Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
6.1 MEDIUM
CVE-2025-66880 — Wethink Technology Inc 720yun Pano-sdk Cross Site Scripting Vulnerability

Cross Site Scripting vulnerability in Wethink Technology Inc 720yun pano-sdk 0.5.877 allows a remote attacker to execute arbitrary code via the LoginComp (Module 2093) and SignupComp (Module 2094) mo…

Remote | Cross-Site Scripting
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.0 HIGH
CVE-2025-52998 — Chamilo: PHAR deserialization bypass

Chamilo is a learning management system. Prior to version 1.11.30, in the application, deserialization of data is performed, the data can be spoofed. An attacker can create objects of arbitrary class…

Remote | Injection
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
6.9 MEDIUM
CVE-2025-52564 — Chamilo: HTML injection via open parameter

Chamilo is a learning management system. Prior to version 1.11.30, the open parameter of help.php fails to properly sanitize user input. This allows an attacker to inject arbitrary HTML, such as unde…

Remote | Cross-Site Scripting
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
5.1 MEDIUM
CVE-2025-52563 — Chamilo: Reflected XSS via page parameter

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to insufficient sanitization of the page parameter in the session/…

Remote | Cross-Site Scripting
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
5.1 MEDIUM
CVE-2025-52476 — Chamilo: Reflected XSS via keyword_active parameter

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability due to improper sanitization of the keyword_active parameter in admin/…

Remote | Cross-Site Scripting
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
5.1 MEDIUM
CVE-2025-52475 — Chamilo: Reflected XSS via keyword_inactive parameter

Chamilo is a learning management system. Prior to version 1.11.30, there is a reflected cross-site scripting (XSS) vulnerability in the admin/user_list.php endpoint. The keyword_inactive parameter is…

Remote | Cross-Site Scripting
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
4.8 MEDIUM
CVE-2025-52470 — Chamilo: Stored Cross-Site Scripting (XSS) via Session Category Name

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting (XSS) vulnerability exists in the session_category_add.php script. The vulnerability is caused by impr…

Remote | Cross-Site Scripting
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.1 HIGH
CVE-2025-52469 — Chamilo: Friend Request Workflow Bypass - Unauthorized Friend Addition and ID Validation …

Chamilo is a learning management system. Prior to version 1.11.30, a logic vulnerability in the friend request workflow of Chamilo’s social network module allows an authenticated user to forcibly add…

Remote | Authorization
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
8.8 HIGH
CVE-2025-52468 — Chamilo: Stored XSS Vulnerability via CSV User Import

Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. This flaw occurs due to insufficient sanitization …

Remote | Cross-Site Scripting
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.7 HIGH
CVE-2025-50199 — Chamilo: Blind Server-Side Request Forgery (Unauth Blind SSRF)

Chamilo is a learning management system. Prior to version 1.11.30, there is a blind SSRF vulnerability in /index.php via the POST openid_url parameter. This issue has been patched in version 1.11.30.

Remote | Server-Side Request Forgery
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
8.8 HIGH
CVE-2025-50198 — Chamilo: Deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST …

Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST co…

Remote | Injection
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.1 HIGH
CVE-2025-50197 — Chamilo: OS Command Injection in /main/admin/sub_language_ajax.inc.php via POST new_langu…

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sub_language_ajax.inc.php via the POST new_language parameter. This is…

Remote | Injection
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.1 HIGH
CVE-2025-50196 — Chamilo: OS Command Injection in /plugin/vchamilo/views/editinstance.php via POST main_da…

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/editinstance.php via the POST main_database parameter. This…

Remote | Injection
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.1 HIGH
CVE-2025-50195 — Chamilo: OS Command Injection in /plugin/vchamilo/views/manage.controller.php

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. This issue has been patched in versi…

Remote | Injection
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.1 HIGH
CVE-2025-50194 — Chamilo: OS Command Injection in /main/cron/lang/check_parse_lang.php

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/cron/lang/check_parse_lang.php. This issue has been patched in version 1.11.…

Remote | Injection
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
7.1 HIGH
CVE-2025-50193 — Chamilo: OS command Injection in /plugin/vchamilo/views/import.php with the POST to_main_…

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST to_main_database parameter. This i…

Remote | Injection
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
0.0 NA
CVE-2026-26703 — Sourcecodester Personnel Property Equipment System SQL Injection Vulnerability

sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/advance_search.php.

| Injection
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
0.0 NA
CVE-2026-26702 — Sourcecodester Personnel Property Equipment System SQL Injection Vulnerability

sourcecodester Personnel Property Equipment System v1.0 is vulnerable to SQL Injection in /ppes/admin/myitem_reuse.php.

| Injection
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
0.0 NA
CVE-2026-26696 — Code-Projects Simple Student Alumni System SQL Injection Vulnerability

code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacher_edit.php.

| Injection
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
0.0 NA
CVE-2026-26695 — Code-Projects Simple Student Alumni System SQL Injection Vulnerability

code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordstudent_edit.php.

| Injection
Mar 02, 2026 Mar 02, 2026
Mar 02, 2026
Mar 02, 2026
Showing 20 of 4875 Results