| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-31956 | Xibo CMS has Preview and SavedReport IDOR via disableUserCheck without controller-level authorization | xibosignage | xibo-cms | Medium | 4.3 | 2026-04-24 00:16:03 | Deep Dive |
| CVE-2026-31955 | Xibo CMS has Authenticated Server-Side Request Forgery (SSRF) in Remote DataSet Functionality | xibosignage | xibo-cms | Medium | 4.9 | 2026-04-24 00:14:16 | Deep Dive |
| CVE-2026-31953 | Xibo CMS has Stored XSS via Notification Body with Zero-Click Execution on Login | xibosignage | xibo-cms | Medium | 6.4 | 2026-04-24 00:08:22 | Deep Dive |
| CVE-2026-31952 | Xibo CMS API has SQL Injection via DataSet Filter Parameter | xibosignage | xibo-cms | High | 7.6 | 2026-04-24 00:05:05 | Deep Dive |
| CVE-2026-40529 | KANATA CMS ALAYA SQL注入漏洞 | KANATA Limited | CMS ALAYA | - | - | 2026-04-23 04:15:33 | Deep Dive |
| CVE-2026-41175 | Statamic: Unsafe method invocation via query value resolution allows data destruction | statamic | cms | High | 8.1 | 2026-04-22 21:25:50 | Deep Dive |
| CVE-2026-41130 | Craft CMS has a host header injection leading to SSRF via resource-js endpoint | craftcms | cms | - | - | 2026-04-21 23:36:31 | Deep Dive |
| CVE-2026-41129 | Craft CMS has Server-Side Request Forgery (SSRF) with Asset Uploads Mutations | craftcms | cms | - | - | 2026-04-21 23:34:57 | Deep Dive |
| CVE-2026-41128 | Craft CMS has a Missing Authorization Check on User Group Removal via save-permissions Action | craftcms | cms | - | - | 2026-04-21 23:32:38 | Deep Dive |
| CVE-2026-6553 | TYPO3 CMS Stores Cleartext Password in User Settings Module | TYPO3 | TYPO3 CMS | - | - | 2026-04-21 10:04:03 | Deep Dive |
| CVE-2026-3317 | Reflected Cross-Site Scripting in Navigate CMS application | Navigate | Navigate CMS | - | - | 2026-04-21 09:04:00 | Deep Dive |
| CVE-2026-6674 | Plugin: CMS für Motorrad Werkstätten <= 1.0.0 - Authenticated (Subscriber+) SQL Injection via 'arttype' Parameter | tholstkabelbwde | Plugin: CMS für Motorrad Werkstätten | Medium | 6.5 | 2026-04-21 02:25:41 | Deep Dive |
| CVE-2026-6249 | Vvveb CMS 1.0.8 Remote Code Execution via Media Upload | Vvveb | Vvveb CMS | High | 8.8 | 2026-04-20 19:57:38 | Deep Dive |
| CVE-2026-6257 | Vvveb CMS v1.0.8 Remote Code Execution via Media Management | Vvveb | Vvveb CMS | Critical | 9.1 | 2026-04-20 19:09:46 | Deep Dive |
| CVE-2026-6652 | Pagekit CMS StringStorage Template PhpEngine.php evaluate eval injection | Pagekit | CMS | Medium | 4.7 | 2026-04-20 15:00:23 | Deep Dive |
| CVE-2026-6649 | Qibo CMS headers server-side request forgery | Qibo | CMS | Medium | 6.3 | 2026-04-20 13:30:41 | Deep Dive |
| CVE-2026-6648 | Qibo CMS Internal Message cross site scripting | Qibo | CMS | Low | 3.5 | 2026-04-20 13:00:45 | Deep Dive |
| CVE-2026-6633 | Yifang CMS Extended Management L_rbac_admin.php store cross site scripting | Yifang | CMS | Low | 3.5 | 2026-04-20 11:15:11 | Deep Dive |
| CVE-2026-41254 | Little CMS 安全漏洞 | littlecms | little cms color engine | Medium | 4.0 | 2026-04-18 06:43:14 | Deep Dive |
| CVE-2026-6487 | Qihui jtbc5 CMS Code Endpoint manage.php path traversal | Qihui | jtbc5 CMS | Medium | 4.3 | 2026-04-17 12:30:40 | Deep Dive |