Overview
- chamilo
- chamilo-lms
02 Mar 2026
Published
02 Mar 2026
Updated
CVSS v3.1
HIGH (8.3)
EPSS
0.04%
KEV
Description
Chamilo is a learning management system. Prior to version 1.11.30, a Stored XSS vulnerability exists in the glossary function, enabling all users with the Teachers role to inject JavaScript malicious code against the administrator. This issue has been patched in version 1.11.30.
Statistics
- 1 Post
- 1 Interaction
Last activity: 14 hours ago
Overview
- zed-industries
- zed
25 Feb 2026
Published
26 Feb 2026
Updated
CVSS v3.1
HIGH (7.4)
EPSS
0.03%
KEV
Description
Zed, a code editor, has a Zip Slip (Path Traversal) vulnerability exists in its extension archive extraction functionality prior to version 0.224.4. The `extract_zip()` function in `crates/util/src/archive.rs` fails to validate ZIP entry filenames for path traversal sequences (e.g., `../`). This allows a malicious extension to write files outside its designated sandbox directory by downloading and extracting a crafted ZIP archive. Version 0.224.4 fixes the issue.
Statistics
- 1 Post
- 1 Interaction
Last activity: 17 hours ago
Overview
Description
A command injection vulnerability in ModelScope's ms-agent versions v1.6.0rc1 and earlier exists, allowing an attacker to execute arbitrary operating system commands through crafted prompt-derived input.
Statistics
- 1 Post
Last activity: 18 hours ago
Overview
- Oscommerce
- osCommerce
27 Feb 2026
Published
27 Feb 2026
Updated
CVSS v4.0
HIGH (8.8)
EPSS
0.06%
KEV
Description
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the reviews_id parameter. Attackers can send GET requests to product_reviews_write.php with malicious reviews_id values using boolean-based SQL injection payloads to extract sensitive database information.
Statistics
- 1 Post
Last activity: 16 hours ago
Overview
- Qualcomm, Inc.
- Snapdragon
02 Mar 2026
Published
03 Mar 2026
Updated
CVSS v3.1
HIGH (7.8)
EPSS
0.02%
KEV
Description
Memory Corruption while processing IOCTL calls when concurrent access to shared buffer occurs.
Statistics
- 1 Post
Last activity: 4 hours ago
Overview
- projectworlds
- Online Art Gallery Shop
02 Mar 2026
Published
02 Mar 2026
Updated
CVSS v4.0
MEDIUM (6.9)
EPSS
0.03%
KEV
Description
A vulnerability was found in projectworlds Online Art Gallery Shop 1.0. The impacted element is an unknown function of the file /admin/registration.php of the component Registration Handler. The manipulation of the argument fname results in sql injection. It is possible to launch the attack remotely. The exploit has been made public and could be used.
Statistics
- 1 Post
Last activity: 22 hours ago
Overview
- Oscommerce
- osCommerce
27 Feb 2026
Published
27 Feb 2026
Updated
CVSS v4.0
HIGH (8.8)
EPSS
0.06%
KEV
Description
osCommerce 2.3.4.1 contains a SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the products_id parameter. Attackers can modify the products_id value in product_info.php requests and append boolean-based SQL injection payloads to extract sensitive database information.
Statistics
- 1 Post
Last activity: 18 hours ago
Overview
- Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (low), integrity (low) and availability (none) impacts.
10 Feb 2026
Published
26 Feb 2026
Updated
CVSS v4.0
LOW (1.8)
EPSS
0.00%
KEV
Description
Improper handling of values in the microcode flow for some Intel(R) Processor Family may allow an escalation of privilege. Startup code and smm adversary with a privileged user combined with a high complexity attack may enable escalation of privilege. This result may potentially occur via local access when attack requirements are present with special internal knowledge and requires no user interaction. The potential vulnerability may impact the confidentiality (low), integrity (low) and availability (none) of the vulnerable system, resulting in subsequent system confidentiality (low), integrity (low) and availability (none) impacts.
Statistics
- 1 Post
Last activity: 7 hours ago
Overview
Description
In the Linux kernel, the following vulnerability has been resolved:
crypto: essiv - Check ssize for decryption and in-place encryption
Move the ssize check to the start in essiv_aead_crypt so that
it's also checked for decryption and in-place encryption.
Statistics
- 1 Post
Last activity: 8 hours ago
Overview
Description
An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to perform Administrative actions using service accounts.
Statistics
- 1 Post
Last activity: Last hour