Total CVEs

144,218

Critical Severity

4,148

High Severity

14,965

Last 7 Days

1,632
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 21,961 - 21,980 of 40,623 CVEs
CVE-2026-40259 HIGH - 8.1

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api/av/removeUnusedAttributeView endpoint is protected only by generic authentication that accepts publish-service RoleReader tokens. The handler passes a caller-controlled id directly to a model functio...

Vendor: go
Product: github.com/siyuan-note/siyuan/kernel
Published: Apr 10, 2026
Source: GitHub

When calling base64.b64decode() or related functions the decoding process would stop after encountering the first padded quad regardless of whether there was more information to be processed. This can lead to data being accepted which may be processed differently by other implementations. Use "...

Published: Apr 10, 2026
Source: NVD
CVE-2026-33737 MEDIUM - 5.3

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexml_load_string() without XXE protection. With LIBXML_NOENT flag, arbitrary server files can be read. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.

Vendor: chamilo
Product: chamilo-lms
Published: Apr 10, 2026
Source: NVD
CVE-2026-33736 MEDIUM - 6.5

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, any authenticated user (including ROLE_STUDENT) can enumerate all platform users and access personal information (email, phone, roles) via GET /api/users, including administrator accounts. This vulnerability is fixed in 2.0.0-RC.3.

Vendor: chamilo
Product: chamilo-lms
Published: Apr 10, 2026
Source: NVD
CVE-2026-33710 HIGH - 7.5

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5(time() + (user_id * 5) - rand(10000, 10000)). The rand(10000, 10000) call always returns exactly 10000 (min == max), making the formula effectively md5(timestamp + user_id*5 - 10000). ...

Vendor: chamilo
Product: chamilo-lms
Published: Apr 10, 2026
Source: NVD
CVE-2026-33708 MEDIUM - 6.5

Chamilo LMS is a learning management system. Prior to 1.11.38, the get_user_info_from_username REST API endpoint returns personal information (email, first name, last name, user ID, active status) of any user to any authenticated user, including students. There is no authorization check. This vulner...

Vendor: chamilo
Product: chamilo-lms
Published: Apr 10, 2026
Source: NVD
CVE-2026-33707 CRITICAL - 9.4

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism generates tokens using sha1($email) with no random component, no expiration, and no rate limiting. An attacker who knows a user's email can compute the reset token and change the v...

Vendor: chamilo
Product: chamilo-lms
Published: Apr 10, 2026
Source: NVD
CVE-2026-33706 HIGH - 7.1

Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user with a REST API key can modify their own status field via the update_user_from_username endpoint. A student (status=5) can change their status to Teacher/CourseManager (status=1), gaining course creation and manage...

Vendor: chamilo
Product: chamilo-lms
Published: Apr 10, 2026
Source: NVD
CVE-2026-33705 MEDIUM - 5.3

Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files (.tpl) under /main/template/default/ are directly accessible without authentication via HTTP GET requests. These templates expose internal application logic, variable names, AJAX endpoint URLs, and admin panel structu...

Vendor: chamilo
Product: chamilo-lms
Published: Apr 10, 2026
Source: NVD
CVE-2026-33704 HIGH - 7.1

Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user (including students) can write arbitrary content to files on the server via the BigUpload endpoint. The key parameter controls the filename and the raw POST body becomes the file content. While .php extensions are ...

Vendor: chamilo
Product: chamilo-lms
Published: Apr 10, 2026
Source: NVD
CVE-2026-33703 MEDIUM - 6.5

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the /social-network/personal-data/{userId} endpoint allows any authenticated user to access full personal data and API tokens of arbitrary users by modifying the userId param...

Vendor: chamilo
Product: chamilo-lms
Published: Apr 10, 2026
Source: NVD
CVE-2026-33702 HIGH - 7.1

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an Insecure Direct Object Reference (IDOR) vulnerability in the Learning Path progress saving endpoint. The file lp_ajax_save_item.php accepts a uid (user ID) parameter directly from $_REQUEST and uses...

Vendor: chamilo
Product: chamilo-lms
Published: Apr 10, 2026
Source: NVD
CVE-2026-33698 CRITICAL - 9.8

Chamilo LMS is a learning management system. Prior to 1.11.38, a chained attack can enable otherwise-blocked PHP code from the main/install/ directory and allow an unauthenticated attacker to modify existing files or create new files where allowed by system permissions. This only affects portals wit...

Vendor: chamilo
Product: chamilo-lms
Published: Apr 10, 2026
Source: NVD
CVE-2026-33618 HIGH - 8.8

Chamilo LMS is a learning management system. Prior to .0.0-RC.3, the PlatformConfigurationController::decodeSettingArray() method uses PHP's eval() to parse platform settings from the database. An attacker with admin access (obtainable via Advisory 1) can inject arbitrary PHP code into the sett...

Vendor: chamilo
Product: chamilo-lms
Published: Apr 10, 2026
Source: NVD
CVE-2026-27460 MEDIUM - 6.5

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.5, a critical Denial of Service (DoS) vulnerability was in the recipe import functionality. This vulnerability allows an authenticated user to crash the server or make a significantly de...

Vendor: TandoorRecipes
Product: recipes
Published: Apr 10, 2026
Source: NVD
CVE-2026-5483 HIGH - 8.5

A flaw was found in odh-dashboard in Red Hat Openshift AI. This vulnerability in the `odh-dashboard` component of Red Hat OpenShift AI (RHOAI) allows for the disclosure of Kubernetes Service Account tokens through a NodeJS endpoint. This could enable an attacker to gain unauthorized access to Kubern...

Published: Apr 10, 2026
Source: NVD
CVE-2026-40163 HIGH - 8.2

Saltcorn is an extensible, open source, no-code database application builder. Prior to 1.4.5, 1.5.5, and 1.6.0-beta.4, the POST /sync/offline_changes endpoint allows an unauthenticated attacker to create arbitrary directories and write a changes.json file with attacker-controlled JSON content anywhe...

Vendor: saltcorn
Product: saltcorn
Published: Apr 10, 2026
Source: NVD
CVE-2026-40162 HIGH - 7.1

Bugsink is a self-hosted error tracking tool. In 2.1.0, an authenticated file write vulnerability was identified in Bugsink 2.1.0 in the artifact bundle assembly flow. A user with a valid authentication token could cause the application to write attacker-controlled content to a filesystem location w...

Vendor: bugsink
Product: bugsink
Published: Apr 10, 2026
Source: NVD
CVE-2026-33141 MEDIUM - 6.5

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the REST API stats endpoint allows any authenticated user (including low-privilege students with ROLE_USER) to read any other user's learning progress, certificates, and...

Vendor: chamilo
Product: chamilo-lms
Published: Apr 10, 2026
Source: NVD
CVE-2026-32932 MEDIUM - 4.7

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Open Redirect vulnerability in the session course edit page allows an attacker to redirect an authenticated administrator to an arbitrary external URL after saving coach assignment changes. The redirect also leaks the i...

Vendor: chamilo
Product: chamilo-lms
Published: Apr 10, 2026
Source: NVD