Latest CVE Vulnerabilities

5.3 MEDIUM

CVE-2026-5313 — Nothings stb GIF Decoder stb_image.h stbi__gif_load_next denial of service

A vulnerability has been found in Nothings stb up to 2.30. This issue affects the function stbi__gif_load_next in the library stb_image.h of the component GIF Decoder. Such manipulation leads to deni…

Remote | Denial of Service

Apr 01, 2026 Apr 01, 2026

Apr 01, 2026

8.6 HIGH

CVE-2026-3987 — WatchGuard Firebox Arbitrary File Write vis Path Traversal in Fireware Web UI

A path traversal vulnerability in the Fireware OS Web UI on WatchGuard Firebox systems may allow a privileged authenticated remote attacker to execute arbitrary code in the context of an elevated sys…

Remote | Path Traversal

Apr 01, 2026 Apr 01, 2026

Apr 01, 2026

8.8 HIGH

CVE-2026-34572 — CI4MS: Account Deactivation Module Full Persistent Unauthorized Access for All‑Roles via …

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to immed…

Remote | Authorization

Apr 01, 2026 Apr 01, 2026

Apr 01, 2026

9.9 CRITICAL

CVE-2026-34571 — CI4MS: Stored Cross‑Site Scripting (Stored XSS) in Backend User Management Allows Session…

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, a Stored Cross-Site Scripting …

Remote | Cross-Site Scripting

Apr 01, 2026 Apr 01, 2026

Apr 01, 2026

10.0 CRITICAL

CVE-2026-34570 — CI4MS: Account Deletion Module Full Persistent Unauthorized Access for All‑Roles via Impr…

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to immed…

Remote | Authorization

Apr 01, 2026 Apr 01, 2026

Apr 01, 2026

9.9 CRITICAL

CVE-2026-34569 — CI4MS: Blogs Categories Full Account Takeover for All-Roles & Privilege-Escalation via St…

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to prope…

Remote | Cross-Site Scripting

Apr 01, 2026 Apr 01, 2026

Apr 01, 2026

9.1 CRITICAL

CVE-2026-34568 — CI4MS: Blogs Posts Full Account Takeover for All-Roles & Privilege-Escalation via Stored …

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to prope…

Remote | Cross-Site Scripting

Apr 01, 2026 Apr 01, 2026

Apr 01, 2026

9.1 CRITICAL

CVE-2026-34567 — CI4MS: Blogs Posts (Categories) Full Account Takeover for All-Roles & Privilege-Escalatio…

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to prope…

Remote | Cross-Site Scripting

Apr 01, 2026 Apr 01, 2026

Apr 01, 2026

9.1 CRITICAL

CVE-2026-34566 — CI4MS: Pages Management Full Account Takeover for All-Roles & Privilege-Escalation via St…

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to prope…

Remote | Cross-Site Scripting

Apr 01, 2026 Apr 01, 2026

Apr 01, 2026

9.1 CRITICAL

CVE-2026-34565 — CI4MS: Menu Management (Posts) Full Account Takeover for All-Roles & Privilege-Escalation…

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to prope…

Remote | Cross-Site Scripting

Apr 01, 2026 Apr 01, 2026

Apr 01, 2026

9.1 CRITICAL

CVE-2026-34564 — CI4MS: Menu Management (Pages) Full Account Takeover for All-Roles & Privilege-Escalation…

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to prope…

Remote | Cross-Site Scripting

Apr 01, 2026 Apr 01, 2026

Apr 01, 2026

9.1 CRITICAL

CVE-2026-34563 — CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via S…

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to prope…

Remote | Cross-Site Scripting

Apr 01, 2026 Apr 01, 2026

Apr 01, 2026

4.7 MEDIUM

CVE-2026-34562 — CI4MS: System Settings (Company Information) Full Platform Compromise & Full Account Take…

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to prope…

Remote | Cross-Site Scripting

Apr 01, 2026 Apr 01, 2026

Apr 01, 2026

4.7 MEDIUM

CVE-2026-34561 — CI4MS: System Settings (Social Media Management) Full Platform Compromise & Full Account …

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to prope…

Remote | Cross-Site Scripting

Apr 01, 2026 Apr 01, 2026

Apr 01, 2026

9.1 CRITICAL

CVE-2026-34560 — CI4MS: Logs Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM XSS

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application renders user-c…

Remote | Cross-Site Scripting

Apr 01, 2026 Apr 01, 2026

Apr 01, 2026

9.1 CRITICAL

CVE-2026-34559 — CI4MS: Blogs Tags Full Account Takeover for All-Roles & Privilege-Escalation via Stored D…

CI4MS is a CodeIgniter 4-based CMS skeleton that delivers a production-ready, modular architecture with RBAC authorization and theme support. Prior to version 0.31.0.0, the application fails to prope…

Remote | Cross-Site Scripting

Apr 01, 2026 Apr 01, 2026

Apr 01, 2026

0.0 NA

CVE-2026-5314 — Nothings stb TTF File stb_truetype.h stbtt_InitFont_internal out-of-bounds

A vulnerability was found in Nothings stb up to 1.26. Impacted is the function stbtt_InitFont_internal in the library stb_truetype.h of the component TTF File Handler. Performing a manipulation resul…

| Memory Corruption

Apr 01, 2026 Apr 01, 2026

Apr 01, 2026

5.5 MEDIUM

CVE-2026-5312 — D-Link DNS-1550-04 dsk_mgr.cgi Get_current_raidtype access control

A weakness has been identified in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-72…

Remote | Authorization

Apr 01, 2026 Apr 01, 2026

Apr 01, 2026

4.3 MEDIUM

CVE-2026-4820 — IBM Maximo Application Suite was vulnerable to because Cookie ltpatoken2_<workspace_name>…

IBM Maximo Application Suite 9.1, 9.0, 8.11, and 8.10 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http://…

Remote | Information Disclosure

Apr 01, 2026 Apr 01, 2026

Apr 01, 2026

5.4 MEDIUM

CVE-2026-4364 — Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security V…

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Acce…

Remote | Cross-Site Scripting

Apr 01, 2026 Apr 01, 2026

Apr 01, 2026

Browse by Apps

Latest CVE Feed

Cookie Preferences