CVE-2023-31044

Summary: CVE-2023-31044 affects Nokia Impact prior to Mobile 23_FP1. In Impact DM 19.11 and later, a remote authenticated user can exploit the Add Campaign function to inject a malicious payload within the Campaign Name. When exported to CSV, those payloads may execute via spreadsheet software, e...

CVE-2023-31044

An issue was discovered in Nokia Impact before Mobile 23FP1. In Impact DM 19.11 onwards, a remote authenticated user, using the Add Campaign functionality, can inject a malicious payload within the Campaign Name. This data can be exported to a CSV file. Attackers can populate data fields that may...

PT-2026-26018

Summary OpenClaw accepted prototype-reserved keys in runtime /debug set override object values proto , constructor, prototype. Impact /debug is disabled by default, and exploitation requires an already authorized /debug set caller. No unauthenticated vector was identified. This issue affects...

EUVD-2025-208173

Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. This flaw occurs due to insufficient sanitization of user data, specifically in the "Last Name", "First Name", and "Username" fields. It allows...

CVE-2025-52468

Chamilo LMS contains a stored XSS vulnerability (CVE-2025-52468) in CSV user imports prior to v1.11.30, due to insufficient sanitization in Last Name, First Name, and Username fields. The stored payload is triggered when a user profile is viewed in the context of the authenticated user. Patch rel...

CVE-2025-50186

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting XSS vulnerability exists due to insufficient sanitization of CSV filenames. An attacker can upload a maliciously named CSV file e.g., .csv that leads to JavaScript execution when viewed by...

CLSA-2026-1772464109 Fix CVE(s): CVE-2026-25897, CVE-2026-26284

SECURITY UPDATE: security vulnerability CVE-2026-25897 - debian/patches/CVE-2026-25897.patch: prevent integer overflow during pixel buffer size calculation by using checked multiplication and validating rows addition; issue caused by unvalidated header values allowing overflow and incorrect...

CVE-2025-50186

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting XSS vulnerability exists due to insufficient sanitization of CSV filenames. An attacker can upload a maliciously named CSV file e.g., .csv that leads to JavaScript execution when viewed by...

CVE-2025-50186 Chamilo: Stored XSS via Malicious CSV Filename in user_import.php

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting XSS vulnerability exists due to insufficient sanitization of CSV filenames. An attacker can upload a maliciously named CSV file e.g., .csv that leads to JavaScript execution when viewed by...

EUVD-2025-208155

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting XSS vulnerability exists due to insufficient sanitization of CSV filenames. An attacker can upload a maliciously named CSV file e.g., .csv that leads to JavaScript execution when viewed by...

CVE-2025-50186 Chamilo: Stored XSS via Malicious CSV Filename in user_import.php

Chamilo is a learning management system. Prior to version 1.11.30, a stored cross-site scripting XSS vulnerability exists due to insufficient sanitization of CSV filenames. An attacker can upload a maliciously named CSV file e.g., .csv that leads to JavaScript execution when viewed by...

Chamilo 跨站脚本漏洞

Chamilo is a learning management system open source by Chamilo. A cross-site scripting vulnerability exists in Chamilo CSV filenames, which stems from insufficient cleanup of CSV filenames, and no detailed vulnerability details are provided at this time...

PT-2026-22615

Name of the Vulnerable Software and Affected Versions Chamilo versions prior to 1.11.30 Description Chamilo, a learning management system, contains an input validation issue when importing user data from CSV files. Insufficient sanitization of the "Last Name", "First Name", and "Username" fields...

SUSE SLES12 Security Update : python (SUSE-SU-2026:0663-1)

The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0663-1 advisory. - CVE-2025-6075: Fixed performance degradation when using os.path.expandvars bsc1252974. - CVE-2026-0672: Fixed a HTTP header injection via...

SUSE SLES15 / openSUSE 15 Security Update : python39 (SUSE-SU-2026:0643-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0643-1 advisory. - CVE-2025-11468: Fixed a header injection when folding a long comment in an email header containing exclusively...

OESA-2026-1463 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

OESA-2026-1462 python3 security update

Python combines remarkable power with very clear syntax. It has modules, classes, exceptions, very high level dynamic data types, and dynamic typing. There are interfaces to many system calls and libraries, as well as to various windowing systems. New built-in modules are easily written in C or C...

GHSA-3645-FXCV-HQR4 Langflow has Remote Code Execution in CSV Agent

Summary The CSV Agent node in Langflow hardcodes allowdangerouscode=True, which automatically exposes LangChain’s Python REPL tool pythonreplast. As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full Remote Code Execution RCE...

SUSE-SU-2026:0693-1 Security update for python311

This update for python311 fixes the following issues: - CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters bsc1257029. - CVE-2025-12781: inadequate parameter check can cause data integrity issues bsc1257108. - CVE-2025-1528...

CVE-2026-27739

The Angular SSR is a server-rise rendering tool for Angular applications. Versions prior to 21.2.0-rc.1, 21.1.5, 20.3.17, and 19.2.21 have a Server-Side Request Forgery SSRF vulnerability in the Angular SSR request handling pipeline. The vulnerability exists because Angular’s internal URL...