| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2025-50196 | Chamilo: OS Command Injection in /plugin/vchamilo/views/editinstance.php via POST main_database parameter | chamilo | chamilo-lms | - | - | 2026-03-02 15:17:53 | Deep Dive |
| CVE-2025-50195 | Chamilo: OS Command Injection in /plugin/vchamilo/views/manage.controller.php | chamilo | chamilo-lms | - | - | 2026-03-02 15:16:59 | Deep Dive |
| CVE-2025-50194 | Chamilo: OS Command Injection in /main/cron/lang/check_parse_lang.php | chamilo | chamilo-lms | - | - | 2026-03-02 15:16:22 | Deep Dive |
| CVE-2025-50193 | Chamilo: OS command Injection in /plugin/vchamilo/views/import.php with the POST to_main_database parameter | chamilo | chamilo-lms | - | - | 2026-03-02 15:16:03 | Deep Dive |
| CVE-2025-50192 | Chamilo: Time-based SQL Injection in /main/webservices/registration.soap.php | chamilo | chamilo-lms | - | - | 2026-03-02 14:54:06 | Deep Dive |
| CVE-2025-50191 | Chamilo: Error-based SQL Injection via POST userFile with the /main/exercise/hotpotatoes.php script | chamilo | chamilo-lms | - | - | 2026-03-02 14:53:36 | Deep Dive |
| CVE-2025-50190 | Chamilo: Error-based SQL Injection via GET openid.assoc_handle with the /index.php script | chamilo | chamilo-lms | - | - | 2026-03-02 14:53:15 | Deep Dive |
| CVE-2025-50189 | Chamilo: Error-based SQL Injection | chamilo | chamilo-lms | - | - | 2026-03-02 14:49:09 | Deep Dive |
| CVE-2025-50188 | Error-based SQL Injection in Chamilo LMS | chamilo | chamilo-lms | - | - | 2026-03-02 14:47:03 | Deep Dive |
| CVE-2025-52482 | Chamilo: Stored XSS in glossary function via /main/glossary/index.php trigger in /main/tracking/course_log_resources.php | chamilo | chamilo-lms | High | 8.3 | 2026-03-02 14:39:50 | Deep Dive |
| CVE-2025-50187 | Chamilo: Evaluation of untrusted user input leads to Remote Code Execution | chamilo | chamilo-lms | Critical | 9.8 | 2026-03-02 14:37:21 | Deep Dive |
| CVE-2025-50186 | Chamilo: Stored XSS via Malicious CSV Filename in user_import.php | chamilo | chamilo-lms | Medium | 4.8 | 2026-03-02 14:36:28 | Deep Dive |
| CVE-2024-50337 | Chamilo: Potential unauthenticated blind SSRF via openid function | chamilo | chamilo-lms | Medium | 5.3 | 2026-03-02 14:26:45 | Deep Dive |
| CVE-2024-47886 | Chamilo: Post-Auth Remote Code Execution | chamilo | chamilo-lms | - | - | 2026-03-02 14:23:51 | Deep Dive |
| CVE-2025-13673 | Tutor LMS <= 3.9.6 - Unauthenticated SQL Injection via coupon_code | themeum | Tutor LMS – eLearning and online course solution | High | 7.5 | 2026-02-28 07:25:35 | Deep Dive |
| CVE-2018-25158 | Chamilo LMS 1.11.8 Arbitrary File Upload via elfinder | Chamilo | Chamillo LMS | High | 8.8 | 2026-02-20 22:54:45 | Deep Dive |
| CVE-2026-26977 | Frappe Learning Management System exposes details of unpublished courses to unauthorized users | frappe | lms | 中危 | - | 2026-02-20 00:56:43 | Deep Dive |
| CVE-2026-25372 | WordPress Academy LMS plugin <= 3.5.3 - Broken Access Control vulnerability | Kodezen LLC | Academy LMS | - | - | 2026-02-19 08:27:00 | Deep Dive |
| CVE-2025-13563 | Lizza LMS Pro <= 1.0.3 - Unauthenticated Privilege Escalation | BuddhaThemes | Lizza LMS Pro | Critical | 9.8 | 2026-02-19 04:36:21 | Deep Dive |
| CVE-2026-0559 | MasterStudy LMS WordPress Plugin – for Online Courses and Education <= 3.7.11 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'stm_lms_courses_grid_display' Shortcode | stylemix | MasterStudy LMS WordPress Plugin – for Online Courses and Education | Medium | 6.4 | 2026-02-14 06:42:32 | Deep Dive |