| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-59541 | Chamilo: CSRF Vulnerability in Project Deletion | chamilo | chamilo-lms | High | 8.1 | 2026-03-06 03:29:34 | Deep Dive |
| CVE-2025-59540 | Chamilo: Stored Cross-Site Scripting (XSS) in Chamilo LMS Exercise Feedback | chamilo | chamilo-lms | 中危 | - | 2026-03-06 03:27:54 | Deep Dive |
| CVE-2025-55289 | Chamilo: Stored Cross Site Scripting in Skills Argumentation | chamilo | chamilo-lms | High | 8.8 | 2026-03-06 03:27:46 | Deep Dive |
| CVE-2025-55208 | Chamilo LMS has Stored Cross Site Scripting on Social Networks Uploaded Files | chamilo | chamilo-lms | Critical | 9.0 | 2026-03-05 20:58:27 | Deep Dive |
| CVE-2025-52564 | Chamilo: HTML injection via open parameter | chamilo | chamilo-lms | - | - | 2026-03-02 15:54:42 | Deep Dive |
| CVE-2025-52998 | Chamilo: PHAR deserialization bypass | chamilo | chamilo-lms | - | - | 2026-03-02 15:54:20 | Deep Dive |
| CVE-2025-50199 | Chamilo: Blind Server-Side Request Forgery (Unauth Blind SSRF) | chamilo | chamilo-lms | - | - | 2026-03-02 15:50:45 | Deep Dive |
| CVE-2025-52563 | Chamilo: Reflected XSS via page parameter | chamilo | chamilo-lms | - | - | 2026-03-02 15:50:20 | Deep Dive |
| CVE-2025-52475 | Chamilo: Reflected XSS via keyword_inactive parameter | chamilo | chamilo-lms | - | - | 2026-03-02 15:49:53 | Deep Dive |
| CVE-2025-52476 | Chamilo: Reflected XSS via keyword_active parameter | chamilo | chamilo-lms | - | - | 2026-03-02 15:49:33 | Deep Dive |
| CVE-2025-52470 | Chamilo: Stored Cross-Site Scripting (XSS) via Session Category Name | chamilo | chamilo-lms | Medium | 4.8 | 2026-03-02 15:48:37 | Deep Dive |
| CVE-2025-52469 | Chamilo: Friend Request Workflow Bypass - Unauthorized Friend Addition and ID Validation Bypass | chamilo | chamilo-lms | High | 7.1 | 2026-03-02 15:48:25 | Deep Dive |
| CVE-2025-52468 | Chamilo: Stored XSS Vulnerability via CSV User Import | chamilo | chamilo-lms | High | 8.8 | 2026-03-02 15:47:47 | Deep Dive |
| CVE-2025-50198 | Chamilo: Deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters | chamilo | chamilo-lms | - | - | 2026-03-02 15:46:47 | Deep Dive |
| CVE-2025-50197 | Chamilo: OS Command Injection in /main/admin/sub_language_ajax.inc.php via POST new_language parameter | chamilo | chamilo-lms | - | - | 2026-03-02 15:18:06 | Deep Dive |
| CVE-2025-50196 | Chamilo: OS Command Injection in /plugin/vchamilo/views/editinstance.php via POST main_database parameter | chamilo | chamilo-lms | - | - | 2026-03-02 15:17:53 | Deep Dive |
| CVE-2025-50195 | Chamilo: OS Command Injection in /plugin/vchamilo/views/manage.controller.php | chamilo | chamilo-lms | - | - | 2026-03-02 15:16:59 | Deep Dive |
| CVE-2025-50194 | Chamilo: OS Command Injection in /main/cron/lang/check_parse_lang.php | chamilo | chamilo-lms | - | - | 2026-03-02 15:16:22 | Deep Dive |
| CVE-2025-50193 | Chamilo: OS command Injection in /plugin/vchamilo/views/import.php with the POST to_main_database parameter | chamilo | chamilo-lms | - | - | 2026-03-02 15:16:03 | Deep Dive |
| CVE-2025-50192 | Chamilo: Time-based SQL Injection in /main/webservices/registration.soap.php | chamilo | chamilo-lms | - | - | 2026-03-02 14:54:06 | Deep Dive |