Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Vulnerability List
Clear Filters
Found 828 results
CVE IDTitleVendorProductSeverityCVSS ScorePublished AtAI Analysis
CVE-2026-34561 CI4MS: System Settings (Social Media Management) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS ci4-cms-erpci4ms Medium 4.7 2026-04-01 21:23:17 Deep Dive
CVE-2026-34560 CI4MS: Logs Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS ci4-cms-erpci4ms Critical 9.1 2026-04-01 21:21:34 Deep Dive
CVE-2026-34559 CI4MS: Blogs Tags Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS ci4-cms-erpci4ms Critical 9.1 2026-04-01 21:20:51 Deep Dive
CVE-2026-29014 MetInfo CMS Unauthenticated PHP Code Injection RCE MetInfo CMSMetInfo CMS Critical 9.8 2026-04-01 12:22:42 Deep Dive
CVE-2026-21630 Joomla! Core - [20260302] - SQL injection in com_content articles webservice endpoint Joomla! ProjectJoomla! CMS--2026-04-01 09:03:49 Deep Dive
CVE-2026-23898 Joomla! Core - [20260305] - Arbitrary file deletion in com_joomlaupdate Joomla! ProjectJoomla! CMS--2026-04-01 09:03:40 Deep Dive
CVE-2026-21629 Joomla! Core - [20260301] - ACL hardening in com_ajax Joomla! ProjectJoomla! CMS--2026-04-01 09:03:38 Deep Dive
CVE-2026-23899 Joomla! Core - [20260306] - Improper access check in webservice endpoints Joomla! ProjectJoomla! CMS--2026-04-01 09:03:19 Deep Dive
CVE-2026-21631 Joomla! Core - [20260303] - XSS vector in com_associations comparison view Joomla! ProjectJoomla! CMS--2026-04-01 09:03:17 Deep Dive
CVE-2026-21632 Joomla! Core - [20260304] - XSS vectors in various article title outputs Joomla! ProjectJoomla! CMS--2026-04-01 09:03:11 Deep Dive
CVE-2026-5203 CMS Made Simple UserGuide Module XML Import class.UserGuideImporterExporter.php _copyFilesToFolder path traversal -CMS Made Simple Medium 4.7 2026-03-31 15:45:09 Deep Dive
CVE-2026-34558 CI4MS: Methods Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS ci4-cms-erpci4ms Critical 9.1 2026-03-30 20:24:36 Deep Dive
CVE-2026-34557 CI4MS: Permissions Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS ci4-cms-erpci4ms Critical 9.1 2026-03-30 20:24:24 Deep Dive
CVE-2026-27599 CI4MS: System Settings (Mail Settings) Full Platform Compromise & Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS ci4-cms-erpci4ms Medium 4.7 2026-03-30 20:24:09 Deep Dive
CVE-2026-33887 Statamic allows unauthorized content access through missing authorization in its revision controllers statamiccms Medium 5.4 2026-03-27 20:41:24 Deep Dive
CVE-2026-33886 Statamic's sensitive configuration values are exposed to content editors via Antlers-enabled fields statamiccms Medium 6.5 2026-03-27 20:40:23 Deep Dive
CVE-2026-33885 Statamic has an Open Redirect on unauthenticated endpoints via URL parsing differential statamiccms Medium 6.1 2026-03-27 20:39:18 Deep Dive
CVE-2026-33884 Statamic's live preview token bypasses content protection for unrelated entries statamiccms Medium 4.3 2026-03-27 20:38:20 Deep Dive
CVE-2026-33883 Statamic has Reflected XSS via unescaped redirect parameter in its password reset form tag statamiccms Medium 6.1 2026-03-27 20:37:21 Deep Dive
CVE-2026-33882 Statamic's Markdown preview endpoint exposes sensitive user data statamiccms Medium 6.5 2026-03-27 20:36:32 Deep Dive