CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

995 matches found

ATTACKERKB•added 2026/03/30 8:24 p.m.•3 views

CVE-2026-27599

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to properly sanitize user-controlled input within System Settings – Mail Settings. Several configuration...

4.7CVSS5.8AI score0.00358EPSS

Exploits1References2Affected Software1

CVE•added 2026/03/30 8:24 p.m.•10 views

CVE-2026-27599

CI4MS (CodeIgniter 4-based CMS skeleton) is affected by a stored DOM XSS in System Settings – Mail Settings. Prior to version 0.31.0.0, fields such as Mail Server, Mail Port, Email Address, Email Password, Mail Protocol and TLS settings accept attacker-controlled input that is stored server-side ...

7.2CVSS5.8AI score0.00358EPSS

Exploits1References1Affected Software1

OSV•added 2026/03/30 8:24 p.m.•3 views

CVE-2026-27599 CI4MS: System Settings (Mail Settings) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

4.7CVSS5.8AI score0.00358EPSS

Exploits1References3

Positive Technologies•added 2026/03/30 12:0 a.m.•4 views

PT-2026-29117

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.0.0 Description CI4MS, a CodeIgniter 4-based CMS skeleton, does not properly sanitize user-controlled input within System Settings – Mail Settings. Configuration fields, including Mail Server, Mail Port, Email...

4.7CVSS5.9AI score0.00358EPSS

Exploits1References6

Positive Technologies•added 2026/03/30 12:0 a.m.•3 views

PT-2026-29127

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.0.0 Description CI4MS is a CodeIgniter 4-based CMS skeleton offering a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application does not properly...

9.1CVSS5.8AI score0.00307EPSS

Exploits1References8

Positive Technologies•added 2026/03/30 12:0 a.m.•4 views

PT-2026-29128

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.0.0 Description CI4MS is a CodeIgniter 4-based CMS skeleton providing a modular architecture with RBAC authorization and theme support. The application does not properly sanitize user-controlled input within the...

9.1CVSS5.9AI score0.00307EPSS

Exploits1References8

CNNVD•added 2026/03/26 12:0 a.m.•7 views

FUEL CMS 安全漏洞

FUEL CMS is a content management system CMS developed by David McReynolds using the Codelgniter framework. Version 1.5.2 of FUEL CMS contains a security vulnerability, which stems from the /controllers/Login.php component being vulnerable to SQL injection attacks...

7.7CVSS5.8AI score0.00373EPSS

Exploits1References3

CNNVD•added 2026/03/26 12:0 a.m.•6 views

FUEL CMS 安全漏洞

FUEL CMS is a content management system CMS developed by David McReynolds using the Codelgniter framework. Version 1.5.2 of FUEL CMS contains a security vulnerability, which stems from issues with the /parser/dwoo component. Attackers can execute arbitrary code through specially crafted PHP code...

9.8CVSS6.2AI score0.00735EPSS

Exploits1References4

CVE•added 2026/03/20 2:14 a.m.•13 views

CVE-2026-32888

CVE-2026-32888 affects Open Source Point of Sale (PHP, CodeIgniter). A SQL Injection exists in the Items search functionality when the custom attribute search feature (search_custom) is enabled: user input from the search GET parameter is interpolated directly into a HAVING clause without paramet...

8.8CVSS6.2AI score0.00316EPSS

Exploits1References1Affected Software1

OSV•added 2026/03/20 2:14 a.m.•3 views

CVE-2026-32888 Open Source Point of Sale is Vulnerable to SQL Injection Through its Item Search Functionality

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Versions contain an SQL Injection in the Items search functionality. When the custom attribute search feature is enabled searchcustom filter, user-supplied input from the search GET...

8.8CVSS6.2AI score0.00316EPSS

Exploits1References3

Positive Technologies•added 2026/03/20 12:0 a.m.•9 views

PT-2026-26544

Open Source Point of Sale is a web based point-of-sale application written in PHP using CodeIgniter framework. Versions contain an SQL Injection in the Items search functionality. When the custom attribute search feature is enabled search custom filter, user-supplied input from the search GET...

8.8CVSS6.2AI score0.00316EPSS

Exploits1References6

Positive Technologies•added 2026/03/17 12:0 a.m.•5 views

PT-2026-25941

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.0.0 Fortinet FortiOS affected versions not specified Description CI4MS, a CodeIgniter 4-based CMS skeleton, is susceptible to stored cross-site scripting XSS due to improper sanitization of user-controlled input wh...

9.1CVSS6.1AI score0.00269EPSS

Exploits1References7

RedhatCVE•added 2026/02/05 1:22 a.m.•4 views

CVE-2026-25509

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether...

5.3CVSS5.4AI score0.00349EPSS

Exploits0References1

RedhatCVE•added 2026/02/05 1:22 a.m.•5 views

CVE-2026-25510

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, an authenticated user with file editor permissions can achieve Remote Code Execution RCE by leveraging the file creation and sav...

9.9CVSS6AI score0.00805EPSS

Exploits1References1