Lucene search
K

4441 matches found

Positive Technologies
Positive Technologies
added 2026/04/08 12:0 a.m.3 views

PT-2026-31093

Name of the Vulnerable Software and Affected Versions PZ Frontend Manager plugin for WordPress versions up to and including 1.0.6 Description The PZ Frontend Manager plugin for WordPress is susceptible to a missing authorization issue. The pzfm user request action callback function, accessible...

5.3CVSS5.8AI score0.00319EPSS
Exploits0References10
RedhatCVE
RedhatCVE
added 2026/04/07 5:3 p.m.6 views

CVE-2026-35035

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.2.0, the application fails to properly sanitize user-controlled input within System Settings – Company Information. Several administrative...

9CVSS6AI score0.00455EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/04/07 6:0 a.m.19 views

CVE-2025-15611 Popup Box AYS Pro < 5.5.0 - Admin+ Stored Cross-Site Scripting (XSS) via CSRF

The Popup Box WordPress plugin before 5.5.0 does not properly validate nonces in the addoreditpopupbox function before saving popup data, allowing unauthenticated attackers to perform Cross-Site Request Forgery attacks. When an authenticated admin visits a malicious page, the attacker can create ...

0.00136EPSS
Exploits1References1
EUVD
EUVD
added 2026/04/06 5:53 p.m.5 views

EUVD-2026-19374

CI4MS: Company Information Public-Facing Page Full Platform Compromise & Full Account Takeover for All Roles & Privilege-Escalation via System Settings Company Information Stored DOM XSS...

7.2CVSS5.9AI score0.00455EPSS
Exploits1References2
NVD
NVD
added 2026/04/06 5:17 p.m.7 views

CVE-2026-35035

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.2.0, the application fails to properly sanitize user-controlled input within System Settings – Company Information. Several administrative...

9CVSS0.00455EPSS
Exploits1References1
CVE
CVE
added 2026/04/06 4:49 p.m.18 views

CVE-2026-35035

Summary: CVE-2026-35035 affects CI4MS (CodeIgniter 4-based CMS skeleton). A stored XSS vulnerability exists in System Settings – Company Information where attacker-controlled fields (e.g., Company Name, Slogan, contact fields, Google Maps link, media fields) are input and persisted server-side, t...

9CVSS6AI score0.00455EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/04/06 4:49 p.m.20 views

CVE-2026-35035 CI4MS Company Information Public-Facing Page Full Platform Compromise & Full Account Takeover for All Roles & Privilege-Escalation via System Settings Company Information Stored DOM XSS

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.2.0, the application fails to properly sanitize user-controlled input within System Settings – Company Information. Several administrative...

7.2CVSS0.00455EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/04/06 4:49 p.m.4 views

CVE-2026-35035 CI4MS Company Information Public-Facing Page Full Platform Compromise & Full Account Takeover for All Roles & Privilege-Escalation via System Settings Company Information Stored DOM XSS

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.2.0, the application fails to properly sanitize user-controlled input within System Settings – Company Information. Several administrative...

7.2CVSS6AI score0.00455EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/04/06 4:49 p.m.3 views

CVE-2026-35035

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to 0.31.2.0, the application fails to properly sanitize user-controlled input within System Settings – Company Information. Several administrative...

7.2CVSS6AI score0.00455EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/04/06 4:24 p.m.6 views

MAL-2026-2525 Malicious code in frontend-backoffice (npm)

Malicious package due to arbitrary command execution, data exfiltration to Telegram, and a suspicious preinstall script executing code on installation. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f06949fafe41d4b38a42b1c5573750638b411c02b6edcb1958f3f5aad933d...

6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/04/06 4:24 p.m.8 views

Malicious code in frontend-backoffice (npm)

Malicious package due to arbitrary command execution, data exfiltration to Telegram, and a suspicious preinstall script executing code on installation. --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2f06949fafe41d4b38a42b1c5573750638b411c02b6edcb1958f3f5aad933d...

6AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/06 12:0 a.m.5 views

PT-2026-30680

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.2.0 Description CI4MS, a CodeIgniter 4-based CMS skeleton, is susceptible to a stored Cross-Site Scripting XSS issue. The application does not properly sanitize user-controlled input within the System Settings –...

9.1CVSS5.8AI score0.00455EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2026/04/05 10:55 a.m.9 views

CVE-2026-4896

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including wcfmmodifyorderstatus, deletewcfmarticle,...

8.1CVSS5.9AI score0.00351EPSS
Exploits0References1
EUVD
EUVD
added 2026/04/04 9:30 a.m.11 views

EUVD-2026-18981

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including wcfmmodifyorderstatus, deletewcfmarticle,...

8.1CVSS5.9AI score0.00351EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/04/04 7:42 a.m.4 views

CVE-2026-4896 WCFM - WooCommerce Frontend Manager <= 6.7.25 - Insecure Direct Object References to Autenticated (Vendor+) Arbitrary Post/Product Manipulation

The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.25 via multiple AJAX actions including wcfmmodifyorderstatus, deletewcfmarticle,...

8.1CVSS5.9AI score0.00351EPSS
Exploits0References3
CVE
CVE
added 2026/04/04 7:42 a.m.23 views

CVE-2026-4896

The CVE-2026-4896 entry concerns the WCFM – Frontend Manager for WooCommerce plugin with the Bookings Subscription Listings Compatible extension for WordPress, affected up to version 6.7.25. The vulnerability is an Insecure Direct Object Reference (IDOR) affecting authenticated users with Vendor-...

8.1CVSS5.9AI score0.00351EPSS
Exploits0References3
vulnersOsv
vulnersOsv
added 2026/04/04 6:4 a.m.5 views

@budibase/backend-core (>=3.0.0 <=3.2.26), @budibase/bbui (>=3.0.0 <=3.2.26) +7 more potentially affected by CVE-2026-35214 via @budibase/types (>=3.0.0 <=3.2.7)

@budibase/types NPM version =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.2.26 Source cves: CVE-2026-35214 Source advisory: SNYK:JS-BUDIBASETYPES-15917494...

8.7CVSS5.8AI score0.00554EPSS
Exploits1
CNNVD
CNNVD
added 2026/04/04 12:0 a.m.9 views

WordPress plugin WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The WordPres...

8.1CVSS5.8AI score0.00351EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/04 12:0 a.m.5 views

PT-2026-30313

Name of the Vulnerable Software and Affected Versions WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress versions up to and including 6.7.25 Description The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription...

8.1CVSS5.8AI score0.00351EPSS
Exploits0References8
Patchstack
Patchstack
added 2026/04/03 11:16 p.m.4 views

WordPress WCFM - WooCommerce Frontend Manager plugin <= 6.7.25 - Insecure Direct Object References to Authenticated (Vendor+) Arbitrary Post/Product Manipulation vulnerability

WordPress WCFM - WooCommerce Frontend Manager plugin = 6.7.25 - Insecure Direct Object References to Authenticated Vendor+ Arbitrary Post/Product Manipulation vulnerability discovered by Osvaldo Noe Gonzalez Del Rio Os - krei.dev | ogbuilders.io in WordPress Plugin WCFM – Frontend Manager for...

8.1CVSS5.9AI score0.00351EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder