8.8
CVE-2025-52468 - Chamilo: Stored XSS Vulnerability via CSV User Import
Chamilo is a learning management system. Prior to version 1.11.30, an input validation vulnerability exists when importing user data from CSV files. This flaw occurs due to insufficient sanitization of user data, specifically in the "Last Name", "First Name", and "Username" fields. It allows attackβ¦
6.5
CVE-2026-28412 - Textream Vulnerable to Uncontrolled Resource Consumption (Denial of Service)
Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server imposes no limit on concurrent connections. Combined with a broadcast timer that sends state to all connected clients every 100 ms, an attacker can exhaust CPU and memory by flooding the server β¦
8.8
CVE-2025-50198 - Chamilo: Deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuratβ¦
Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters. This issue has been patched in version 1.11.30.
7.6
CVE-2026-28403 - Textream Cross-Site WebSocket Hijacking (CSWSH) vulnerability
Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server (`ws://127.0.0.1:<httpPort+1>`) accepts connections from any origin without validating the HTTP `Origin` header during the WebSocket handshake. A malicious web page visited in the same browser sβ¦
7.1
CVE-2025-50197 - Chamilo: OS Command Injection in /main/admin/sub_language_ajax.inc.php via POST new_language parameβ¦
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sub_language_ajax.inc.php via the POST new_language parameter. This issue has been patched in version 1.11.30.
7.1
CVE-2025-50196 - Chamilo: OS Command Injection in /plugin/vchamilo/views/editinstance.php via POST main_database parβ¦
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/editinstance.php via the POST main_database parameter. This issue has been patched in version 1.11.30.
7.1
CVE-2025-50195 - Chamilo: OS Command Injection in /plugin/vchamilo/views/manage.controller.php
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. This issue has been patched in version 1.11.30.
6
CVE-2026-0689 - XIQβSE NAC Admin Credential Exposure via HTTP Response
In ExtremeCloud IQ β Site Engine (XIQβSE) before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. Although credentials appear redacted in the user interface, the application returns thβ¦
7.1
CVE-2025-50194 - Chamilo: OS Command Injection in /main/cron/lang/check_parse_lang.php
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/cron/lang/check_parse_lang.php. This issue has been patched in version 1.11.30.
7.1
CVE-2025-50193 - Chamilo: OS command Injection in /plugin/vchamilo/views/import.php with the POST to_main_database pβ¦
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST to_main_database parameter. This issue has been patched in version 1.11.30.