EUVD-2026-18076

CI4MS: Menu Management Pages Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS...

CI4MS: Menu Management (Pages) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Stored DOM XSS via Pages Added to Menu Persistent Payload Injection - Stored Cross-Site Scripting via Unsafe Rendering of Page Entries in Menu Management Description The application fails to properly sanitize user-controlled input when adding Pages to navigation menus throu...

Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS in the menu management process when user-controlled input is added to navigation menus and rendered without proper sanitization or output encoding...

CVE-2026-34565

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when adding Posts to navigation menus through the Menu Manageme...

CVE-2026-34564 CI4MS: Menu Management (Pages) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when adding Pages to navigation menus through the Menu Manageme...

CVE-2026-5289

A flaw was found in Google Chrome and Chromium. A remote attacker, after compromising the browser's renderer process, could exploit a use-after-free vulnerability in the Navigation component. This could be achieved by enticing a user to visit a specially crafted HTML page. Successful exploitation...

CVE-2026-5289

Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-30278

An arbitrary file overwrite vulnerability in FLY is FUN Aviation Navigation v35.33 allows attackers to overwrite critical internal files via the file import process, leading to arbitrary code execution or information exposure...

CVE-2026-5289

Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-5289

CVE-2026-5289 affects Google Chrome prior to version 146.0.7680.178, describing a use-after-free in the Navigation component that could allow a remote attacker who already compromised the renderer process to escape the sandbox via a crafted HTML page. The vulnerability is categorized as High seve...

CVE-2026-5289

Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-5289

Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-5289

Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

CVE-2026-5289

Use after free in Navigation in Google Chrome prior to 146.0.7680.178 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

Astra Linux – Vulnerability in Chromium

Insufficient data validation in Navigation in Google Chrome prior to version 145.0.7632.159 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: High...

Astra Linux – Vulnerability in Chromium

Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

Astra Linux – Vulnerability in Chromium

Insufficient policy enforcement in DevTools in Google Chrome prior to 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page. Chromium security severity: Low...

Astra Linux – Vulnerability in Chromium

Insufficient policy enforcement in PDF files in Google Chrome prior to version 146.0.7680.71 allowed a remote attacker to bypass navigation restrictions through a crafted PDF file. Chromium security severity: Low...

GHSA-V77R-XG3P-75G7 CI4MS: Methods Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Stored DOM XSS via Methods Management Fields Global Persistent Payload Execution - Stored Cross-Site Scripting via Unsanitized Method Creation and Management Inputs - Automatic Execution Across All Pages Where Method Is Rendered in Navigation Description The application fai...

CI4MS: Methods Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Stored DOM XSS via Methods Management Fields Global Persistent Payload Execution - Stored Cross-Site Scripting via Unsanitized Method Creation and Management Inputs - Automatic Execution Across All Pages Where Method Is Rendered in Navigation Description The application fai...