155 matches found
CVE-2026-30875
Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution RCE. The H5P package validation only checks if h5p.json exists but doesn't block...
CVE-2026-30875
Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution RCE. The H5P package validation only checks if h5p.json exists but doesn't block...
CVE-2026-30875 Chamilo LMS: Authenticated RCE via H5P Import
Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution RCE. The H5P package validation only checks if h5p.json exists but doesn't block...
CVE-2026-30875 Chamilo LMS: Authenticated RCE via H5P Import
Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution RCE. The H5P package validation only checks if h5p.json exists but doesn't block...
EUVD-2026-12496
Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution RCE. The H5P package validation only checks if h5p.json exists but doesn't block...
CVE-2026-30875 Chamilo LMS: Authenticated RCE via H5P Import
Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution RCE. The H5P package validation only checks if h5p.json exists but doesn't block...
Chamilo LMS 代码注入漏洞
Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Prior to version 1.11.36 of Chamilo LMS, there was a code injection vulnerability. This vulnerability stemmed fr...
PT-2026-25799
Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution RCE. The H5P package validation only checks if h5p.json exists but doesn't block...
WordPress H5P plugin missing authorization vulnerability
WordPress H5P plugin is an open source plugin that allows users to create, manage and embed interactive multimedia content in WordPress websites. A lack of authorization vulnerability exists in WordPress H5P plugin, which can be exploited by an attacker to cause the exploitation of misconfigured...
WordPress H5P plugin <= 1.16.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin H5P versions = 1.16.1...
CVE-2025-68505
Missing Authorization vulnerability in icc0rz H5P h5p allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects H5P: from n/a through = 1.16.1...
CVE-2025-68505
Missing Authorization vulnerability in icc0rz H5P h5p allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects H5P: from n/a through = 1.16.1...
CVE-2025-68505 WordPress H5P plugin <= 1.16.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in icc0rz H5P h5p allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects H5P: from n/a through = 1.16.1...
CVE-2025-68505
Summary: CVE-2025-68505 describes a missing/incorrect authorization vulnerability in the WordPress H5P plugin, allowing exploitation of misconfigured access control security levels in versions up to and including 1.16.1. Affected product/component: H5P plugin for WordPress (versions
CVE-2025-68505 WordPress H5P plugin <= 1.16.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in icc0rz H5P h5p allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects H5P: from n/a through = 1.16.1...
WordPress plugin H5P 安全漏洞
WordPress H5P plugin is an open source plugin that allows users to create, manage and embed interactive multimedia content in WordPress websites. A lack of authorization vulnerability exists in WordPress H5P plugin, which can be exploited by an attacker to cause the exploitation of misconfigured...
tutor-android (>=17.0.0 <=21.0.0), tutor-cairn (>=17.0.0 <=21.0.0) +48 more potentially affected by CVE-2025-65681 via tutor (>=12.2.0 <=21.0.6)
tutor PYPI version =12.2.0, =17.0.0, =17.0.0, =0.1.1, =0.2.0, =14.0.0, =18.3.0, =18.0.0, =14.0.0rc3, =18.2.8, =14.0.0, =19.0.0, =14.0.0, =18.0.3 and more Source cves: CVE-2025-65681 Source advisory: SNYK:PYTHON-TUTOR-14135978...
CVE-2025-62951
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in icc0rz H5P h5p allows Stored XSS.This issue affects H5P: from n/a through = 1.16.0...
CVE-2025-62951
CVE-2025-62951 concerns the WordPress plugin “Interactive Content – H5P” (icc0rz) with a stored XSS vulnerability. Public docs confirm the issue as: Improper Neutralization of Input During Web Page Generation, enabling stored XSS, affecting Interactive Content – H5P up to version 1.16.0. Red Hat ...
CVE-2025-62951 WordPress H5P plugin <= 1.16.0 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in icc0rz H5P h5p allows Stored XSS.This issue affects H5P: from n/a through = 1.16.0...