8.6
CVE-2026-34160 - Chamilo LMS: Unauthenticated SSRF via PENS Plugin allows attacker to probe internal network and reaโฆ
Chamilo LMS is an open-source learning management system. In versions prior to 2.0.0-RC.3, the PENS (Package Exchange Notification Services) plugin endpoint at public/plugin/Pens/pens.php is accessible without authentication and accepts a user-controlled package-url parameter that the server fetcheโฆ
7.2
CVE-2026-33715 - Chamilo LMS has Unauthenticated SSRF and Open Email Relay via install.ajax.php test_mailer action
Chamilo LMS is an open-source learning management system. In version 2.0-RC.2, the file public/main/inc/ajax/install.ajax.php is accessible without authentication on fully installed instances because, unlike other AJAX endpoints, it does not include the global.inc.php file that performs authenticatโฆ
7.1
CVE-2026-33714 - Chamilo LMS has Authenticated SQL Injection in statistics.ajax.php users_active action (2.0 RC2)
Chamilo is an open-source learning management system (LMS). Version 2.0.0-RC.2 contains a SQL Injection vulnerability in the statistics AJAX endpoint, which is an incomplete fix for CVE-2026-30881. While CVE-2026-30881 was patched by applying Security::remove_XSS() to the date_start and date_end paโฆ
7.8
CVE-2026-27287 - InCopy | Out-of-bounds Read (CWE-125)
InCopy versions 20.5.2, 21.2 and earlier are affected by an out-of-bounds read vulnerability when parsing a crafted file, which could result in a read past the end of an allocated memory structure. An attacker could leverage this vulnerability to execute code in the context of the current user. Expโฆ
4.8
CVE-2026-25133 - October CMS has Stored XSS via SVG Filter Bypass
October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a stored cross-site scripting (XSS) vulnerability in the SVG sanitization logic. The regex pattern used to strip event handler attributes (such as onclick or onload) could be bypassed using a โฆ
4.9
CVE-2026-25125 - October CMS: Environment Variable Exfiltration via INI Parser Interpolation
October is a Content Management System (CMS) and web platform. Versions prior to 3.7.14 and 4.1.10 contain a server-side information disclosure vulnerability in the INI settings parser. Because PHP's parse_ini_string() function supports ${} syntax for environment variable interpolation, attackers wโฆ
8.8
CVE-2026-24893 - openITCOCKPIT has Authenticated Command Injection Leading to Remote Code Execution via Host Addressโฆ
openITCOCKPIT is an open source monitoring tool built for different monitoring engines. openITCOCKPIT Community Edition prior to version 5.5.2 contains a command injection vulnerability that allows an authenticated user with permission to add or modify hosts to execute arbitrary OS commands on the โฆ
7.7
CVE-2026-40683 - OpenStack Keystone: OpenStack Keystone: Unauthorized access due to incorrect LDAP user status handlโฆ
In OpenStack Keystone before 28.0.1, the LDAP identity backend does not convert the user enabled attribute to a boolean when the user_enabled_invert configuration option is False (the default). The _ldap_res_to_model method in the UserApi class only performed string-to-boolean conversion when user_โฆ
7.8
CVE-2026-34630 - Bridge | Heap-based Buffer Overflow (CWE-122)
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
7.8
CVE-2026-27312 - Bridge | Heap-based Buffer Overflow (CWE-122)
Bridge versions 16.0.2, 15.1.4 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.