Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

995 matches found

Nuclei
Nucleiadded yesterday34 views

ASIS - SQL Injection Authentication Bypass

ASIS aka Aplikasi Sistem Sekolah using CodeIgniter 3 3.0.0 through 3.2.0 allows index.php username SQL injection for Authentication Bypass. id: CVE-2024-45622 info: name: ASIS - SQL Injection Authentication Bypass author: s4e-io severity: critical description: | ASIS aka Aplikasi Sistem Sekolah...

9.8CVSS7.4AI score0.3605EPSS
Exploits3References3
Github Security Blog
Github Security Blogadded 2026/06/11 5:16 p.m.9 views

CodeIgniter4 has a validation bypass when uploading file extensions via `ext_in` rule

Impact The extin upload validation rule checked the MIME-derived guessed extension instead of the client-provided filename extension. As a result, an uploaded file named shell.php containing GIF-like content could pass validation such as:...

6.1AI score0.00078EPSS
Exploits0References6Affected Software1
RedhatCVE
RedhatCVEadded 2026/06/05 7:36 p.m.7 views

CVE-2026-41891

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0 to before version 0.31.8.0, the auth filter has the deactivated/banned user check commented out. This issue has been patched in version...

5.3CVSS5.3AI score0.00269EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:36 p.m.6 views

CVE-2026-41890

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.31.1.0 to before version 0.31.8.0, the deleteProcess action accepts a POST parameter tables containing arbitrary table names. These are pass...

6.9CVSS5.5AI score0.00344EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:33 p.m.8 views

CVE-2026-9517

A vulnerability was determined in hemant6488 CodeIgniter-StudentManagementSystem. The affected element is an unknown function of the file /index.php/students/addStudentView of the component Student Management Handler. Executing a manipulation can lead to improper access controls. The attack can b...

7.5CVSS6.8AI score0.00355EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:26 p.m.8 views

CVE-2026-39391

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the blacklist ban note parameter in UserController::ajaxblackListpost is stored in the database without sanitization and rendered into a...

4.8CVSS5.6AI score0.0023EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:26 p.m.7 views

CVE-2026-39390

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Google Maps iframe setting cMap field in compInfosPost sanitizes input using striptags with an allowlist and regex-based removal of...

5.5CVSS5.4AI score0.00235EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:26 p.m.7 views

CVE-2026-39392

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Pages module does not apply the htmlpurify validation rule to content fields during create and update operations, while the Blog...

5.5CVSS5.6AI score0.00247EPSS
Exploits1References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:21 p.m.9 views

CVE-2026-41587

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0.0 to before version 0.31.7.0, a theme upload feature allows any authenticated backend user with theme-upload permission to achieve remo...

8.6CVSS6.2AI score0.00501EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:20 p.m.5 views

CVE-2026-41202

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.5.0, ci4ms Backup::restore extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user...

9.4CVSS6.3AI score0.00528EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:20 p.m.8 views

CVE-2026-41201

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. In version 0.31.4.0, an attacker can achieve Full Account Takeover & Privilege Escalation via Stored DOM XSS in backup module filename field manipulated vi...

9.1CVSS5.3AI score0.00331EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:20 p.m.7 views

CVE-2026-41203

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.5.0, ci4ms Theme::upload extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user...

9.4CVSS6.3AI score0.00484EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2026/06/05 7:12 p.m.7 views

CVE-2026-39394

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.4.0, the Install::index controller reads the host POST parameter without any validation and passes it directly into updateEnvSettings, which...

9.8CVSS5.7AI score0.00516EPSS
Exploits1References1
NVD
NVDadded 2026/05/26 2:16 a.m.11 views

CVE-2026-9518

A vulnerability was identified in hemant6488 CodeIgniter-StudentManagementSystem. The impacted element is the function addStudent of the file viewstudents.php of the component Students Controller. The manipulation of the argument Name leads to cross site scripting. The attack is possible to be...

5.3CVSS0.00336EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/05/26 12:30 a.m.6 views

CVE-2026-9518

A vulnerability was identified in hemant6488 CodeIgniter-StudentManagementSystem. The impacted element is the function addStudent of the file viewstudents.php of the component Students Controller. The manipulation of the argument Name leads to cross site scripting. The attack is possible to be...

5.3CVSS4.2AI score0.00336EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/05/26 12:30 a.m.39 views

CVE-2026-9518 hemant6488 CodeIgniter-StudentManagementSystem Students Controller view_students.php addStudent cross site scripting

A vulnerability was identified in hemant6488 CodeIgniter-StudentManagementSystem. The impacted element is the function addStudent of the file viewstudents.php of the component Students Controller. The manipulation of the argument Name leads to cross site scripting. The attack is possible to be...

5.3CVSS0.00336EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/05/26 12:30 a.m.9 views

CVE-2026-9518 hemant6488 CodeIgniter-StudentManagementSystem Students Controller view_students.php addStudent cross site scripting

A vulnerability was identified in hemant6488 CodeIgniter-StudentManagementSystem. The impacted element is the function addStudent of the file viewstudents.php of the component Students Controller. The manipulation of the argument Name leads to cross site scripting. The attack is possible to be...

5.3CVSS4.2AI score0.00336EPSS
Exploits0References5
EUVD
EUVDadded 2026/05/26 12:30 a.m.13 views

EUVD-2026-31776

A vulnerability was identified in hemant6488 CodeIgniter-StudentManagementSystem. The impacted element is the function addStudent of the file viewstudents.php of the component Students Controller. The manipulation of the argument Name leads to cross site scripting. The attack is possible to be...

5.3CVSS4.2AI score0.00336EPSS
Exploits0References5
CVE
CVEadded 2026/05/26 12:30 a.m.17 views

CVE-2026-9518

The vulnerability CVE-2026-9518 affects hemant6488’s CodeIgniter-StudentManagementSystem, specifically the Students Controller function addStudent in view_students.php. The issue is cross site scripting caused by manipulating the Name argument, enabling remote exploitation. Documents indicate the...

5.3CVSS4.2AI score0.00336EPSS
Exploits0References5
NVD
NVDadded 2026/05/26 12:16 a.m.8 views

CVE-2026-9517

A vulnerability was determined in hemant6488 CodeIgniter-StudentManagementSystem. The affected element is an unknown function of the file /index.php/students/addStudentView of the component Student Management Handler. Executing a manipulation can lead to improper access controls. The attack can b...

7.5CVSS0.00355EPSS
Exploits0References5
Rows per page
Query Builder