7.1
CVE-2025-50196 - Chamilo: OS Command Injection in /plugin/vchamilo/views/editinstance.php via POST main_database parβ¦
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/editinstance.php via the POST main_database parameter. This issue has been patched in version 1.11.30.
7.1
CVE-2025-50195 - Chamilo: OS Command Injection in /plugin/vchamilo/views/manage.controller.php
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. This issue has been patched in version 1.11.30.
6
CVE-2026-0689 - XIQβSE NAC Admin Credential Exposure via HTTP Response
In ExtremeCloud IQ β Site Engine (XIQβSE) before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. Although credentials appear redacted in the user interface, the application returns thβ¦
7.1
CVE-2025-50194 - Chamilo: OS Command Injection in /main/cron/lang/check_parse_lang.php
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/cron/lang/check_parse_lang.php. This issue has been patched in version 1.11.30.
7.1
CVE-2025-50193 - Chamilo: OS command Injection in /plugin/vchamilo/views/import.php with the POST to_main_database pβ¦
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST to_main_database parameter. This issue has been patched in version 1.11.30.
8.8
CVE-2025-50192 - Chamilo: Time-based SQL Injection in /main/webservices/registration.soap.php
Chamilo is a learning management system. Prior to version 1.11.30, there is a time-based SQL Injection in found in /main/webservices/registration.soap.php. This issue has been patched in version 1.11.30.
7
CVE-2025-50191 - Chamilo: Error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script
Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. This issue has been patched in version 1.11.30.
8.8
CVE-2025-50190 - Chamilo: Error-based SQL Injection via GET openid.assoc_handle with the /index.php script
Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via the GET openid.assoc_handle parameter with the /index.php script. This issue has been patched in version 1.11.30.
0.0
CVE-2026-0995 -
An issue has been identified in Arm C1-Pro before r1p2-50eac0, where, under certain conditions, a TLBI+DSB might fail to ensure the completion of memory accesses related to SME.
7.2
CVE-2025-50189 - Chamilo: Error-based SQL Injection
Chamilo is a learning management system. Prior to version 1.11.30, the application performs insufficient validation of data coming from the user from the POST resource[document][SQL_INJECTION_HERE] and POST login parameters found in /main/coursecopy/copy_course_session_selected.php, which allows anβ¦