Lucene search
K

93342 matches found

OSV
OSV
added 2026/03/02 3:16 p.m.5 views

CVE-2025-50193 Chamilo: OS command Injection in /plugin/vchamilo/views/import.php with the POST to_main_database parameter

Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST tomaindatabase parameter. This issue has been patched in version 1.11.30...

7.1CVSS5.9AI score0.02603EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/02 2:54 p.m.4 views

CVE-2025-50192

Chamilo is a learning management system. Prior to version 1.11.30, there is a time-based SQL Injection in found in /main/webservices/registration.soap.php. This issue has been patched in version 1.11.30...

9.8CVSS5.8AI score0.00587EPSS
Exploits1References4Affected Software1
EUVD
EUVD
added 2026/03/02 2:53 p.m.5 views

EUVD-2025-208159

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via the GET openid.assochandle parameter with the /index.php script. This issue has been patched in version 1.11.30...

8.8CVSS5.9AI score0.00587EPSS
Exploits1References3
OSV
OSV
added 2026/03/02 2:53 p.m.7 views

CVE-2025-50190 Chamilo: Error-based SQL Injection via GET openid.assoc_handle with the /index.php script

Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via the GET openid.assochandle parameter with the /index.php script. This issue has been patched in version 1.11.30...

8.8CVSS5.9AI score0.00587EPSS
Exploits1References5
Patchstack
Patchstack
added 2026/03/02 12:40 p.m.8 views

WordPress Super Stage WP plugin <= 1.0.1 - Unauthenticated PHP Object Injection vulnerability

Unauthenticated PHP Object Injection vulnerability discovered by yiğit ibrahim sağlam in WordPress Plugin Super Stage WP versions = 1.0.1...

6.5CVSS6AI score0.00194EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/03/02 5:2 a.m.6 views

EUVD-2026-9144

A security vulnerability has been detected in itsourcecode University Management System 1.0. Affected by this issue is some unknown functionality of the file /adminsinglestudentupdate.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. T...

7.5CVSS5.7AI score0.00333EPSS
Exploits1References5
ATTACKERKB
ATTACKERKB
added 2026/03/02 12:32 a.m.5 views

CVE-2026-3402

A security vulnerability has been detected in PHPGurukul Student Record Management System up to 1.0. This vulnerability affects unknown code of the file /edit-course.php. Such manipulation of the argument Course Short Name leads to cross site scripting. The attack can be executed remotely. The...

4.8CVSS4.2AI score0.00202EPSS
Exploits1References5Affected Software1
CNNVD
CNNVD
added 2026/03/02 12:0 a.m.6 views

Chamilo SQL注入漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.30 had a SQL injection vulnerability, which stemmed from a time-based SQL injection in the /main/webservices/registration.soap.php file...

9.8CVSS5.8AI score0.00587EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/03/02 12:0 a.m.19 views

CVE-2026-26695

code-projects Simple Student Alumni System v1.0 is vulnerable to SQL Injection in /TracerStudy/recordstudentedit.php...

0.00486EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.12 views

PT-2026-22993

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 24.0 Description AVideo is an open source video platform. A Remote Code Execution RCE issue was identified in the plugin upload/import functionality. An authenticated administrator could upload a specially crafted ZIP...

9.3CVSS6.3AI score0.00673EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/03/02 12:0 a.m.6 views

PT-2026-22994

Name of the Vulnerable Software and Affected Versions Idno versions prior to 1.6.4 Description Idno, a social publishing platform, contains a remote code execution vulnerability that can be triggered through a chained sequence of issues. Specifically, a web application administrator can be...

8.6CVSS6.6AI score0.00673EPSS
Exploits1References9
Vulnrichment
Vulnrichment
added 2026/03/02 12:0 a.m.3 views

CVE-2026-26708

sourcecodester Pharmacy Point of Sale System v1.0 is vulnerable to SQL Injection in /pharmacy/manageuser.php...

6AI score0.00319EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2026/03/02 12:0 a.m.124 views

📄 MajorDoMo Console Eval Unauthenticated Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in MajorDoMo, an open-source home automation platform. The admin panels PHP console is accessible without authentication due to a missing exit after redirect in modules/panel.class.php. The redirect"/" call...

9.8CVSS6.5AI score0.06996EPSS
Exploits4
Tenable Nessus
Tenable Nessus
added 2026/03/02 12:0 a.m.6 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-005380)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005380 advisory. In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when user-supplied headers are sent, the insufficient...

7.3CVSS6AI score0.00511EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/02 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-22205

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SPIP versions prior to 4.4.10 contain an authentication bypass vulnerability caused by PHP type juggling that allows unauthenticated attackers to access protect...

8.7CVSS5.8AI score0.00468EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/03/02 12:0 a.m.5 views

Chamilo 代码问题漏洞

Chamilo is an open-source learning management system developed by Chamilo. Versions of Chamilo prior to 1.11.30 had code vulnerabilities. These vulnerabilities stemmed from improper handling of the POST parameter openidurl in the file/index.php file, which could lead to blind SRFI attacks...

9.1CVSS5.9AI score0.00364EPSS
Exploits1References2
GithubExploit
GithubExploit
added 2026/03/01 9:19 p.m.291 views

Exploit for CVE-2026-3395

CVE‑2026‑3395 — MaxSite CMS Unauthenticated Remote Code Execut...

7.5CVSS7.5AI score0.00486EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2026/03/01 7:43 a.m.11 views

CVE-2026-1542

The Super Stage WP WordPress plugin through 1.0.1 unserializes user input via REQUEST, which could allow unauthenticated users to perform PHP Object Injection when a suitable gadget is present on the blog...

6.5CVSS6AI score0.00194EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/03/01 12:0 a.m.5 views

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: php (UTSA-2026-005378)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005378 advisory. In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when parsing HTTP redirect in the response to an HTTP...

9.8CVSS6AI score0.0079EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/02/28 7:45 p.m.4 views

CVE-2019-25490

Homey BNB V4 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the 'id' parameter. Attackers can send GET requests to the admin/edit.php endpoint with time-based SQL injection payloads to extract sensitive...

8.8CVSS6AI score0.00321EPSS
Exploits1References1
Rows per page
Query Builder