Lucene search
K

410 matches found

Vulnrichment
Vulnrichment
added 2026/04/01 9:32 p.m.3 views

CVE-2026-34571 CI4MS: Stored Cross‑Site Scripting (Stored XSS) in Backend User Management Allows Session Hijacking and Full Administrative Account Compromise

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, a Stored Cross-Site Scripting Stored XSS vulnerability exists in the backend user management functionality. The application fail...

9.9CVSS6AI score0.00393EPSS
Exploits1References2
CVE
CVE
added 2026/04/01 9:27 p.m.10 views

CVE-2026-34566

CVE-2026-34566 affects CI4MS, a CodeIgniter 4-based CMS skeleton. Prior to version 0.31.0.0, user-controlled input in Page Management is not properly sanitized, allowing attacker-controlled JavaScript to be stored server-side and later rendered without output encoding in admin page lists and publ...

9.1CVSS5.7AI score0.00269EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/04/01 12:10 a.m.3 views

GHSA-RPJR-985C-QHVM CI4MS: Permissions Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

Summary Vulnerability: Stored DOM XSS via Group / Role Management Fields Administrative Context Execution - Stored Cross-Site Scripting via Unsanitized Group / Role Management Inputs Description The application fails to properly sanitize user-controlled input within group and role management...

9.1CVSS6AI score0.00307EPSS
Exploits1References3
Snyk
Snyk
added 2026/04/01 12:10 a.m.3 views

Cross-site Scripting (XSS)

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Cross-site Scripting XSS via unsanitized input in group and role management fields. An attacker can execute arbitrary JavaScript in the context of an administrator's brows...

9.1CVSS6AI score0.00307EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/03/27 4:59 a.m.8 views

CVE-2026-2931

The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 9.1.2. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

8.8CVSS5.8AI score0.00382EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/27 12:0 a.m.10 views

PT-2026-28639

Name of the Vulnerable Software and Affected Versions Ultimate Member plugin for WordPress versions through 2.11.2 Description The Ultimate Member plugin for WordPress is susceptible to Sensitive Information Exposure. The issue stems from the 'usermeta:password reset link' template tag being...

8CVSS5.9AI score0.00229EPSS
Exploits0References8
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.6 views

CVE-2026-28430

Chamilo LMS is a learning management system. Prior to version 1.11.34, there is an unauthenticated SQL injection vulnerability which allows remote attackers to execute arbitrary SQL commands via the customdates parameter. By chaining this with a predictable legacy password reset mechanism, an...

9.8CVSS6.1AI score0.00329EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:59 p.m.4 views

CVE-2026-31881

Runtipi is a personal homeserver orchestrator. Prior to 4.8.0, an unauthenticated attacker can reset the operator admin password when a password-reset request is active, resulting in full account takeover. The endpoint POST /api/auth/reset-password is exposed without authentication/authorization...

9.8CVSS5.9AI score0.0043EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/03/26 2:58 p.m.4 views

CVE-2026-4021

The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in all versions up to, and including, 28.1.5. This is due to the email confirmation handler in users-registry-check-after-email-or-pin-confirmation.php using the user's email strin...

8.1CVSS5.8AI score0.00436EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/26 6:30 a.m.5 views

EUVD-2026-16095

The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 9.1.2. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

8.8CVSS5.8AI score0.00382EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/26 3:37 a.m.3 views

CVE-2026-2931

The Amelia Booking plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 9.1.2. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

8.8CVSS5.8AI score0.00382EPSS
Exploits0References5
EUVD
EUVD
added 2026/03/24 12:30 a.m.3 views

EUVD-2026-14654

The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in all versions up to, and including, 28.1.5. This is due to the email confirmation handler in users-registry-check-after-email-or-pin-confirmation.php using the user's email strin...

8.1CVSS5.7AI score0.00436EPSS
Exploits0References7
NVD
NVD
added 2026/03/24 12:16 a.m.3 views

CVE-2026-4021

The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in all versions up to, and including, 28.1.5. This is due to the email confirmation handler in users-registry-check-after-email-or-pin-confirmation.php using the user's email strin...

8.1CVSS0.00436EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/03/23 11:25 p.m.3 views

CVE-2026-4021

The Contest Gallery plugin for WordPress is vulnerable to an authentication bypass leading to admin account takeover in all versions up to, and including, 28.1.5. This is due to the email confirmation handler in users-registry-check-after-email-or-pin-confirmation.php using the user's email strin...

8.1CVSS5.7AI score0.00436EPSS
Exploits0References7
CVE
CVE
added 2026/03/23 11:25 p.m.10 views

CVE-2026-4021

The CVE-2026-4021 entry documents an authentication bypass in the Contest Gallery WordPress plugin up through version 28.1.5. The root cause is a mismatch in the email-to-user-ID flow: users-registry-check-after-email-or-pin-confirmation.php uses the email string in a WHERE ID = %s clause instead...

8.1CVSS5.7AI score0.00436EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/03/23 12:0 a.m.6 views

PT-2026-27266

Name of the Vulnerable Software and Affected Versions Contest Gallery plugin for WordPress versions through 28.1.5 Description The Contest Gallery plugin for WordPress is susceptible to an authentication bypass, potentially allowing unauthorized takeover of administrator accounts. This occurs...

8.1CVSS5.8AI score0.00436EPSS
Exploits0References9
NVD
NVD
added 2026/03/20 6:16 a.m.31 views

CVE-2026-33037

WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files docker-compose.yml, env.example ship with the admin password set to "password", which is automatically used to seed the admin account during installation, meaning any instance deployed...

8.1CVSS0.00672EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2026/03/20 5:25 a.m.3 views

CVE-2026-33037

WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files docker-compose.yml, env.example ship with the admin password set to "password", which is automatically used to seed the admin account during installation, meaning any instance deployed...

8.1CVSS6.3AI score0.00672EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/20 5:25 a.m.8 views

CVE-2026-33037 WWBN AVideo has predictable default admin credentials in official Docker deployment path

WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files docker-compose.yml, env.example ship with the admin password set to "password", which is automatically used to seed the admin account during installation, meaning any instance deployed...

8.1CVSS6.5AI score0.00672EPSS
Exploits1References2
OSV
OSV
added 2026/03/20 5:25 a.m.4 views

CVE-2026-33037 WWBN AVideo has predictable default admin credentials in official Docker deployment path

WWBN AVideo is an open source video platform. In versions 25.0 and below, the official Docker deployment files docker-compose.yml, env.example ship with the admin password set to "password", which is automatically used to seed the admin account during installation, meaning any instance deployed...

8.1CVSS6.3AI score0.00672EPSS
Exploits1References4
Rows per page
Query Builder