Lucene search
K

27 matches found

EUVD
EUVD
added 4 hours ago4 views

EUVD-2026-43547

9Router through version 0.4.41 contain an unauthenticated information disclosure vulnerability that allows remote attackers to retrieve plaintext API keys for all connected AI provider accounts by sending a single unauthenticated request to the /api/usage/stats endpoint. Attackers can exploit the...

9.3CVSS6.1AI score
Exploits0References3
NVD
NVD
added 2026/06/20 4:17 p.m.13 views

CVE-2026-56319

Capgo before 12.128.2 contains an information disclosure vulnerability in the GET /statistics/app/:appid endpoint that allows app-limited API keys to distinguish existing sibling app IDs through differential error responses. Attackers can enumerate real app IDs outside their allowed scope by...

5.3CVSS0.00187EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/20 3:24 p.m.10 views

EUVD-2026-38125

Capgo before 12.128.2 contains an information disclosure vulnerability in the GET /statistics/app/:appid endpoint that allows app-limited API keys to distinguish existing sibling app IDs through differential error responses. Attackers can enumerate real app IDs outside their allowed scope by...

5.3CVSS5.9AI score0.00187EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/20 3:24 p.m.4 views

CVE-2026-56319

Capgo before 12.128.2 contains an information disclosure vulnerability in the GET /statistics/app/:appid endpoint that allows app-limited API keys to distinguish existing sibling app IDs through differential error responses. Attackers can enumerate real app IDs outside their allowed scope by...

5.3CVSS5.9AI score0.00187EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/20 12:0 a.m.18 views

PT-2026-51157

Name of the Vulnerable Software and Affected Versions Capgo versions prior to 12.128.2 Description An information disclosure issue exists in the 'GET /statistics/app/:app id' endpoint. This allows users with app-limited API keys to identify existing sibling app IDs by analyzing differential error...

5.3CVSS5.9AI score0.00187EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/04/16 1:22 a.m.5 views

CVE-2026-33714

Chamilo is an open-source learning management system LMS. Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. While CVE-2026-30881 was patched by applying Security::removeXSS to the datestart and dateend...

7.2CVSS6AI score0.00258EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/14 9:0 p.m.4 views

EUVD-2026-22708

Chamilo is an open-source learning management system LMS. Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. While CVE-2026-30881 was patched by applying Security::removeXSS to the datestart and dateend...

8.8CVSS6AI score0.00276EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/10 12:0 a.m.9 views

Chamilo LMS 安全漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 2.0.0-RC.3 contained security vulnerabilities. These vulnerabilities stemmed fr...

6.5CVSS5.8AI score0.00141EPSS
Exploits0References3
NVD
NVD
added 2026/03/31 9:16 p.m.9 views

CVE-2026-34731

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo onpublishdone.php endpoint in the Live plugin allows unauthenticated users to terminate any active live stream. The endpoint processes RTMP callback events to mark streams as finished in the database, but perform...

7.5CVSS0.00479EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 3:3 p.m.5 views

CVE-2026-30881

Chamilo LMS is a learning management system. Version 1.11.34 and prior contains a SQL Injection vulnerability in the statistics AJAX endpoint. The parameters datestart and dateend from $REQUEST are embedded directly into a raw SQL string without proper sanitization. Although Database::escapestrin...

8.8CVSS5.9AI score0.00276EPSS
Exploits0References1
NVD
NVD
added 2026/03/16 8:16 p.m.7 views

CVE-2026-30881

Chamilo LMS is a learning management system. Version 1.11.34 and prior contains a SQL Injection vulnerability in the statistics AJAX endpoint. The parameters datestart and dateend from $REQUEST are embedded directly into a raw SQL string without proper sanitization. Although Database::escapestrin...

8.8CVSS0.00276EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/16 7:19 p.m.25 views

CVE-2026-30881 Chamilo LMS: SQL Injection in the statistics AJAX endpoint

Chamilo LMS is a learning management system. Version 1.11.34 and prior contains a SQL Injection vulnerability in the statistics AJAX endpoint. The parameters datestart and dateend from $REQUEST are embedded directly into a raw SQL string without proper sanitization. Although Database::escapestrin...

8.8CVSS0.00276EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/16 7:19 p.m.7 views

EUVD-2026-12500

Chamilo LMS is a learning management system. Version 1.11.34 and prior contains a SQL Injection vulnerability in the statistics AJAX endpoint. The parameters datestart and dateend from $REQUEST are embedded directly into a raw SQL string without proper sanitization. Although Database::escapestrin...

8.8CVSS6AI score0.00276EPSS
Exploits0References2
CVE
CVE
added 2026/03/16 7:19 p.m.17 views

CVE-2026-30881

Chamilo LMS (versions

8.8CVSS6AI score0.00276EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2026/03/16 7:19 p.m.5 views

CVE-2026-30881 Chamilo LMS: SQL Injection in the statistics AJAX endpoint

Chamilo LMS is a learning management system. Version 1.11.34 and prior contains a SQL Injection vulnerability in the statistics AJAX endpoint. The parameters datestart and dateend from $REQUEST are embedded directly into a raw SQL string without proper sanitization. Although Database::escapestrin...

8.8CVSS6AI score0.00276EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/16 7:19 p.m.3 views

CVE-2026-30881 Chamilo LMS: SQL Injection in the statistics AJAX endpoint

Chamilo LMS is a learning management system. Version 1.11.34 and prior contains a SQL Injection vulnerability in the statistics AJAX endpoint. The parameters datestart and dateend from $REQUEST are embedded directly into a raw SQL string without proper sanitization. Although Database::escapestrin...

8.8CVSS6AI score0.00276EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/16 12:0 a.m.8 views

PT-2026-25801

Chamilo LMS is a learning management system. Version 1.11.34 and prior contains a SQL Injection vulnerability in the statistics AJAX endpoint. The parameters date start and date end from $ REQUEST are embedded directly into a raw SQL string without proper sanitization. Although Database::escape...

8.8CVSS6AI score0.00276EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/16 12:0 a.m.7 views

Chamilo LMS SQL注入漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 1.11.34 contained a SQL injection vulnerability. This vulnerability stemmed fro...

8.8CVSS5.9AI score0.00276EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/04 1:57 a.m.7 views

CVE-2021-35484

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic for the View Campaign page via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive...

8.2CVSS6AI score0.00235EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/03 12:0 a.m.6 views

EUVD-2021-22126

Nokia IMPACT through 19.11.2.10-20210118042150283 allows an authenticated user to perform a Time-based Boolean Blind SQL Injection attack on the endpoint /ui/rest-proxy/campaign/statistic for the View Campaign page via the sortColumn HTTP GET parameter. This allows an attacker to access sensitive...

6AI score0.00235EPSS
Exploits0References3
Rows per page
Query Builder