CVE-2026-33698 Chamilo LMS affected by unauthenticated RCE in main/install folder

Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allow an unauthenticated attacker to modify existing files or create new files where allowed by system permissions. This only affects portals...

EUVD-2026-21303

The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have restricted permissions on Windows systems users have read and execute access. For the client.key file in particular, this could potentially lead to exploits, as this exposes agent identity material to any...

CVE-2026-4482

The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have restricted permissions on Windows systems users have read and execute access. For the client.key file in particular, this could potentially lead to exploits, as this exposes agent identity material to any...

Apache OpenMeetings 安全漏洞

Apache OpenMeetings is a multilingual, customizable video conferencing and collaboration system developed by the Apache Foundation in the United States. This product supports audio and video capabilities, and allows users to view the desktops of each participant. Prior to Apache OpenMeetings 9.0....

ManageEngine Exchange Reporter Plus < Build 5802 Multiple Stored XSS

The version of ManageEngine Exchange Reporter Plus on the remote host has a build number prior to 5802. It is, therefore, affected by multiple vulnerabilities, including: - Stored XSS in the Folder Message Count and Size report. CVE-2026-4107 - Stored XSS in the Permissions Based on Mailboxes...

EUVD-2026-19748

Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the folder ownership management functionality that allows authenticated attackers to inject SQL through the owner parameter. An attacker can use the injection to read sensitive data such as the JWT signi...

CVE-2026-23696

Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the folder ownership management functionality that allows authenticated attackers to inject SQL through the owner parameter. An attacker can use the injection to read sensitive data such as the JWT signi...

CVE-2026-23696

Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the folder ownership management functionality that allows authenticated attackers to inject SQL through the owner parameter. An attacker can use the injection to read sensitive data such as the JWT signi...

CVE-2026-23696 Windmill < 1.603.3 File Ownership Handling SQLi RCE

Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the folder ownership management functionality that allows authenticated attackers to inject SQL through the owner parameter. An attacker can use the injection to read sensitive data such as the JWT signi...

CVE-2026-23696 Windmill < 1.603.3 File Ownership Handling SQLi RCE

Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the folder ownership management functionality that allows authenticated attackers to inject SQL through the owner parameter. An attacker can use the injection to read sensitive data such as the JWT signi...

CVE-2026-23696

Windmill CVE-2026-23696 affects Windmill CE/EE versions 1.276.0–1.603.2. The vulnerability is an SQL injection in the folder ownership management functionality that can be triggered by an authenticated user via the owner parameter, enabling reading of sensitive data (e.g., JWT signing secret and ...

CVE-2026-35464 pyLoad has an incomplete fix for CVE-2026-33509: unprotected storage_folder enables arbitrary file write to Flask session store and code execution

pyLoad is a free and open-source download manager written in Python. The fix for CVE-2026-33509 added an ADMINONLYOPTIONS set to block non-admin users from modifying security-critical config options. The storagefolder option is not in this set and passes the existing path restriction because the...

CVE-2026-35464

Summary: CVE-2026-35464 affects pyLoad and describes an incomplete fix for CVE-2026-33509, where a non-admin user with SETTINGS and ADD permissions can redirect downloads to the Flask filesystem session store and trigger arbitrary code execution via a crafted pickle payload deserialized during re...

CVE-2026-35464 pyLoad has an incomplete fix for CVE-2026-33509: unprotected storage_folder enables arbitrary file write to Flask session store and code execution

pyLoad is a free and open-source download manager written in Python. The fix for CVE-2026-33509 added an ADMINONLYOPTIONS set to block non-admin users from modifying security-critical config options. The storagefolder option is not in this set and passes the existing path restriction because the...

pyLoad 安全漏洞

pyLoad is an open-source download manager written in Python. There is a security vulnerability in pyLoad. This vulnerability arises from the fact that the “storagefolder” option is not included in the ADMINONLYOPTIONS set, and it bypasses existing path restrictions. This could allow users with...

Windmill SQL注入漏洞

Windmill is a low-code development platform open-source by Windmill Labs, Inc. Versions of Windmill from 1.276.0 to 1.603.2 have a SQL injection vulnerability. This vulnerability stems from the owner parameter in the folder ownership management function, which allows for SQL injection attacks. It...

PT-2026-30914

Name of the Vulnerable Software and Affected Versions Windmill CE and EE versions 1.276.0 through 1.603.2 Description Windmill CE and EE versions 1.276.0 through 1.603.2 contain an SQL injection vulnerability in the folder ownership management functionality. Authenticated attackers can inject SQL...

CVE-2026-3880

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Public Folder Client Permissions report...

CVE-2026-4107

Zohocorp ManageEngine Exchange Reporter Plus versions before 5802 are vulnerable to Stored XSS in Folder Message Count and Size report...

GHSA-4744-96P5-MP2J pyLoad: Unprotected storage_folder enables arbitrary file write to Flask session store and code execution (Incomplete fix for CVE-2026-33509)

Summary The fix for CVE-2026-33509 GHSA-r7mc-x6x7-cqxx added an ADMINONLYOPTIONS set to block non-admin users from modifying security-critical config options. The storagefolder option is not in this set and passes the existing path restriction because the Flask session directory is outside both...