo is a learning management system. Prior to version 1.11.34, the functionality for the user to update the category does not implement authorization checks for the "category_id" parameter which …

chamilo_lms | Remote | Authorization

Mar 06, 2026 Mar 09, 2026

Mar 06, 2026

Mar 09, 2026

9.0 CRITICAL

CVE-2025-59543 — Chamilo: Account Takeover via Stored XSS in Course Description

Chamilo is a learning management system. Prior to version 1.11.34, there is a stored cross-site scripting (XSS) vulnerability. By injecting malicious JavaScript into the course description field, an …

chamilo_lms | Remote | Cross-Site Scripting

Mar 06, 2026 Mar 09, 2026

Mar 06, 2026

Mar 09, 2026

9.0 CRITICAL

CVE-2025-59542 — Chamilo: Account Takeover via Stored XSS in Course Learning Paths

Chamilo is a learning management system. Prior to version 1.11.34, there is a stored cross-site scripting (XSS) vulnerability. By injecting malicious JavaScript into the course learning path Settings…

chamilo_lms | Remote | Cross-Site Scripting

Mar 06, 2026 Mar 09, 2026

Mar 06, 2026

Mar 09, 2026

8.1 HIGH

CVE-2025-59541 — Chamilo: CSRF Vulnerability in Project Deletion

Chamilo is a learning management system. Prior to version 1.11.34, a Cross-Site Request Forgery (CSRF) vulnerability allows an attacker to delete projects inside a course without the victim’s consent…

chamilo_lms | Remote | Cross-Site Request Forgery

Mar 06, 2026 Mar 09, 2026

Mar 06, 2026

Mar 09, 2026

6.4 MEDIUM

CVE-2025-59540 — Chamilo: Stored Cross-Site Scripting (XSS) in Chamilo LMS Exercise Feedback

Chamilo is a learning management system. Prior to version 1.11.34, a stored XSS vulnerability exists in Chamilo LMS that allows a staff account to execute arbitrary JavaScript in the browser of highe…

chamilo_lms | Remote | Cross-Site Scripting

Mar 06, 2026 Mar 09, 2026

Mar 06, 2026

Mar 09, 2026

9.0 CRITICAL

CVE-2025-55289 — Chamilo: Stored Cross Site Scripting in Skills Argumentation

Chamilo is a learning management system. Prior to version 1.11.34, there is a stored XSS vulnerability in Chamilo LMS (Verison 1.11.32) allows an attacker to inject arbitrary JavaScript into the plat…

chamilo_lms | Remote | Cross-Site Scripting

Mar 06, 2026 Mar 09, 2026

Mar 06, 2026

Mar 09, 2026

6.5 MEDIUM

CVE-2026-3616 — DefaultFuction Jeson Customer Relationship Management System edit.php sql injection

A vulnerability was detected in DefaultFuction Jeson Customer Relationship Management System 1.0.0. Impacted is an unknown function of the file /modules/customers/edit.php. Performing a manipulation …

Remote | Injection

Mar 06, 2026 Mar 09, 2026

Mar 06, 2026

Mar 09, 2026

8.3 HIGH

CVE-2026-3613 — Wavlink WL-NU516U1 login.cgi sub_401A0C stack-based overflow

A vulnerability was identified in Wavlink WL-NU516U1 V240425. This vulnerability affects the function sub_401A0C of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to stac…

wl-nu516u1_firmware wl-nu516u1 | Remote | Memory Corruption

Mar 06, 2026 Mar 10, 2026

Mar 06, 2026

Mar 10, 2026

Browse by Apps

Latest CVE Feed

Cookie Preferences