CVE-2026-29041 Chamilo: Authenticated Remote Code Execution via Unrestricted File Upload

Chamilo is a learning management system. Prior to version 1.11.34, Chamilo LMS is affected by an authenticated remote code execution vulnerability caused by improper validation of uploaded files. The application relies solely on MIME-type verification when handling file uploads and does not...

EUVD-2025-21905

Malicious code in bioql PyPI...

CVE-2025-45156

Splashin iOS v2.0 fails to enforce server-side interval restrictions for location updates for free-tier users...

CVE-2025-45156

Splashin iOS v2.0 is affected by a vulnerability where the application does not enforce server-side interval restrictions for location updates for free-tier users. The root cause is the lack of enforcement of update intervals on the server side, as described in PT-2025-30063. The impact is the po...

PT-2025-30063 · Splashin · Splashin

Name of the Vulnerable Software and Affected Versions: Splashin iOS version 2.0 Description: The Splashin iOS application version 2.0 does not enforce server-side interval restrictions for location updates for free-tier users. Recommendations: Update to a newer version that contains a fix for thi...

EXNESS: Double forward slash breaks server-side restrictions & allows access to prohibited services from a partner account

A vulnerability was discovered where making an API call with double/multiple forward slashes broke server-side restrictions imposed upon a partner account, allowing unrestricted access to the autorebates facility, which was otherwise unavailable to the partner account...