CVE-2026-32299

CVE-2026-32299 is linked to a GitHub Advisory for Connect CMS describing an improper authorization vulnerability in the page content retrieval feature. The issue could allow a third party to access contents and attachments of non-public pages due to insufficient authorization checks. Affected sof...

CVE-2026-32279

CVE-2026-32279 is not reserved by itself in the connected documents; a concrete vulnerability is described in the GitHub Advisory GHSA-jh46-85jr-6ph9 for Connect CMS Page Management Plugin. The issue is a Server-Side Request Forgery (SSRF) in the external page migration feature of the Page Manage...

CVE-2026-32277

Summary: CVE-2026-32277 affects Connect-CMS Cabinet Plugin list view with a DOM-based XSS. Affected versions: 1.x series >= 1.35.0 and = 2.35.0 and

CVE-2026-32300

This CVE entry relates to Connect CMS (My Page Profile Update) with an improper authorization flaw that can allow an authenticated attacker to modify arbitrary user information (including passwords). Affected versions are 1.x up to 1.41.0 and 2.x up to 2.41.0. The vulnerability enables takeover o...

CVE-2026-32276

CVE-2026-32276 affects Connect-CMS and its Code Study Plugin . Affected versions: 1.x ≤ 1.41.0 and 2.x ≤ 2.41.0. An authenticated user could trigger arbitrary code execution on the server through the Code Study Plugin. The vulnerability is addressed in patched releases: 1.41.1 (1.x) and 2.41.1 (2...

CVE-2026-32278

Connect CMS has a Stored XSS vulnerability in the Form Plugin file field. Affected versions are 1.x up to 1.41.0 and 2.x up to 2.41.0. The issue can allow arbitrary script execution in an administrator’s browser if exploited. Patched versions are 1.41.1 and 2.41.1. Remediation is to upgrade the F...