CVE-2025-50195 Chamilo: OS Command Injection in /plugin/vchamilo/views/manage.controller.php

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. This issue has been patched in version 1.11.30...

CVE-2025-50195

CVE-2025-50195 affects the Chamilo learning management system. A vulnerability in the file /plugin/vchamilo/views/manage.controller.php allows an OS Command Injection on Chamilo installations running versions prior to 1.11.30 . The issue has been addressed in Chamilo release 1.11.30 (patch/commit...

CVE-2025-50195 Chamilo: OS Command Injection in /plugin/vchamilo/views/manage.controller.php

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. This issue has been patched in version 1.11.30...

EUVD-2025-208164

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. This issue has been patched in version 1.11.30...

Cisco AppDynamics Controller Path Traversal Vulnerability (cisco-sa-appd-traversal-m7N8mZpF)

According to its self-reported version, Cisco AppDynamics is affected by a vulnerability. - A vulnerability in the file upload functionality of Cisco AppDynamics Controller could allow an authenticated, remote attacker to conduct directory traversal attacks on an affected device. This vulnerabili...

📄 Honeywell Trend IQ4xx BMS Controller Unauthenticated Remote Web-HMI Control / Lockout

The Honeywell IQ4 Trend IQ4 exposes its full web-based HMI without authentication in its factory-default configuration. With no user module configured, security is disabled by design and the system operates under a System User level 100 context, granting read/write privileges to any party able to...

CVE-2026-28408

WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, the script in adicionartipodocsatendido.php does not go through the project's central controller and does not have its own authentication and permission checks. A malicious user could make a request through tools like...

GHSA-9H8M-3FM2-QJRQ vulnerabilities

Vulnerabilities for packages: cloudflared-fips, kubescape-operator-fips, cerbos-fips, eck-operator, elastic-agent, velero-plugin-for-gcp-fips, tfsec, argo-cd-fips, traefik-fips, argocd-image-updater-fips, k6-operator, cluster-api-ipam-provider-in-cluster, packer-fips, google-guest-agent,...

net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts

...

CVE-2026-3286

A vulnerability was identified in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3. The impacted element is the function Save of the file paicoding-web/src/main/java/com/github/paicoding/forum/web/common/image/rest/ImageRestController.java of the component Image Save Endpoint. Such manipulation of the...

CVE-2026-3269

A flaw has been found in psi-probe PSI Probe up to 5.3.0. The impacted element is the function handleRequestInternal of the file psi-probe-core/src/main/java/psiprobe/controllers/sessions/ExpireSessionsController.java of the component Session Handler. Executing a manipulation can lead to denial o...

openSUSE 16 Security Update : openQA, os-autoinst, openQA-devel-container (openSUSE-SU-2026:20261-1)

The remote openSUSE 16 host has packages installed that are affected by a vulnerability as referenced in the openSUSE- SU-2026:20261-1 advisory. Changes in openQA: - Update to version 5.1771422749.560a3b26: fixmcp: set navbar check expression to read-only feat: support inverted result filters in...

GHSA-HFCP-477W-3WJW rubyipmi is vulnerable to OS Command Injection through malicious usernames

A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller BMC component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote...

rubyipmi is vulnerable to OS Command Injection through malicious usernames

A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller BMC component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote...

CVE-2026-0980

A flaw was found in rubyipmi, a gem used in the Baseboard Management Controller BMC component of Red Hat Satellite. An authenticated attacker with host creation or update permissions could exploit this vulnerability by crafting a malicious username for the BMC interface. This could lead to remote...

EUVD-2026-8996

A security flaw has been discovered in youlaitech youlai-mall 2.0.0. This affects the function listPagedSpuForApp of the file mall-pms/pms-boot/src/main/java/com/youlai/mall/pms/controller/app/SpuController.java of the component App-side Product Pagination Endpoint. Performing a manipulation of t...

CVE-2026-3287

A security flaw has been discovered in youlaitech youlai-mall 2.0.0. This affects the function listPagedSpuForApp of the file mall-pms/pms-boot/src/main/java/com/youlai/mall/pms/controller/app/SpuController.java of the component App-side Product Pagination Endpoint. Performing a manipulation of t...

CVE-2026-3286

A vulnerability was identified in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3. The impacted element is the function Save of the file paicoding-web/src/main/java/com/github/paicoding/forum/web/common/image/rest/ImageRestController.java of the component Image Save Endpoint. Such manipulation of the...

CVE-2026-26682

An issue in fastCMS before v.0.1.6 allows a local attacker to execute arbitrary code via the PluginController.java component...

CVE-2026-3287

CVE-2026-3287 affects youlaitech youlai-mall 2.0.0, specifically the App-side Product Pagination Endpoint: SpuController.java, listPagedSpuForApp. The vulnerability arises from manipulating the sortField/sort parameters, enabling SQL injection. This is described as remotely exploitable with a pub...