402 matches found
CVE-2026-25726 Cloudreve is vulnerable to Account Takeover via Weak Cryptographic Token Generation (Insecure PRNG Seeding)
Cloudreve is a self-hosted file management and sharing system. Prior to version 4.13.0, the application uses the weak pseudo-random number generator math/rand seeded with time.Now.UnixNano to generate critical security secrets, including the secretkey, and hashidsalt. These secrets are generated...
CVE-2026-34974
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the regex-based SVG sanitizer in phpMyFAQ SvgSanitizer.php can be bypassed using HTML entity encoding in javascript: URLs within SVG attributes. Any user with editfaq permission can upload a malicious SVG that executes...
CVE-2026-34974
phpMyFAQ is an open source FAQ web application. Prior to version 4.1.1, the regex-based SVG sanitizer in phpMyFAQ SvgSanitizer.php can be bypassed using HTML entity encoding in javascript: URLs within SVG attributes. Any user with editfaq permission can upload a malicious SVG that executes...
CVE-2026-34974
The CVE-2026-34974 vulnerability affects phpMyFAQ prior to version 4.1.1, where the SVG sanitizer (SvgSanitizer.php) uses regexes that can be bypassed by HTML entity encoding in javascript: URLs inside SVG attributes. An attacker with edit_faq permission can upload a malicious SVG that executes ...
CI4MS: Blogs Categories Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Summary Vulnerability: Stored DOM XSS via Blog Category Title Persistent Payload Injection - Stored Cross-Site Scripting via Unsanitized Blog Category Title in Blog Management Description The application fails to properly sanitize user-controlled input when creating or editing blog categories. An...
GHSA-X7WH-G25G-53VG CI4MS: Blogs Posts Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Summary Vulnerability: Stored DOM XSS via Blog Post Content Persistent Payload Injection - Stored Cross-Site Scripting via Unsanitized Blog Post Content in Blog Management Description The application fails to properly sanitize user-controlled input when creating or editing blog posts. An attacker...
GHSA-XGH5-W62M-8MPR CI4MS: Menu Management (Posts) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Summary Vulnerability: Stored DOM XSS via Posts Added to Menu Persistent Payload Injection - Stored Cross-Site Scripting via Unsafe Rendering of Post Entries in Menu Management Description The application fails to properly sanitize user-controlled input when adding Posts to navigation menus throu...
CI4MS: Menu Management (Posts) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Summary Vulnerability: Stored DOM XSS via Posts Added to Menu Persistent Payload Injection - Stored Cross-Site Scripting via Unsafe Rendering of Post Entries in Menu Management Description The application fails to properly sanitize user-controlled input when adding Posts to navigation menus throu...
GHSA-G4PP-FHGF-8653 CI4MS: Menu Management (Pages) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Summary Vulnerability: Stored DOM XSS via Pages Added to Menu Persistent Payload Injection - Stored Cross-Site Scripting via Unsafe Rendering of Page Entries in Menu Management Description The application fails to properly sanitize user-controlled input when adding Pages to navigation menus throu...
Cross-site Scripting (XSS)
Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS via the backup filename field during backup upload and processing. An attacker can execute arbitrary JavaScript in the browsers of privileged user...
GHSA-4333-387X-W245 CI4MS: Blogs Tags Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Summary Vulnerability: Stored DOM XSS via Blog Tag Name Persistent Payload Injection - Stored Cross-Site Scripting via Unsanitized Blog Tag Name in Blog Management Description The application fails to properly sanitize user-controlled input when creating or editing blog tags. An attacker can inje...
CI4MS: Blogs Tags Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Summary Vulnerability: Stored DOM XSS via Blog Tag Name Persistent Payload Injection - Stored Cross-Site Scripting via Unsanitized Blog Tag Name in Blog Management Description The application fails to properly sanitize user-controlled input when creating or editing blog tags. An attacker can inje...
CVE-2026-34571 CI4MS: Stored Cross‑Site Scripting (Stored XSS) in Backend User Management Allows Session Hijacking and Full Administrative Account Compromise
CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, a Stored Cross-Site Scripting Stored XSS vulnerability exists in the backend user management functionality. The application fail...
CVE-2026-34566
CVE-2026-34566 affects CI4MS, a CodeIgniter 4-based CMS skeleton. Prior to version 0.31.0.0, user-controlled input in Page Management is not properly sanitized, allowing attacker-controlled JavaScript to be stored server-side and later rendered without output encoding in admin page lists and publ...
GHSA-RPJR-985C-QHVM CI4MS: Permissions Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS
Summary Vulnerability: Stored DOM XSS via Group / Role Management Fields Administrative Context Execution - Stored Cross-Site Scripting via Unsanitized Group / Role Management Inputs Description The application fails to properly sanitize user-controlled input within group and role management...
Cross-site Scripting (XSS)
Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized input in group and role management fields. An attacker can execute arbitrary JavaScript in the context of an administrator's brows...
CVE-2026-2931
The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 9.1.2. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...
PT-2026-28639
Name of the Vulnerable Software and Affected Versions Ultimate Member plugin for WordPress versions through 2.11.2 Description The Ultimate Member plugin for WordPress is susceptible to Sensitive Information Exposure. The issue stems from the 'usermeta:password reset link' template tag being...
CVE-2026-28430
Chamilo LMS is a learning management system. Prior to version 1.11.34, there is an unauthenticated SQL injection vulnerability which allows remote attackers to execute arbitrary SQL commands via the customdates parameter. By chaining this with a predictable legacy password reset mechanism, an...
CVE-2026-31881
Runtipi is a personal homeserver orchestrator. Prior to 4.8.0, an unauthenticated attacker can reset the operator admin password when a password-reset request is active, resulting in full account takeover. The endpoint POST /api/auth/reset-password is exposed without authentication/authorization...