CVE-2026-3880

creationtimestamp| type| source ---|---|--- 2026-04-03 13:19:05+00:00| seen| Telegram/YV8cS3UbatxDTGe0fjayhbeNknefcE-s36BQ9lt853A06hI 2026-04-04 03:20:09+00:00| seen| https://bsky.app/profile/cyberhub.blog/post/3minbomahsj2f 2026-04-04 03:29:27+00:00| seen|...

CVE-2026-34876

creationtimestamp| type| source ---|---|--- 2026-04-03 07:01:00+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mil5kl4adx27 2026-04-03 07:01:24+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mil5lcfqjt2p...

CVE-2026-5463

creationtimestamp| type| source ---|---|--- 2026-04-03 06:00:16+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mil25ysway2p 2026-04-03 06:00:26+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mil26a6y7b27 2026-04-03 06:00:28+00:00| seen|...

CVE-2026-26135

creationtimestamp| type| source ---|---|--- 2026-04-03 00:50:17+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mikitpnzqk2z 2026-04-03 01:16:28+00:00| seen| Telegram/iJ-TXq8dDjuzcBmcTa4J1ArjLXeEo9DZvpPvRg0iyulgok 2026-04-03 01:50:22+00:00| seen|...

CVE-2026-34567

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog posts within the Categories...

CVE-2026-34426

creationtimestamp| type| source ---|---|--- 2026-04-02 22:22:27+00:00| published-proof-of-concept| Telegram/LEqzgESE2wGHUVmUGbeDXDuSp8F8SqNkH2O3nuA9SKVO2A 2026-04-03 03:01:44+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mikq6qgjxg2c 2026-04-03 03:06:31+00:00| seen|...

CVE-2026-2696

The Export All URLs WordPress plugin before 5.1 generates CSV filenames containing posts URLS including private posts in a predictable pattern using a random 6-digit number. These files are stored in the publicly accessible wp-content/uploads/ directory. As a result, any unauthenticated user can...

CVE-2026-2701

creationtimestamp| type| source ---|---|--- 2026-04-02 09:59:15+00:00| seen| https://www.acn.gov.it/portale/w/progress-disponibili-poc-per-lo-sfruttamento-di-vulnerabilita-in-sharefile 2026-04-02 11:13:10+00:00| seen| https://bsky.app/profile/r-netsec-bot.bsky.social/post/3mij36jygvj2d 2026-04-02...

CVE-2026-2699

creationtimestamp| type| source ---|---|--- 2026-04-02 09:59:15+00:00| seen| https://www.acn.gov.it/portale/w/progress-disponibili-poc-per-lo-sfruttamento-di-vulnerabilita-in-sharefile 2026-04-02 11:13:09+00:00| seen| https://bsky.app/profile/r-netsec-bot.bsky.social/post/3mij36jygvj2d 2026-04-02...

CVE-2026-34950

creationtimestamp| type| source ---|---|--- 2026-04-02 08:53:21+00:00| published-proof-of-concept| https://github.com/nearform/fast-jwt/security/advisories/GHSA-mvf2-f6gm-w987 2026-04-06 16:20:11+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3mito77wzr22s 2026-04-06...

CVE-2026-4347

creationtimestamp| type| source ---|---|--- 2026-04-02 06:11:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3miikcm5tfo2j 2026-04-02 06:20:58+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3miiku3peog2j 2026-04-02 07:15:36+00:00| seen|...

CVE-2026-34874

creationtimestamp| type| source ---|---|--- 2026-04-02 05:25:45+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3miihrdxk3h2c 2026-04-02 05:35:58+00:00| seen| https://bsky.app/profile/thehackerwire.bsky.social/post/3miiidm65o32s...

CVE-2026-21765

creationtimestamp| type| source ---|---|--- 2026-04-02 00:40:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mihxtyxi5i2i 2026-04-02 01:18:28+00:00| seen| Telegram/7rLczVeBBv6SSIB10Z8cqxb4bee2TcHdurxt5OLTZQuJPU 2026-04-02 02:03:55+00:00| seen|...

CVE-2026-32620

Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, non-staff users could access read receipt information for staff-only posts they weren't supposed to see. No post content w...

CVE-2025-13535

creationtimestamp| type| source ---|---|--- 2026-04-01 22:45:05+00:00| seen| https://bsky.app/profile/atomicedge.bsky.social/post/3mihrevrgnf2j 2026-04-01 22:45:07+00:00| seen| https://bsky.app/profile/potato.software/post/3mihrewob7j2x...

CVE-2026-34565

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when adding Posts to navigation menus through the Menu Manageme...

CVE-2026-34567

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog posts within the Categories...

CVE-2026-34568

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input when creating or editing blog posts. An attacker can inject a...

CI4MS: Blogs Posts Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Stored DOM XSS via Blog Post Content Persistent Payload Injection - Stored Cross-Site Scripting via Unsanitized Blog Post Content in Blog Management Description The application fails to properly sanitize user-controlled input when creating or editing blog posts. An attacker...

Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS via the blog post content handling process. An attacker can execute arbitrary JavaScript in the browsers of users who view the affected blog posts...