Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

RedhatCVE
RedhatCVEadded 2026/02/05 1:22 a.m.4 views

CVE-2026-25509

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether...

5.3CVSS5.4AI score0.00349EPSS
Exploits0References1
NVD
NVDadded 2026/02/03 10:16 p.m.8 views

CVE-2026-25509

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether...

5.3CVSS0.00349EPSS
Exploits0References2
Snyk
Snykadded 2026/02/03 10:4 p.m.1 views

Arbitrary File Upload

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Arbitrary File Upload via the /backend/fileeditor/createFile and /backend/fileeditor/save API endpoints. An attacker can execute arbitrary code on the server by uploading...

9.9CVSS6.2AI score0.00805EPSS
Exploits1References2
Vulnrichment
Vulnrichmentadded 2026/02/03 9:17 p.m.6 views

CVE-2026-25510 CI4MS Vulnerable to Remote Code Execution (RCE) via Arbitrary File Creation and Save in File Editor

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, an authenticated user with file editor permissions can achieve Remote Code Execution RCE by leveraging the file creation and sav...

9.9CVSS6AI score0.00805EPSS
Exploits1References2
OSV
OSVadded 2026/02/03 9:16 p.m.4 views

CVE-2026-25509 CI4MS Vulnerable to User Email Enumeration via Password Reset Flow

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.28.5.0, the authentication implementation in CI4MS is vulnerable to email enumeration. An unauthenticated attacker can determine whether...

5.3CVSS5.5AI score0.00349EPSS
Exploits0References4
CNNVD
CNNVDadded 2026/02/03 12:0 a.m.4 views

CI4MS 安全漏洞

CI4MS is an open-source blog page management tool developed by Ci4MS. Versions of CI4MS prior to 0.28.5.0 contained security vulnerabilities. These vulnerabilities stemmed from email enumeration issues in the authentication implementation. Unverified attackers could determine whether email...

5.3CVSS5.8AI score0.00349EPSS
Exploits0References2
Snyk
Snykadded 2026/02/02 9:52 p.m.2 views

Information Exposure

Overview ci4-cms-erp/ci4ms is a composer create-project ci4-cms-erp/ci4ms Affected versions of this package are vulnerable to Information Exposure via the password reset. An attacker can determine whether specific email addresses are registered in the system by analyzing the application's respons...

6.9CVSS5.6AI score0.00349EPSS
Exploits0References2
Rows per page
Query Builder