160 matches found
CVE-2026-57321
Contributor Arbitrary File Deletion in H5P = 1.17.7 versions...
CVE-2026-56006 WordPress H5P plugin <= 1.17.6 - Reflected Cross Site Scripting (XSS) vulnerability
Unauthenticated Cross Site Scripting XSS in H5P = 1.17.6 versions...
EUVD-2026-39375
Unauthenticated Cross Site Scripting XSS in H5P = 1.17.6 versions...
CVE-2026-56006
CVE-2026-56006 concerns the WordPress H5P plugin (versions
WordPress H5P plugin <= 1.17.6 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by Koutrouss Naddara in WordPress Plugin H5P versions = 1.17.6...
CVE-2026-30875
Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution RCE. The H5P package validation only checks if h5p.json exists but doesn't block...
CVE-2026-30875
Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution RCE. The H5P package validation only checks if h5p.json exists but doesn't block...
CVE-2026-30875 Chamilo LMS: Authenticated RCE via H5P Import
Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution RCE. The H5P package validation only checks if h5p.json exists but doesn't block...
EUVD-2026-12496
Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution RCE. The H5P package validation only checks if h5p.json exists but doesn't block...
CVE-2026-30875 Chamilo LMS: Authenticated RCE via H5P Import
Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution RCE. The H5P package validation only checks if h5p.json exists but doesn't block...
CVE-2026-30875 Chamilo LMS: Authenticated RCE via H5P Import
Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution RCE. The H5P package validation only checks if h5p.json exists but doesn't block...
PT-2026-25799
Chamilo LMS is a learning management system. Prior to version 1.11.36, an arbitrary file upload vulnerability in the H5P Import feature allows authenticated users with Teacher role to achieve Remote Code Execution RCE. The H5P package validation only checks if h5p.json exists but doesn't block...
Chamilo LMS 代码注入漏洞
Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Prior to version 1.11.36 of Chamilo LMS, there was a code injection vulnerability. This vulnerability stemmed fr...
WordPress H5P plugin missing authorization vulnerability
WordPress H5P plugin is an open source plugin that allows users to create, manage and embed interactive multimedia content in WordPress websites. A lack of authorization vulnerability exists in WordPress H5P plugin, which can be exploited by an attacker to cause the exploitation of misconfigured...
WordPress H5P plugin <= 1.16.1 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Bao - BlueRock in WordPress Plugin H5P versions = 1.16.1...
CVE-2025-68505
Missing Authorization vulnerability in icc0rz H5P h5p allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects H5P: from n/a through = 1.16.1...
CVE-2025-68505
Missing Authorization vulnerability in icc0rz H5P h5p allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects H5P: from n/a through = 1.16.1...
CVE-2025-68505
Summary: CVE-2025-68505 describes a missing/incorrect authorization vulnerability in the WordPress H5P plugin, allowing exploitation of misconfigured access control security levels in versions up to and including 1.16.1. Affected product/component: H5P plugin for WordPress (versions
CVE-2025-68505 WordPress H5P plugin <= 1.16.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in icc0rz H5P h5p allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects H5P: from n/a through = 1.16.1...
CVE-2025-68505 WordPress H5P plugin <= 1.16.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in icc0rz H5P h5p allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects H5P: from n/a through = 1.16.1...