Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
CVE Intelligence

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

All Critical Actively Exploited Remotely Exploitable
Last Updated Published CVSS Score
Score
Vulnerability
Published
6.1 MEDIUM
CVE-2025-52476 — Chamilo: Reflected XSS via keyword_active parameter

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to improper sanitization of the keyword_active parameter in admin/…

chamilo_lms | Remote | Cross-Site Scripting
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
6.1 MEDIUM
CVE-2025-52475 — Chamilo: Reflected XSS via keyword_inactive parameter

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability in the admin/user_list.php endpoint. The keyword_inactive parameter is…

chamilo_lms | Remote | Cross-Site Scripting
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
4.8 MEDIUM
CVE-2025-52470 — Chamilo: Stored Cross-Site Scripting (XSS) via Session Category Name

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists in the session_category_add.php script. The vulnerability is caused by impr…

chamilo_lms | Remote | Cross-Site Scripting
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
7.1 HIGH
CVE-2025-52469 — Chamilo: Friend Request Workflow Bypass - Unauthorized Friend Addition and ID Validation …

Chamilo is a learning management system. Prior to version 1.11.30, a logic vulnerability in the friend request workflow of Chamilo’s social network module allows an authenticated user to forcibly add…

chamilo_lms | Remote | Authorization
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
8.8 HIGH
CVE-2025-52468 — Chamilo: Stored XSS Vulnerability via CSV User Import

Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. This flaw occurs due to insufficient sanitization …

chamilo_lms | Remote | Cross-Site Scripting
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
9.1 CRITICAL
CVE-2025-50199 — Chamilo: Blind Server-Side Request Forgery (Unauth Blind SSRF)

Chamilo is a learning management system. Prior to version 1.11.30, there is a blind SSRF vulnerability in /index.php via the POST openid_url parameter. This issue has been patched in version 1.11.30.

chamilo_lms | Remote | Server-Side Request Forgery
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
8.8 HIGH
CVE-2025-50198 — Chamilo: Deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST …

Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST co…

chamilo_lms | Remote | Injection
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
7.2 HIGH
CVE-2025-50197 — Chamilo: OS Command Injection in /main/admin/sub_language_ajax.inc.php via POST new_langu…

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sub_language_ajax.inc.php via the POST new_language parameter. This is…

chamilo_lms | Remote | Injection
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
7.2 HIGH
CVE-2025-50196 — Chamilo: OS Command Injection in /plugin/vchamilo/views/editinstance.php via POST main_da…

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/editinstance.php via the POST main_database parameter. This…

chamilo_lms | Remote | Injection
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
7.2 HIGH
CVE-2025-50195 — Chamilo: OS Command Injection in /plugin/vchamilo/views/manage.controller.php

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. This issue has been patched in versi…

chamilo_lms | Remote | Injection
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
7.2 HIGH
CVE-2025-50194 — Chamilo: OS Command Injection in /main/cron/lang/check_parse_lang.php

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/cron/lang/check_parse_lang.php. This issue has been patched in version 1.11.…

chamilo_lms | Remote | Injection
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
7.2 HIGH
CVE-2025-50193 — Chamilo: OS command Injection in /plugin/vchamilo/views/import.php with the POST to_main_…

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST to_main_database parameter. This i…

chamilo_lms | Remote | Injection
Mar 02, 2026 Mar 03, 2026
Mar 02, 2026
Mar 03, 2026
Showing 20 of 6252 Results