| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-33141 | Chamilo LMS has an IDOR in REST API Stats Endpoint Exposes Any User's Learning Data | chamilo | chamilo-lms | Medium | 6.5 | 2026-04-10 18:01:26 | Deep Dive |
| CVE-2026-32892 | OS Command Injection in Chamilo LMS 1.11.36 | chamilo | chamilo-lms | Critical | 9.1 | 2026-04-10 17:56:58 | Deep Dive |
| CVE-2026-32932 | Chamilo LMS has an Open Redirect via Unvalidated 'page' Parameter in Session Course Edit | chamilo | chamilo-lms | Medium | 4.7 | 2026-04-10 17:51:58 | Deep Dive |
| CVE-2026-32931 | Chamilo LMS has Arbitrary File Upload via MIME-Only Validation in Exercise Sound Upload Leads to RCE | chamilo | chamilo-lms | High | 7.5 | 2026-04-10 17:50:40 | Deep Dive |
| CVE-2026-32930 | Chamilo LMS has an IDOR in Gradebook Allows Cross-Course Evaluation Edit Without Ownership Check | chamilo | chamilo-lms | High | 7.1 | 2026-04-10 17:48:52 | Deep Dive |
| CVE-2026-32894 | Chamilo LMS has an IDOR in Gradebook Allows Cross-Course Deletion of Any Student's Grade Result | chamilo | chamilo-lms | High | 7.1 | 2026-04-10 17:44:25 | Deep Dive |
| CVE-2026-32893 | Chamilo LMS has Reflected XSS via Unsanitized http_build_query() in Exercise Question List Pagination | chamilo | chamilo-lms | Medium | 5.4 | 2026-04-10 17:42:24 | Deep Dive |
| CVE-2026-31941 | Server-Side Request Forgery (SSRF) in Chamilo LMS | chamilo | chamilo-lms | High | 7.7 | 2026-04-10 17:37:51 | Deep Dive |
| CVE-2026-31940 | Session Fixation in Chamilo LMS | chamilo | chamilo-lms | High | 7.5 | 2026-04-10 17:35:11 | Deep Dive |
| CVE-2026-31939 | Path Traversal (Arbitrary File Delete) in Chamilo LMS | chamilo | chamilo-lms | High | 8.3 | 2026-04-10 17:32:29 | Deep Dive |
| CVE-2025-66447 | Chamilo LMS has validation-less redirect on login page | chamilo | chamilo-lms | None | 0.0 | 2026-04-10 17:22:32 | Deep Dive |
| CVE-2026-30882 | Chamilo LMS: Reflected XSS in the session category listing page | chamilo | chamilo-lms | Medium | 6.1 | 2026-03-16 19:21:16 | Deep Dive |
| CVE-2026-30881 | Chamilo LMS: SQL Injection in the statistics AJAX endpoint | chamilo | chamilo-lms | High | 8.8 | 2026-03-16 19:20:00 | Deep Dive |
| CVE-2026-30876 | Chamilo LMS: User enumeration vulnerability via response | chamilo | chamilo-lms | - | - | 2026-03-16 19:18:42 | Deep Dive |
| CVE-2026-30875 | Chamilo LMS: Authenticated RCE via H5P Import | chamilo | chamilo-lms | High | 8.8 | 2026-03-16 19:16:38 | Deep Dive |
| CVE-2026-28430 | Chamilo LMS Vulnerable to Unauthenticated SQL Injection in chamiko-lms model.ajax.php | chamilo | chamilo-lms | - | - | 2026-03-16 19:13:59 | Deep Dive |
| CVE-2026-29041 | Chamilo: Authenticated Remote Code Execution via Unrestricted File Upload | chamilo | chamilo-lms | High | 8.8 | 2026-03-06 03:32:38 | Deep Dive |
| CVE-2025-59544 | Chamilo: Unauthorized access to update category of any user | chamilo | chamilo-lms | 中危 | - | 2026-03-06 03:32:20 | Deep Dive |
| CVE-2025-59543 | Chamilo: Account Takeover via Stored XSS in Course Description | chamilo | chamilo-lms | Critical | 9.0 | 2026-03-06 03:32:06 | Deep Dive |
| CVE-2025-59542 | Chamilo: Account Takeover via Stored XSS in Course Learning Paths | chamilo | chamilo-lms | Critical | 9.0 | 2026-03-06 03:30:04 | Deep Dive |