CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5548 matches found

Cvelist•added 2026/03/06 3:29 a.m.•35 views

CVE-2025-59541 Chamilo: CSRF Vulnerability in Project Deletion

Chamilo is a learning management system. Prior to version 1.11.34, a Cross-Site Request Forgery CSRF vulnerability allows an attacker to delete projects inside a course without the victim’s consent. The issue arises because sensitive actions such as project deletion do not implement anti-CSRF...

8.1CVSS0.00151EPSS

Exploits0References2

CVE•added 2026/03/06 3:29 a.m.•12 views

CVE-2025-59541

CVE-2025-59541 (Chamilo LMS) : Prior to 1.11.34, a CSRF vulnerability allows an authenticated trainer to delete projects within a course by visiting a malicious page, due to missing anti-CSRF protections and reliance on GET requests. The issue enables unauthorized project deletion with high impac...

8.1CVSS5.8AI score0.00151EPSS

Exploits0References2Affected Software1

NVD•added 2026/03/05 7:16 p.m.•3 views

CVE-2026-27723

OpenProject is an open-source, web-based project management software. Prior to versions 17.0.5 and 17.1.2, an attacker can create wiki pages belonging to unpermitted projects through an improperly authenticated request. This issue has been patched in versions 17.0.5 and 17.1.2...

5.3CVSS0.00209EPSS

Exploits0References3

Cvelist•added 2026/03/05 4:26 p.m.•24 views

CVE-2026-27723 OpenProject: Insufficient access control leads to create Wiki objects belongs unpermitted projects

4.3CVSS0.00209EPSS

Exploits0References3

EUVD•added 2026/03/05 4:26 p.m.•2 views

EUVD-2026-9846

4.3CVSS5.8AI score0.00209EPSS

Exploits0References3

Vulnrichment•added 2026/03/05 4:26 p.m.•3 views

CVE-2026-27723 OpenProject: Insufficient access control leads to create Wiki objects belongs unpermitted projects

4.3CVSS5.7AI score0.00209EPSS

Exploits0References3

CVE•added 2026/03/05 4:26 p.m.•8 views

CVE-2026-27723

OpenProject CVE-2026-27723 involves insufficient access control that allows creating wiki pages for unpermitted projects via an improperly authenticated request. Affected versions are before 17.0.5 and 17.1.2; these releases fix the issue by addressing the access control hole. The CVSS 3.1 vector...

5.3CVSS5.8AI score0.00209EPSS

Exploits0References3Affected Software1

OSV•added 2026/03/05 4:26 p.m.•2 views

CVE-2026-27723 OpenProject: Insufficient access control leads to create Wiki objects belongs unpermitted projects

4.3CVSS5.7AI score0.00209EPSS

Exploits0References5

vulnersOsv•added 2026/03/04 9:23 p.m.•2 views

ai.agentican:agentican-framework-core (>=0.1.0-alpha.1 <=0.1.0-alpha.4), ai.agentican:agentican-quarkus-deployment (>=0.1.0-alpha.1 <=0.1.0-alpha.4) +4650 more potentially affected by CVE-2025-52999 +1 more via tools.jackson.core:jackson-core (>=3.0.0 <=3.1.0-rc1)

tools.jackson.core:jackson-core MAVEN version =3.0.0, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.1, =0.1.0-alpha.3, =0.1.0-alpha.1, =0.1.2, =0.1.0, =0.1.0, =0.7.6, =0.7.17 and more Source cves:...

8.7CVSS6.6AI score0.00634EPSS

Exploits0

vulnersOsv•added 2026/03/03 9:44 p.m.•4 views

net.enilink.platform:net.enilink.platform.web (=1.6.0), org.webjars.npm:formio__core (=2.6.0) +1 more potentially affected by CVE-2026-0540 via org.webjars.npm:dompurify (>=3.1.7 <=3.3.0)

org.webjars.npm:dompurify MAVEN version =3.1.7, =0.54.0, =0.55.1 Source cves: CVE-2026-0540 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-15371377...

6.1CVSS7.2AI score0.00284EPSS

Exploits0

NVD•added 2026/03/02 2:16 p.m.•5 views

CVE-2026-26697

code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordteacherview.php?teacherID=...

4.9CVSS0.00276EPSS

Exploits1References1