Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

18992 matches found

Cvelist
Cvelistadded 2026/05/08 3:50 p.m.32 views

CVE-2026-41887 Flarum: Path traversal in LESS parser via theme color settings (incomplete fix for CVE-2023-27577)

Flarum is open-source forum software. Prior to versions 1.8.16 and 2.0.0-rc.1, Flarum's patch for CVE-2023-27577 restricted the @import and data-uri LESS features in the customless setting, but the same restriction was never applied to other settings registered as LESS config variables for exampl...

4.9CVSS0.00404EPSS
Exploits0References4
EUVD
EUVDadded 2026/05/08 3:50 p.m.9 views

EUVD-2026-28804

Flarum is open-source forum software. Prior to versions 1.8.16 and 2.0.0-rc.1, Flarum's patch for CVE-2023-27577 restricted the @import and data-uri LESS features in the customless setting, but the same restriction was never applied to other settings registered as LESS config variables for exampl...

6.6CVSS6.3AI score0.00851EPSS
Exploits0References4
Patchstack
Patchstackadded 2026/05/08 10:0 a.m.6 views

WordPress Avante theme < 3.0.5 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Theme Avante versions 3.0.5...

5.8AI score0.0023EPSS
Exploits0Affected Software1
NVD
NVDadded 2026/05/07 4:16 a.m.11 views

CVE-2026-41890

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.31.1.0 to before version 0.31.8.0, the deleteProcess action accepts a POST parameter tables containing arbitrary table names. These are pass...

6.9CVSS0.00344EPSS
Exploits0References2
NVD
NVDadded 2026/05/07 4:16 a.m.10 views

CVE-2026-41587

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0.0 to before version 0.31.7.0, a theme upload feature allows any authenticated backend user with theme-upload permission to achieve remo...

8.6CVSS0.00501EPSS
Exploits0References2
NVD
NVDadded 2026/05/07 4:16 a.m.13 views

CVE-2026-41203

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.5.0, ci4ms Theme::upload extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user...

9.4CVSS0.00484EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/07 3:24 a.m.8 views

EUVD-2026-28294

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0 to before version 0.31.8.0, the auth filter has the deactivated/banned user check commented out. This issue has been patched in version...

5.3CVSS5.7AI score0.00269EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/07 3:23 a.m.11 views

EUVD-2026-28292

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.31.1.0 to before version 0.31.8.0, the deleteProcess action accepts a POST parameter tables containing arbitrary table names. These are pass...

6.9CVSS5.9AI score0.00344EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/07 3:23 a.m.6 views

CVE-2026-41890

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.31.1.0 to before version 0.31.8.0, the deleteProcess action accepts a POST parameter tables containing arbitrary table names. These are pass...

6.9CVSS5.9AI score0.00344EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2026/05/07 3:23 a.m.42 views

CVE-2026-41890 CI4MS: Arbitrary Database Table Drop via Theme deleteProcess

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.31.1.0 to before version 0.31.8.0, the deleteProcess action accepts a POST parameter tables containing arbitrary table names. These are pass...

6.9CVSS0.00344EPSS
Exploits0References2
CVE
CVEadded 2026/05/07 3:23 a.m.14 views

CVE-2026-41890

CVE-2026-41890 affects CI4MS prior to 0.31.8.0. The issue arises in the deleteProcess() action where the POST parameter tables[] is passed directly to $forge-&gt;dropTable() without validating that the tables belong to the theme being deleted. The deleteConfirm view uses the theme’s own migration...

6.9CVSS5.9AI score0.00344EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/07 3:19 a.m.5 views

CVE-2026-41203

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.5.0, ci4ms Theme::upload extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user...

9.4CVSS6.5AI score0.00484EPSS
Exploits0References3Affected Software1
EUVD
EUVDadded 2026/05/07 3:19 a.m.9 views

EUVD-2026-28257

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.5.0, ci4ms Theme::upload extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user...

9.4CVSS6.5AI score0.00484EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/07 3:19 a.m.34 views

CVE-2026-41203 ci4ms Theme::upload is vulnerable to Zip Slip leading to RCE

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.5.0, ci4ms Theme::upload extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user...

9.4CVSS0.00484EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/05/07 3:19 a.m.7 views

CVE-2026-41203 ci4ms Theme::upload is vulnerable to Zip Slip leading to RCE

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.5.0, ci4ms Theme::upload extracts user uploaded ZIP archives without validating entry names, allowing an authenticated backend user...

9.4CVSS6.5AI score0.00484EPSS
Exploits0References2
CVE
CVEadded 2026/05/07 3:19 a.m.11 views

CVE-2026-41203

Summary: CVE-2026-41203 affects ci4ms Theme::upload in the CodeIgniter 4-based cms skeleton (ci4ms). Before v0.31.5.0, uploading a ZIP theme can bypass entry-name validation and enable Zip Slip, allowing an authenticated backend user with theme-create rights to extract files outside the intended ...

9.4CVSS6.5AI score0.00484EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/05/07 3:14 a.m.35 views

CVE-2026-41587 CI4MS: Unrestricted PHP File Upload via Theme Installation Leads to Authenticated Remote Code Execution

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0.0 to before version 0.31.7.0, a theme upload feature allows any authenticated backend user with theme-upload permission to achieve remo...

8.6CVSS0.00501EPSS
Exploits0References2
CVE
CVEadded 2026/05/07 3:14 a.m.9 views

CVE-2026-41587

CVE-2026-41587 affects CI4MS, a CodeIgniter 4-based CMS skeleton. The vulnerability resides in the theme upload flow: from versions 0.26.0.0 up to before 0.31.7.0, an authenticated backend user with theme-upload permission can upload a crafted ZIP, causing files (including PHP) to be placed into ...

8.6CVSS6.4AI score0.00501EPSS
Exploits0References2
EUVD
EUVDadded 2026/05/07 3:14 a.m.7 views

EUVD-2026-28260

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0.0 to before version 0.31.7.0, a theme upload feature allows any authenticated backend user with theme-upload permission to achieve remo...

8.6CVSS6.4AI score0.00501EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/05/07 3:14 a.m.5 views

CVE-2026-41587

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. From version 0.26.0.0 to before version 0.31.7.0, a theme upload feature allows any authenticated backend user with theme-upload permission to achieve remo...

8.6CVSS6.4AI score0.00501EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder