浏览 23+ 条来自 NVD 与 CNNVD 的 CVE 漏洞,配 AI 中文翻译、AI POC 生成、每日情报;可按厂商、产品、严重等级、CWE 检索。
| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-39393 | Post-Installation Re-entry via Cache-Dependent Install Guard Bypass in ci4ms | ci4-cms-erp | ci4ms | High | 8.1 | 2026-04-08 14:31:45 | Deep Dive |
| CVE-2026-39389 | CI4MS has a Hidden Items Authorization Bypass in Fileeditor Allows Reading Secrets and Writing Protected Files | ci4-cms-erp | ci4ms | Medium | 6.7 | 2026-04-08 14:28:30 | Deep Dive |
| CVE-2026-35035 | CI4MS Company Information Public-Facing Page Full Platform Compromise & Full Account Takeover for All Roles & Privilege-Escalation via System Settings Company Information Stored DOM XSS | ci4-cms-erp | ci4ms | High | 7.2 | 2026-04-06 16:49:10 | Deep Dive |
| CVE-2026-34989 | CI4MS affected by Profile & User Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS | ci4-cms-erp | ci4ms | - | - | 2026-04-06 16:25:54 | Deep Dive |
| CVE-2026-34572 | CI4MS: Account Deactivation Module Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw) | ci4-cms-erp | ci4ms | High | 8.8 | 2026-04-01 21:35:11 | Deep Dive |
| CVE-2026-34571 | CI4MS: Stored Cross‑Site Scripting (Stored XSS) in Backend User Management Allows Session Hijacking and Full Administrative Account Compromise | ci4-cms-erp | ci4ms | Critical | 9.9 | 2026-04-01 21:32:17 | Deep Dive |
| CVE-2026-34570 | CI4MS: Account Deletion Module Full Persistent Unauthorized Access for All‑Roles via Improper Session Invalidation (Logic Flaw) | ci4-cms-erp | ci4ms | High | 8.8 | 2026-04-01 21:30:31 | Deep Dive |
| CVE-2026-34569 | CI4MS: Blogs Categories Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS | ci4-cms-erp | ci4ms | Critical | 9.9 | 2026-04-01 21:29:34 | Deep Dive |
| CVE-2026-34568 | CI4MS: Blogs Posts Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS | ci4-cms-erp | ci4ms | Critical | 9.1 | 2026-04-01 21:28:56 | Deep Dive |
| CVE-2026-34567 | CI4MS: Blogs Posts (Categories) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS | ci4-cms-erp | ci4ms | Critical | 9.1 | 2026-04-01 21:28:24 | Deep Dive |
| CVE-2026-34566 | CI4MS: Pages Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS | ci4-cms-erp | ci4ms | Critical | 9.1 | 2026-04-01 21:27:01 | Deep Dive |
| CVE-2026-34565 | CI4MS: Menu Management (Posts) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS | ci4-cms-erp | ci4ms | Critical | 9.1 | 2026-04-01 21:26:22 | Deep Dive |
| CVE-2026-34564 | CI4MS: Menu Management (Pages) Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS | ci4-cms-erp | ci4ms | Critical | 9.1 | 2026-04-01 21:25:53 | Deep Dive |
| CVE-2026-34563 | CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS | ci4-cms-erp | ci4ms | Critical | 9.1 | 2026-04-01 21:25:14 | Deep Dive |
| CVE-2026-34562 | CI4MS: System Settings (Company Information) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS | ci4-cms-erp | ci4ms | Medium | 4.7 | 2026-04-01 21:23:42 | Deep Dive |
| CVE-2026-34561 | CI4MS: System Settings (Social Media Management) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS | ci4-cms-erp | ci4ms | Medium | 4.7 | 2026-04-01 21:23:17 | Deep Dive |
| CVE-2026-34560 | CI4MS: Logs Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS | ci4-cms-erp | ci4ms | Critical | 9.1 | 2026-04-01 21:21:34 | Deep Dive |
| CVE-2026-34559 | CI4MS: Blogs Tags Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS | ci4-cms-erp | ci4ms | Critical | 9.1 | 2026-04-01 21:20:51 | Deep Dive |
| CVE-2026-34558 | CI4MS: Methods Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS | ci4-cms-erp | ci4ms | Critical | 9.1 | 2026-03-30 20:24:36 | Deep Dive |
| CVE-2026-34557 | CI4MS: Permissions Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS | ci4-cms-erp | ci4ms | Critical | 9.1 | 2026-03-30 20:24:24 | Deep Dive |