Total CVEs

145,906

Critical Severity

4,292

High Severity

15,777

Last 7 Days

2,186
Quick preset (or use dates below)
Clear Filters
๐Ÿ“… Showing Year: 2026 (January 1 - December 31, 2026) View All Years โ†’
Showing 23,641 - 23,660 of 42,311 CVEs

ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible during a short moment after the authentication of an user to bypass its authentication. This vulnerability is fixed in 0.112.

Vendor: ajenti
Product: ajenti
Published: Apr 10, 2026
Source: NVD

ajenti.plugin.core defines all necessary core elements to allow Ajenti to run properly. Prior to 0.112, if the 2FA was activated, it was possible to bypass the password authentication This vulnerability is fixed in 0.112.

Vendor: ajenti
Product: ajenti
Published: Apr 10, 2026
Source: NVD
CVE-2026-40175 CRITICAL - 10.0

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.3.1, the Axios library is vulnerable to a specific "Gadget" attack chain that allows Prototype Pollution in any third-party dependency to be escalated into Remote Code Execution (RCE) or Full Cloud Comp...

Vendor: axios
Product: axios
Published: Apr 10, 2026
Source: NVD
CVE-2026-40168 HIGH - 8.2

Postiz is an AI social media scheduling tool. Prior to 2.21.5, the /api/public/stream endpoint is vulnerable to SSRF. Although the application validates the initially supplied URL and blocks direct private/internal hosts, it does not re-validate the final destination after HTTP redirects. As a resul...

Vendor: gitroomhq
Product: postiz-app
Published: Apr 10, 2026
Source: NVD
CVE-2026-39922 MEDIUM - 6.3

GeoNode versions 4.4.5 and 5.0.2 (and prior within their respective releases) contain a server-side request forgery vulnerability in the service registration endpoint that allows authenticated attackers to trigger outbound network requests to arbitrary URLs by submitting a crafted service URL during...

Vendor: GeoNode
Product: GeoNode
Published: Apr 10, 2026
Source: NVD
CVE-2026-39921 MEDIUM - 6.3

GeoNode versions 4.0 before 4.4.5 and 5.0 before 5.0.2 contain a server-side request forgery vulnerability that allows authenticated users with document upload permissions to trigger arbitrary outbound HTTP requests by providing a malicious URL via the doc_url parameter during document upload. Attac...

Vendor: GeoNode
Product: GeoNode
Published: Apr 10, 2026
Source: NVD
CVE-2026-32252 HIGH - 7.7

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.9.0, a cross-tenant authorization bypass exists in Chartbrew in GET /team/:team_id/template/generate/:project_id. The GET handler calls checkAccess(req, "upd...

Vendor: chartbrew
Product: chartbrew
Published: Apr 10, 2026
Source: NVD
CVE-2026-30232 CRITICAL - 9.6

Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to 4.8.5, Chartbrew allows authenticated users to create API data connections with arbitrary URLs. The server fetches these URLs using request-promise without any IP a...

Vendor: chartbrew
Product: chartbrew
Published: Apr 10, 2026
Source: NVD
CVE-2026-40259 HIGH - 8.1

SiYuan is an open-source personal knowledge management system. In versions 3.6.3 and below, the /api/av/removeUnusedAttributeView endpoint is protected only by generic authentication that accepts publish-service RoleReader tokens. The handler passes a caller-controlled id directly to a model functio...

Vendor: go
Product: github.com/siyuan-note/siyuan/kernel
Published: Apr 10, 2026
Source: GitHub

When calling base64.b64decode() or related functions the decoding process would stop after encountering the first padded quad regardless of whether there was more information to be processed. This can lead to data being accepted which may be processed differently by other implementations. Use "...

Published: Apr 10, 2026
Source: NVD
CVE-2026-33737 MEDIUM - 5.3

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, multiple files use simplexml_load_string() without XXE protection. With LIBXML_NOENT flag, arbitrary server files can be read. This vulnerability is fixed in 1.11.38 and 2.0.0-RC.3.

Vendor: chamilo
Product: chamilo-lms
Published: Apr 10, 2026
Source: NVD
CVE-2026-33736 MEDIUM - 6.5

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, any authenticated user (including ROLE_STUDENT) can enumerate all platform users and access personal information (email, phone, roles) via GET /api/users, including administrator accounts. This vulnerability is fixed in 2.0.0-RC.3.

Vendor: chamilo
Product: chamilo-lms
Published: Apr 10, 2026
Source: NVD
CVE-2026-33710 HIGH - 7.5

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5(time() + (user_id * 5) - rand(10000, 10000)). The rand(10000, 10000) call always returns exactly 10000 (min == max), making the formula effectively md5(timestamp + user_id*5 - 10000). ...

Vendor: chamilo
Product: chamilo-lms
Published: Apr 10, 2026
Source: NVD
CVE-2026-33708 MEDIUM - 6.5

Chamilo LMS is a learning management system. Prior to 1.11.38, the get_user_info_from_username REST API endpoint returns personal information (email, first name, last name, user ID, active status) of any user to any authenticated user, including students. There is no authorization check. This vulner...

Vendor: chamilo
Product: chamilo-lms
Published: Apr 10, 2026
Source: NVD
CVE-2026-33707 CRITICAL - 9.4

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, the default password reset mechanism generates tokens using sha1($email) with no random component, no expiration, and no rate limiting. An attacker who knows a user's email can compute the reset token and change the v...

Vendor: chamilo
Product: chamilo-lms
Published: Apr 10, 2026
Source: NVD
CVE-2026-33706 HIGH - 7.1

Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user with a REST API key can modify their own status field via the update_user_from_username endpoint. A student (status=5) can change their status to Teacher/CourseManager (status=1), gaining course creation and manage...

Vendor: chamilo
Product: chamilo-lms
Published: Apr 10, 2026
Source: NVD
CVE-2026-33705 MEDIUM - 5.3

Chamilo LMS is a learning management system. Prior to 1.11.38, Twig template files (.tpl) under /main/template/default/ are directly accessible without authentication via HTTP GET requests. These templates expose internal application logic, variable names, AJAX endpoint URLs, and admin panel structu...

Vendor: chamilo
Product: chamilo-lms
Published: Apr 10, 2026
Source: NVD
CVE-2026-33704 HIGH - 7.1

Chamilo LMS is a learning management system. Prior to 1.11.38, any authenticated user (including students) can write arbitrary content to files on the server via the BigUpload endpoint. The key parameter controls the filename and the raw POST body becomes the file content. While .php extensions are ...

Vendor: chamilo
Product: chamilo-lms
Published: Apr 10, 2026
Source: NVD
CVE-2026-33703 MEDIUM - 6.5

Chamilo LMS is a learning management system. Prior to 2.0.0-RC.3, an Insecure Direct Object Reference (IDOR) vulnerability in the /social-network/personal-data/{userId} endpoint allows any authenticated user to access full personal data and API tokens of arbitrary users by modifying the userId param...

Vendor: chamilo
Product: chamilo-lms
Published: Apr 10, 2026
Source: NVD
CVE-2026-33702 HIGH - 7.1

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, Chamilo LMS contains an Insecure Direct Object Reference (IDOR) vulnerability in the Learning Path progress saving endpoint. The file lp_ajax_save_item.php accepts a uid (user ID) parameter directly from $_REQUEST and uses...

Vendor: chamilo
Product: chamilo-lms
Published: Apr 10, 2026
Source: NVD