8.8
CVE-2026-27005 - Chartbrew: SQL injection in date-type variable handling (applyMysqlOrPostgresVariables)
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.3, an unauthenticated attacker can inject arbitrary SQL into queries executed against databases connected to Chartbrew (MySQL, PostgreSQL). This allowsβ¦
8.8
CVE-2026-25888 - Chartbrew: Remote Code Execution (RCE) via Vulnerable API
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via a vulnerable API. This issue has been patched in version 4.8.1.
7.2
CVE-2026-25887 - Chartbrew: Remote Code Execution (RCE) via MongoDB Dataset Query
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, there is a remote code execution vulnerability via the MongoDB dataset Query. This issue has been patched in version 4.8.1.
6.5
CVE-2026-25877 - Chartbrew: Insecure Direct Object Reference (IDOR) in Chart Operations
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. Prior to version 4.8.1, the application performs authorization checks based solely on the project_id parameter when handling chart-related operations (update, delete, etc.)β¦
8.8
CVE-2026-29041 - Chamilo: Authenticated Remote Code Execution via Unrestricted File Upload
Chamilo is a learning management system. Prior to version 1.11.34, Chamilo LMS is affected by an authenticated remote code execution vulnerability caused by improper validation of uploaded files. The application relies solely on MIME-type verification when handling file uploads and does not adequatβ¦
6.9
CVE-2025-59544 - Chamilo: Unauthorized access to update category of any user
Chamilo is a learning management system. Prior to version 1.11.34, the functionality for the user to update the category does not implement authorization checks for the "category_id" parameter which allows users to update the category of any user by replacing the "category_id" parameter. This issueβ¦
9.1
CVE-2025-59543 - Chamilo: Account Takeover via Stored XSS in Course Description
Chamilo is a learning management system. Prior to version 1.11.34, there is a stored cross-site scripting (XSS) vulnerability. By injecting malicious JavaScript into the course description field, an attacker with a low-privileged account (e.g., trainer) can execute arbitrary JavaScript code in the β¦
9.1
CVE-2025-59542 - Chamilo: Account Takeover via Stored XSS in Course Learning Paths
Chamilo is a learning management system. Prior to version 1.11.34, there is a stored cross-site scripting (XSS) vulnerability. By injecting malicious JavaScript into the course learning path Settings field, an attacker with a low-privileged account (e.g., trainer) can execute arbitrary JavaScript cβ¦
8.1
CVE-2025-59541 - Chamilo: CSRF Vulnerability in Project Deletion
Chamilo is a learning management system. Prior to version 1.11.34, a Cross-Site Request Forgery (CSRF) vulnerability allows an attacker to delete projects inside a course without the victimβs consent. The issue arises because sensitive actions such as project deletion do not implement anti-CSRF proβ¦
6.4
CVE-2025-59540 - Chamilo: Stored Cross-Site Scripting (XSS) in Chamilo LMS Exercise Feedback
Chamilo is a learning management system. Prior to version 1.11.34, a stored XSS vulnerability exists in Chamilo LMS that allows a staff account to execute arbitrary JavaScript in the browser of higher-privileged admin users. The issue arises because feedback input in the exercise history page is noβ¦