Total CVEs

145,436

Critical Severity

4,245

High Severity

15,630

Last 7 Days

2,406
Quick preset (or use dates below)
Clear Filters
📅 Showing Year: 2026 (January 1 - December 31, 2026) View All Years →
Showing 23,201 - 23,220 of 41,841 CVEs
CVE-2026-32894 HIGH - 7.1

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the gradebook result view page allows any authenticated teacher to delete any student's grade result across the entire platform by manipulating the delete_ma...

Vendor: chamilo
Product: chamilo-lms
Published: Apr 10, 2026
Source: NVD
CVE-2026-32893 MEDIUM - 5.4

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, a Reflected Cross-Site Scripting (XSS) vulnerability in the exercise question list admin panel allows an attacker to execute arbitrary JavaScript in an authenticated teacher's browser. The pagination code merges all $_GET paramet...

Vendor: chamilo
Product: chamilo-lms
Published: Apr 10, 2026
Source: NVD
CVE-2026-32892 CRITICAL - 9.1

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an OS Command Injection vulnerability in the file move function. The move() function in fileManage.lib.php passes user-controlled path values directly into exec() shell commands without using escapeshe...

Vendor: chamilo
Product: chamilo-lms
Published: Apr 10, 2026
Source: NVD
CVE-2026-31941 HIGH - 7.7

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains a Server-Side Request Forgery (SSRF) vulnerability in the Social Wall feature. The endpoint read_url_with_open_graph accepts a URL from the user via the social_wall_new_msg_main POST parameter and perf...

Vendor: chamilo
Product: chamilo-lms
Published: Apr 10, 2026
Source: NVD
CVE-2026-31940 HIGH - 7.5

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, in main/lp/aicc_hacp.php, user-controlled request parameters are directly used to set the PHP session ID before loading global bootstrap. This leads to session fixation. This vulnerability is fixed in 1.11.38 and 2.0.0-RC....

Vendor: chamilo
Product: chamilo-lms
Published: Apr 10, 2026
Source: NVD
CVE-2026-31939 HIGH - 8.3

Chamilo LMS is a learning management system. Prior to 1.11.38, there is a path traversal in main/exercise/savescores.php leading to arbitrary file feletion. User input from $_REQUEST['test'] is concatenated directly into filesystem path without canonicalization or traversal checks. This vu...

Vendor: chamilo
Product: chamilo-lms
Published: Apr 10, 2026
Source: NVD

CR/LF bytes were not rejected by HTTP client proxy tunnel headers or host.

Published: Apr 10, 2026
Source: NVD

Chamilo LMS is a learning management system. From 1.11.0 to 2.0-beta.1, anyone can trigger a malicious redirect through the use of the redirect parameter to /login. This vulnerability is fixed in 2.0-beta.2.

Vendor: chamilo
Product: chamilo-lms
Published: Apr 10, 2026
Source: NVD
CVE-2026-40200 HIGH - 8.1

An issue was discovered in musl libc 0.7.10 through 1.2.6. Stack-based memory corruption can occur during qsort of very large arrays, due to incorrectly implemented double-word primitives. The number of elements must exceed about seven million, i.e., the 32nd Leonardo number on 32-bit platforms (or ...

Vendor: musl-libc
Product: musl
Published: Apr 10, 2026
Source: NVD

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, web_crawl's httpx fallback path passes user-supplied URLs directly to httpx.AsyncClient.get() with follow_redirects=True and no host validation. An LLM agent tricked into crawling an internal URL can reach cloud metadata endpoints...

Vendor: MervinPraison
Product: PraisonAIAgents
Published: Apr 10, 2026
Source: NVD
CVE-2026-40159 MEDIUM - 5.5

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI’s MCP (Model Context Protocol) integration allows spawning background servers via stdio using user-supplied command strings (e.g., MCP("npx -y @smithery/cli ...")). These commands are executed through Python’s subprocess ...

Vendor: MervinPraison
Product: PraisonAI
Published: Apr 10, 2026
Source: NVD
CVE-2026-40158 HIGH - 8.6

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI's AST-based Python sandbox can be bypassed using type.__getattribute__ trampoline, allowing arbitrary code execution when running untrusted agent code. The _execute_code_direct function in praisonaiagents/tools/python_tools.py...

Vendor: MervinPraison
Product: PraisonAI
Published: Apr 10, 2026
Source: NVD

PraisonAI is a multi-agent teams system. Prior to 4.5.128, cmd_unpack in the recipe CLI extracts .praison tar archives using raw tar.extract() without validating archive member paths. A .praison bundle containing ../../ entries will write files outside the intended output directory. An attacker who ...

Vendor: MervinPraison
Product: PraisonAI
Published: Apr 10, 2026
Source: NVD
CVE-2026-40156 HIGH - 7.8

PraisonAI is a multi-agent teams system. Prior to 4.5.128, PraisonAI automatically loads a file named tools.py from the current working directory to discover and register custom agent tools. This loading process uses importlib.util.spec_from_file_location and immediately executes module-level code v...

Vendor: MervinPraison
Product: PraisonAI
Published: Apr 10, 2026
Source: NVD
CVE-2026-40103 MEDIUM - 4.3

Vikunja is an open-source self-hosted task management platform. Prior to 2.3.0, Vikunja's scoped API token enforcement for custom project background routes is method-confused. A token with only projects.background can successfully delete a project background, while a token with only projects.ba...

Vendor: go-vikunja
Product: vikunja
Published: Apr 10, 2026
Source: NVD
CVE-2026-40100 MEDIUM - 5.3

FastGPT is an AI Agent building platform. Prior to 4.14.10.3, the /api/core/app/mcpTools/runTool endpoint accepts arbitrary URLs without authentication. The internal IP check in isInternalAddress() only blocks private IPs when CHECK_INTERNAL_IP=true, which is not the default. This allows unauthentic...

Vendor: labring
Product: FastGPT
Published: Apr 10, 2026
Source: NVD

Step CA is an online certificate authority for secure, automated certificate management for DevOps. From 0.24.0 to before 0.30.0-rc3, an attacker can trigger an index out-of-bounds panic in Step CA by sending a crafted attestation key (AK) certificate with an empty Extended Key Usage (EKU) extension...

Vendor: smallstep
Product: certificates
Published: Apr 10, 2026
Source: NVD
CVE-2026-40086 MEDIUM - 5.3

Rembg is a tool to remove images background. Prior to 2.0.75, a path traversal vulnerability in the rembg HTTP server allows unauthenticated remote attackers to read arbitrary files from the server's filesystem. By sending a crafted request with a malicious model_path parameter, an attacker can...

Vendor: danielgatis
Product: rembg
Published: Apr 10, 2026
Source: NVD
CVE-2026-40074 MEDIUM - 7.5

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, redirect, when called from inside the handle server hook with a location parameter containing characters that are invalid in a HTTP header, will cause an unhandled TypeError. This could...

Vendor: sveltejs
Product: kit
Published: Apr 10, 2026
Source: NVD
CVE-2026-40073 HIGH - 7.5

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Prior to 2.57.1, under certain circumstances, requests could bypass the BODY_SIZE_LIMIT on SvelteKit applications running with adapter-node. This bypass does not affect body size limits at other layers ...

Vendor: sveltejs
Product: kit
Published: Apr 10, 2026
Source: NVD