VIR Vulnerability Intelligence Relay

Package impact

php COMPOSER / ci4-cms-erp/ci4ms

Severitycriticalhighmediumlowunknown
0
KEVHas exploit
Reset
CVE Severity CVSS Risk Flags OS Vendor Published Description
CVE-2026-45139 medium 5.5 16d ago CI4MS Fileeditor allows deletion and rename of critical application files due to missing extension allowlist on destructive operations
CVE-2026-45138 medium 5.5 17d ago CI4MS: Stored XSS in Blog Content via Broken `html_purify` Validation Rule
CVE-2026-41891 medium 5.5 1mo ago CI4MS has a Deactivated User Session Bypass (active=0)
CVE-2026-41890 medium 5.5 1mo ago CI4MS Vulnerable to Arbitrary Database Table Drop via Theme deleteProcess