8.8
CVE-2025-50198 - Chamilo: Deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuratβ¦
Chamilo is a learning management system. Prior to version 1.11.30, Chamilo is vulnerable to deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters. This issue has been patched in version 1.11.30.
7.6
CVE-2026-28403 - Textream Cross-Site WebSocket Hijacking (CSWSH) vulnerability
Textream is a free macOS teleprompter app. Prior to version 1.5.1, the `DirectorServer` WebSocket server (`ws://127.0.0.1:<httpPort+1>`) accepts connections from any origin without validating the HTTP `Origin` header during the WebSocket handshake. A malicious web page visited in the same browser sβ¦
7.1
CVE-2025-50197 - Chamilo: OS Command Injection in /main/admin/sub_language_ajax.inc.php via POST new_language parameβ¦
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/admin/sub_language_ajax.inc.php via the POST new_language parameter. This issue has been patched in version 1.11.30.
7.1
CVE-2025-50196 - Chamilo: OS Command Injection in /plugin/vchamilo/views/editinstance.php via POST main_database parβ¦
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/editinstance.php via the POST main_database parameter. This issue has been patched in version 1.11.30.
7.1
CVE-2025-50195 - Chamilo: OS Command Injection in /plugin/vchamilo/views/manage.controller.php
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /plugin/vchamilo/views/manage.controller.php. This issue has been patched in version 1.11.30.
6
CVE-2026-0689 - XIQβSE NAC Admin Credential Exposure via HTTP Response
In ExtremeCloud IQ β Site Engine (XIQβSE) before 26.2.10, a vulnerability in the NAC administration interface allows an authenticated NAC administrator to retrieve masked sensitive parameters from HTTP responses. Although credentials appear redacted in the user interface, the application returns thβ¦
7.1
CVE-2025-50194 - Chamilo: OS Command Injection in /main/cron/lang/check_parse_lang.php
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS Command Injection vulnerability in /main/cron/lang/check_parse_lang.php. This issue has been patched in version 1.11.30.
7.1
CVE-2025-50193 - Chamilo: OS command Injection in /plugin/vchamilo/views/import.php with the POST to_main_database pβ¦
Chamilo is a learning management system. Prior to version 1.11.30, there is an OS command Injection vulnerability in /plugin/vchamilo/views/import.php with the POST to_main_database parameter. This issue has been patched in version 1.11.30.
8.8
CVE-2025-50192 - Chamilo: Time-based SQL Injection in /main/webservices/registration.soap.php
Chamilo is a learning management system. Prior to version 1.11.30, there is a time-based SQL Injection in found in /main/webservices/registration.soap.php. This issue has been patched in version 1.11.30.
7
CVE-2025-50191 - Chamilo: Error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script
Chamilo is a learning management system. Prior to version 1.11.30, there is an error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script. This issue has been patched in version 1.11.30.