| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-59544 | Chamilo: Unauthorized access to update category of any user | chamilo | chamilo-lms | 中危 | - | 2026-03-06 03:32:20 | Deep Dive |
| CVE-2025-59543 | Chamilo: Account Takeover via Stored XSS in Course Description | chamilo | chamilo-lms | Critical | 9.0 | 2026-03-06 03:32:06 | Deep Dive |
| CVE-2025-59542 | Chamilo: Account Takeover via Stored XSS in Course Learning Paths | chamilo | chamilo-lms | Critical | 9.0 | 2026-03-06 03:30:04 | Deep Dive |
| CVE-2025-59541 | Chamilo: CSRF Vulnerability in Project Deletion | chamilo | chamilo-lms | High | 8.1 | 2026-03-06 03:29:34 | Deep Dive |
| CVE-2025-59540 | Chamilo: Stored Cross-Site Scripting (XSS) in Chamilo LMS Exercise Feedback | chamilo | chamilo-lms | 中危 | - | 2026-03-06 03:27:54 | Deep Dive |
| CVE-2025-55289 | Chamilo: Stored Cross Site Scripting in Skills Argumentation | chamilo | chamilo-lms | High | 8.8 | 2026-03-06 03:27:46 | Deep Dive |
| CVE-2025-55208 | Chamilo LMS has Stored Cross Site Scripting on Social Networks Uploaded Files | chamilo | chamilo-lms | Critical | 9.0 | 2026-03-05 20:58:27 | Deep Dive |
| CVE-2026-27983 | WordPress LMS Elementor Pro plugin <= 1.0.4 - Privilege Escalation vulnerability | designthemes | LMS Elementor Pro | 中危 | - | 2026-03-05 05:54:03 | Deep Dive |
| CVE-2026-23799 | WordPress Tutor LMS plugin <= 3.9.5 - Broken Access Control vulnerability | Themeum | Tutor LMS | Medium | 6.5 | 2026-03-05 05:53:49 | Deep Dive |
| CVE-2025-52564 | Chamilo: HTML injection via open parameter | chamilo | chamilo-lms | - | - | 2026-03-02 15:54:42 | Deep Dive |
| CVE-2025-52998 | Chamilo: PHAR deserialization bypass | chamilo | chamilo-lms | - | - | 2026-03-02 15:54:20 | Deep Dive |
| CVE-2025-50199 | Chamilo: Blind Server-Side Request Forgery (Unauth Blind SSRF) | chamilo | chamilo-lms | - | - | 2026-03-02 15:50:45 | Deep Dive |
| CVE-2025-52563 | Chamilo: Reflected XSS via page parameter | chamilo | chamilo-lms | - | - | 2026-03-02 15:50:20 | Deep Dive |
| CVE-2025-52475 | Chamilo: Reflected XSS via keyword_inactive parameter | chamilo | chamilo-lms | - | - | 2026-03-02 15:49:53 | Deep Dive |
| CVE-2025-52476 | Chamilo: Reflected XSS via keyword_active parameter | chamilo | chamilo-lms | - | - | 2026-03-02 15:49:33 | Deep Dive |
| CVE-2025-52470 | Chamilo: Stored Cross-Site Scripting (XSS) via Session Category Name | chamilo | chamilo-lms | Medium | 4.8 | 2026-03-02 15:48:37 | Deep Dive |
| CVE-2025-52469 | Chamilo: Friend Request Workflow Bypass - Unauthorized Friend Addition and ID Validation Bypass | chamilo | chamilo-lms | High | 7.1 | 2026-03-02 15:48:25 | Deep Dive |
| CVE-2025-52468 | Chamilo: Stored XSS Vulnerability via CSV User Import | chamilo | chamilo-lms | High | 8.8 | 2026-03-02 15:47:47 | Deep Dive |
| CVE-2025-50198 | Chamilo: Deserialization of untrusted data in /plugin/vchamilo/views/import.php via POST configuration_file; POST course_path; POST home_path parameters | chamilo | chamilo-lms | - | - | 2026-03-02 15:46:47 | Deep Dive |
| CVE-2025-50197 | Chamilo: OS Command Injection in /main/admin/sub_language_ajax.inc.php via POST new_language parameter | chamilo | chamilo-lms | - | - | 2026-03-02 15:18:06 | Deep Dive |