Export limit exceeded: 345275 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (345275 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-34602 | 1 Chamilo | 1 Chamilo Lms | 2026-04-17 | 7.1 High |
| Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the /api/course_rel_users endpoint is vulnerable to Insecure Direct Object Reference (IDOR), allowing an authenticated attacker to modify the user parameter in the request body to enroll any arbitrary user into any course without proper authorization checks. The backend trusts the user-supplied input for the user field and performs no server-side verification that the requester owns the referenced user ID or has permission to act on behalf of other users. This enables unauthorized manipulation of user-course relationships, potentially granting unintended access to course materials, bypassing enrollment controls, and compromising platform integrity. This issue has been fixed in version 2.0.0-RC.3. | ||||
| CVE-2026-40683 | 1 Openstack | 1 Keystone | 2026-04-17 | 7.7 High |
| In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the user_enabled_invert configuration option is False (the default). The _ldap_res_to_model method in the UserApi class only performed string-to-boolean conversion when user_enabled_invert was True. When False, the raw string value from LDAP (e.g., "FALSE") was used directly. Since non-empty strings are truthy in Python, users marked as disabled in LDAP were treated as enabled by Keystone, allowing them to authenticate and perform actions. All deployments using the LDAP identity backend without user_enabled_invert=True or user_enabled_emulation are affected. | ||||
| CVE-2026-22692 | 1 Octobercms | 1 October | 2026-04-17 | 4.9 Medium |
| October is a Content Management System (CMS) and web platform. Versions prior to 3.7.13 and versions 4.0.0 through 4.1.4 contain a sandbox bypass vulnerability in the optional Twig safe mode feature (CMS_SAFE_MODE). Certain methods on the collect() helper were not properly restricted, allowing authenticated users with template editing permissions to bypass sandbox protections. Exploitation requires authenticated backend access with CMS template editing permissions and only affects installations with CMS_SAFE_MODE enabled (disabled by default). This issue has been fixed in versions 3.7.13 and 4.1.5. To workaround this issue, users can disable CMS_SAFE_MODE if untrusted template editing is not required, and restrict CMS template editing permissions to fully trusted administrators only. | ||||
| CVE-2026-24893 | 1 Openitcockpit | 1 Openitcockpit | 2026-04-17 | 8.8 High |
| openITCOCKPIT is an open source monitoring tool built for different monitoring engines. openITCOCKPIT Community Edition prior to version 5.5.2 contains a command injection vulnerability that allows an authenticated user with permission to add or modify hosts to execute arbitrary OS commands on the monitoring backend. The vulnerability arises because user-controlled host attributes (specifically the host address) are expanded into monitoring command templates without validation, escaping, or quoting. These templates are later executed by the monitoring engine (Nagios/Icinga) via a shell, resulting in remote code execution. Version 5.5.2 patches the issue. | ||||
| CVE-2026-24906 | 1 Octobercms | 1 October | 2026-04-17 | N/A |
| October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a Stored Cross-Site Scripting (XSS) vulnerability in the Backend Editor Settings. The Markup Classes fields (used for paragraph styles, inline styles, table styles, etc.) did not sanitize input to valid CSS class name characters. Malicious values were rendered unsanitized in Froala editor dropdown menus, allowing JavaScript execution when any user opened a RichEditor. Exploitation could lead to privilege escalation if a superuser opens any RichEditor during routine content editing (e.g., editing a blog post), and requires authenticated backend access with editor settings permissions. This issue has been fixed in versions 3.7.14 and 4.1.10. To workaround this issue, restrict editor settings permissions to fully trusted administrators only | ||||
| CVE-2026-30995 | 1 Slah Cms | 1 Slah Cms | 2026-04-17 | 8.6 High |
| Slah CMS v1.5.0 and below was discovered to contain a SQL injection vulnerability via the id parameter in the vereador_ver.php endpoint. | ||||
| CVE-2026-30993 | 1 Slah Cms | 1 Slah Cms | 2026-04-17 | 9.8 Critical |
| Slah CMS v1.5.0 and below was discovered to contain a remote code execution (RCE) vulnerability in the session() function at config.php. This vulnerability is exploitable via a crafted input. | ||||
| CVE-2026-30994 | 1 Slah Cms | 1 Slah Cms | 2026-04-17 | 7.5 High |
| Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access sensitive information, including active session credentials. | ||||
| CVE-2026-31283 | 1 Totara | 1 Lms | 2026-04-17 | 9.8 Critical |
| In Totara LMS v19.1.5 and before, the forgot password API does not implement rate limiting for the target email address. which can be used for an Email Bombing attack. | ||||
| CVE-2026-31281 | 1 Totara | 1 Lms | 2026-04-17 | 8 High |
| Totara LMS v19.1.5 and before is vulnerable to HTLM Injection. An attacker can inject malicious HTLM code in a message and send it to all the users in the application, resulting in executing the code and may lead to session hijacking and executing commands on the victim's browser. | ||||
| CVE-2026-31282 | 1 Totara | 1 Lms | 2026-04-17 | 9.8 Critical |
| Totara LMS v19.1.5 and before is vulnerable to Incorrect Access Control. The login page code can be manipulated to reveal the login form. An attacker can chain that with missing rate-limit on the login form to launch a brute force attack. | ||||
| CVE-2026-1462 | 1 Keras | 1 Keras | 2026-04-17 | 7.8 High |
| A vulnerability in the `TFSMLayer` class of the `keras` package, version 3.13.0, allows attacker-controlled TensorFlow SavedModels to be loaded during deserialization of `.keras` models, even when `safe_mode=True`. This bypasses the security guarantees of `safe_mode` and enables arbitrary attacker-controlled code execution during model inference under the victim's privileges. The issue arises due to the unconditional loading of external SavedModels, serialization of attacker-controlled file paths, and the lack of validation in the `from_config()` method. | ||||
| CVE-2026-30998 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-17 | 7.5 High |
| An improper resource deallocation and closure vulnerability in the tools/zmqsend.c component of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted input file. | ||||
| CVE-2026-29628 | 1 Kiyochii | 1 Tinyobjloader | 2026-04-17 | 6.2 Medium |
| A stack overflow in the experimental/tinyobj_loader_opt.h file of tinyobjloader commit d56555b allows attackers to cause a Denial of Service (DoS) via supplying a crafted .mtl file. | ||||
| CVE-2026-30997 | 1 Ffmpeg | 1 Ffmpeg | 2026-04-17 | 7.5 High |
| An out-of-bounds read in the read_global_param() function (libavcodec/av1dec.c) of FFmpeg v8.0.1 allows attackers to cause a Denial of Service (DoS) via a crafted input. | ||||
| CVE-2025-65135 | 1 Manikandan580 | 1 School-management-system | 2026-04-17 | 9.8 Critical |
| In manikandan580 School-management-system 1.0, a time-based blind SQL injection vulnerability exists in /studentms/admin/between-date-reprtsdetails.php through the fromdate POST parameter. | ||||
| CVE-2026-38526 | 1 Krayin | 1 Laravel-crm | 2026-04-17 | 9.9 Critical |
| An authenticated arbitrary file upload vulnerability in the /admin/tinymce/upload endpoint of Webkul Krayin CRM v2.2.x allows attackers to execute arbitrary code via uploading a crafted PHP file. | ||||
| CVE-2026-39940 | 1 Churchcrm | 1 Churchcrm | 2026-04-17 | N/A |
| ChurchCRM is an open-source church management system. Prior to 7.0.0, it was possible in many places across the ChurchCRM application to create a link that, when visited by an authenticated user, would redirect them to any URL chosen by an attacker if they clicked 'Cancel' button on the page. For this write-up the DonatedItemEditor.php will be used as an example, however wherever all instances of 'linkBack' should be assessed. This vulnerability is fixed in 7.0.0. | ||||
| CVE-2025-51414 | 1 Phpgurukul | 1 Online Course Registration | 2026-04-17 | 8.8 High |
| In Phpgurukul Online Course Registration v3.1, an arbitrary file upload vulnerability was discovered within the profile picture upload functionality on the /my-profile.php page. | ||||
| CVE-2025-65132 | 1 Alandsilva26 | 1 Hotel-management-php | 2026-04-17 | 6.1 Medium |
| alandsilva26 hotel-management-php 1.0 is vulnerable to Cross Site Scripting (XSS) in /public/admin/edit_room.php which allows an attacker to inject and execute arbitrary JavaScript via the room_id GET parameter. | ||||