CVE-2026-33705

Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files .tpl under /main/template/default/ are directly accessible without authentication via HTTP GET requests. These templates expose internal application logic, variable names, AJAX endpoint URLs, and admin panel...

CVE-2026-33705 Chamilo LMS has unauthenticated access to Twig template source files exposes application logic

Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files .tpl under /main/template/default/ are directly accessible without authentication via HTTP GET requests. These templates expose internal application logic, variable names, AJAX endpoint URLs, and admin panel...

EUVD-2026-21557

Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files .tpl under /main/template/default/ are directly accessible without authentication via HTTP GET requests. These templates expose internal application logic, variable names, AJAX endpoint URLs, and admin panel...

Chamilo LMS 安全漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Prior to version 1.11.38, Chamilo LMS had security vulnerabilities. These vulnerabilities stemmed from the Twig...

CVE-2026-23685

Due to a Deserialization vulnerability in SAP NetWeaver JMS service, an attacker authenticated as an administrator with local access could submit specially crafted content to the server. If processed by the application, this content could trigger unintended behavior during internal logic executio...

CVE-2025-64308 Brightpick Mission Control / Internal Logic Control Unprotected Transport of Credentials

The Brightpick Mission Control web application exposes hardcoded credentials in its client-side JavaScript bundle...

CVE-2025-64307 Brightpick Mission Control / Internal Logic Control Missing Authentication for Critical Function

The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes...

CVE-2025-64307 Brightpick Mission Control / Internal Logic Control Missing Authentication for Critical Function

The Brightpick Internal Logic Control web interface is accessible without requiring user authentication. An unauthorized user could exploit this interface to manipulate robot control functions, including initiating or halting runners, assigning jobs, clearing stations, and deploying storage totes...

CVE-2025-64307

The set of connected sources confirms a concrete vulnerability in Brightpick products: the Internal Logic Control web interface allows unauthenticated access, enabling an unauthorized user to manipulate robot control functions (e.g., starting/stopping runners, assigning jobs, clearing stations, d...

CVE-2024-38557

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Reload only IB representors upon lag disable/enable On lag disable, the bond IB device along with all of its representors are destroyed, and then the slaves' representors get reloaded. In case the slave IB representor...

CoreRootRouter._setLocalToken FUNCTION COULD OVERWRITE THE EXISTING VALUES OF THE getLocalTokenFromGlobal MAPPING VALUES DUE TO LACK OF CONDITIONAL CHECKS

Lines of code Vulnerability details Impact The CoreRootRouter.setLocalToken function is used to set the local token on a specific chain for a global token. The function initially checks whether the local token is is already added as shown below: if IPortrootPortAddress.isLocalTokenlocalAddress,...

NA300 PLC has a logic design flaw

The NA300 PLC is a mid-size programmable controller. A logic design vulnerability exists in the NA300 PLC. An attacker can illegally read the internal logic program of the PLC by constructing specific packets...