CVE-2025-50196 Chamilo: OS Command Injection in /plugin/vchamilo/views/editinstance.php via POST main_database parameter

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/editinstance.php via the POST maindatabase parameter. This issue has been patched in version 1.11.30...

EUVD-2025-208165

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/editinstance.php via the POST maindatabase parameter. This issue has been patched in version 1.11.30...

CVE-2025-50196

Chamilo LMS prior to 1.11.30 is affected by an issue in /plugin/vchamilo/views/editinstance.php via the POST main_database parameter. The vulnerability allowed exploitation that could lead to arbitrary SQL queries being executed. It is patched in version 1.11.30; update to 1.11.30 or later to rem...

CVE-2025-50193

CVE-2025-50193 affects Chamilo LMS prior to version 1.11.30. The vulnerability is an OS command injection in the file /plugin/vchamilo/views/import.php triggered by the POST parameter to_main_database , potentially enabling a remote attacker to execute arbitrary commands (and, per PT-2025-37308, ...

CVE-2025-50193 Chamilo: OS command Injection in /plugin/vchamilo/views/import.php with the POST to_main_database parameter

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST tomaindatabase parameter. This issue has been patched in version 1.11.30...

CVE-2025-50193

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST tomaindatabase parameter. This issue has been patched in version 1.11.30...

Chamilo 操作系统命令注入漏洞

Chamilo is a learning management system open source by Chamilo. Chamilo editinstance.php file has an operating system command injection vulnerability , the vulnerability stems from the file /plugin/vchamilo/views/editinstance.php on the POST parameter maindatabase improperly handled , an attacker...

CVE-2026-27943

OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the eye exam eyemag view loads data by formid or equivalent without verifying that the form belongs to the current user’s patient/encounter context. An...

ebpf_kernel_exploit_scanner

eBPF Kernel Exploit Scanner This repository contains a simplif...

EUVD-2026-8812

OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the eye exam eyemag view loads data by formid or equivalent without verifying that the form belongs to the current user’s patient/encounter context. An...

CVE-2026-27943

OpenEMR (versions up to 8.0.0) contains an access control flaw in the eye_exam (eye_mag) view: data is loaded by form_id without verifying the form belongs to the current user’s patient/encounter context. An authenticated user can access or edit any patient’s eye exam by supplying a different for...

PT-2026-22100

OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the eye exam eye mag view loads data by form id or equivalent without verifying that the form belongs to the current user’s patient/encounter context. An...

CVE-2026-24896

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in OpenEMR’s edihmain.php endpoint, which allows any authenticated user—including low-privilege roles like Receptionist—to...

CVE-2026-24896

OpenEMR prior to version 8.0.0 contains a Broken Access Control vulnerability in the edih_main.php endpoint. An authenticated user, including low-privilege roles (e.g., Receptionist), can access EDI log files by manipulating the log_select parameter in a GET request. The backend does not enforce ...

CVE-2026-24896 OpenEMR has Broken Access Control that allows unauthorized access to EDI Logs

OpenEMR is a free and open source electronic health records and medical practice management application. Prior to version 8.0.0, a Broken Access Control vulnerability exists in OpenEMR’s edihmain.php endpoint, which allows any authenticated user—including low-privilege roles like Receptionist—to...

OpenEMR 访问控制错误漏洞

OpenEMR is a set of open-source medical management systems developed by the OpenEMR community. This system can be used for medical practice management, electronic medical records, prescription writing, and medical billing applications. Prior to OpenEMR 8.0.0, there was an access control...

CVE-2026-21410

CVE-2026-21410 affects InSAT MasterSCADA BUK-TS. The vulnerability is a SQL Injection via the main web interface that potentially allows remote code execution. Impact is indicated as high for confidentiality, integrity, and availability. No remediation details are provided in the supplied documen...

CVE-2026-21410

InSAT MasterSCADA BUK-TS is susceptible to SQL Injection through its main web interface. Malicious users that use the vulnerable endpoint are potentially able to cause remote code execution...

CVE-2019-25398 IPFire 2.21 Core Update 127 Cross-Site Scripting via ovpnmain.cgi

IPFire 2.21 Core Update 127 contains multiple cross-site scripting vulnerabilities in the ovpnmain.cgi script that allow attackers to inject malicious scripts through VPN configuration parameters. Attackers can submit POST requests with script payloads in parameters like VPNIP, DMTU, ccdname,...

CVE-2019-25398

IPFire 2.21 Core Update 127 contains multiple cross-site scripting vulnerabilities in the ovpnmain.cgi script. The issue allows attackers to inject arbitrary JavaScript by submitting POST parameters such as VPN_IP, DMTU, ccdname, ccdsubnet, DOVPN_SUBNET, DHCP_DOMAIN, DHCP_DNS, DHCP_WINS, ROUTES_P...