Lucene search
K

163 matches found

NVD
NVD
added 2026/06/26 3:16 p.m.5 views

CVE-2026-57321

Contributor Arbitrary File Deletion in H5P = 1.17.7 versions...

7.1CVSS0.00294EPSS
Exploits0References1
CVE
CVE
added 2026/06/26 2:53 p.m.11 views

CVE-2026-57321

The CVE-2026-57321 entry concerns the WordPress H5P plugin versions up to 1.17.7, describing an Arbitrary File Deletion vulnerability. The connected documents confirm the affected product (H5P WordPress plugin) and the issue type (arbitrary file deletion) with a CVSS v3.1 base score of 7.1 (High)...

7.1CVSS5.8AI score0.00294EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/26 9:39 a.m.4 views

WordPress H5P plugin <= 1.17.7 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by daroo in WordPress Plugin H5P versions = 1.17.7...

7.1CVSS5.8AI score0.00294EPSS
Exploits0Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/06/25 1:12 p.m.4 views

CVE-2026-56006

Unauthenticated Cross Site Scripting XSS in H5P = 1.17.6 versions...

7.1CVSS5.8AI score0.00175EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/25 1:12 p.m.27 views

CVE-2026-56006 WordPress H5P plugin <= 1.17.6 - Reflected Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in H5P = 1.17.6 versions...

7.1CVSS0.00175EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:12 p.m.4 views

EUVD-2026-39375

Unauthenticated Cross Site Scripting XSS in H5P = 1.17.6 versions...

7.1CVSS5.8AI score0.00175EPSS
Exploits0References1
CVE
CVE
added 2026/06/25 1:12 p.m.14 views

CVE-2026-56006

CVE-2026-56006 concerns the WordPress H5P plugin (versions

7.1CVSS5.8AI score0.00175EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/06/18 2:40 p.m.7 views

WordPress H5P plugin <= 1.17.6 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Koutrouss Naddara in WordPress Plugin H5P versions = 1.17.6...

7.1CVSS5.8AI score0.00175EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.3 views

CVE-2026-30875

Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution RCE. The H5P package validation only checks if h5p.json exists but doesn't block...

8.8CVSS6.1AI score0.00515EPSS
Exploits0References1
NVD
NVD
added 2026/03/16 8:16 p.m.8 views

CVE-2026-30875

Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution RCE. The H5P package validation only checks if h5p.json exists but doesn't block...

8.8CVSS0.00515EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/16 7:16 p.m.27 views

CVE-2026-30875 Chamilo LMS: Authenticated RCE via H5P Import

Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution RCE. The H5P package validation only checks if h5p.json exists but doesn't block...

8.8CVSS0.00515EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/16 7:16 p.m.12 views

EUVD-2026-12496

Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution RCE. The H5P package validation only checks if h5p.json exists but doesn't block...

8.8CVSS6.1AI score0.00515EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/03/16 7:16 p.m.8 views

CVE-2026-30875 Chamilo LMS: Authenticated RCE via H5P Import

Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution RCE. The H5P package validation only checks if h5p.json exists but doesn't block...

8.8CVSS6.1AI score0.00515EPSS
Exploits0References2
OSV
OSV
added 2026/03/16 7:16 p.m.4 views

CVE-2026-30875 Chamilo LMS: Authenticated RCE via H5P Import

Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution RCE. The H5P package validation only checks if h5p.json exists but doesn't block...

8.8CVSS6.2AI score0.00515EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.7 views

Chamilo LMS 代码注入漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Prior to version 1.11.36 of Chamilo LMS, there was a code injection vulnerability. This vulnerability stemmed fr...

8.8CVSS6.1AI score0.00515EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.7 views

PT-2026-25799

Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution RCE. The H5P package validation only checks if h5p.json exists but doesn't block...

8.8CVSS6.1AI score0.00515EPSS
Exploits0References2
CNVD
CNVD
added 2025/12/30 12:0 a.m.3 views

WordPress H5P plugin missing authorization vulnerability

WordPress H5P plugin is an open source plugin that allows users to create, manage and embed interactive multimedia content in WordPress websites. A lack of authorization vulnerability exists in WordPress H5P plugin, which can be exploited by an attacker to cause the exploitation of misconfigured...

8.8CVSS6.8AI score0.00273EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/28 4:1 p.m.5 views

WordPress H5P plugin <= 1.16.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin H5P versions = 1.16.1...

8.8CVSS6.8AI score0.00273EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/12/25 1:23 p.m.4 views

CVE-2025-68505

Missing Authorization vulnerability in icc0rz H5P h5p allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects H5P: from n/a through = 1.16.1...

5.3CVSS7AI score0.00273EPSS
Exploits0References1
NVD
NVD
added 2025/12/24 1:16 p.m.4 views

CVE-2025-68505

Missing Authorization vulnerability in icc0rz H5P h5p allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects H5P: from n/a through = 1.16.1...

5.3CVSS0.00273EPSS
Exploits0References1
Rows per page
Query Builder