Skip to content

Security data

Weaknesses (CWE)The MITRE CWE weakness catalog
Attack Patterns (CAPEC)MITRE CAPEC attack patterns
CNAsNumbering authorities + report cards
VendorsVulnerabilities by vendor

Tools

CVSS CalculatorScore CVSS 4.0, 3.1, 3.0 & 2.0

Resources

LearnPlain-English security guides
Data SourcesHow we source CVE data

About Us Blog Pricing Book a Demo

Log in

RadicalNotion.AI

We do not sell or share your personal information

© 2026 RadicalNotion.AI

Security Data

CWE Directory
CAPEC Directory
CNA Directory
CNA Report Cards
Data Sources

Calculators

CVSS Calculator
CVSS 4.0
CVSS 3.1
CVSS 3.0
CVSS 2.0

Platform

My Vulnerabilities
Insights
Notifications
Account
Pricing

Company

About us
Blog
Learn
Book a demo

Get Started

Sign up
Log in

Legal

Privacy
Terms

Home
Vendors
Ci4 Cms Erp

ci4-cms-erp Vulnerabilities: CVEs, CISA KEV & Security Advisories

33 CVEs

ci4-cms-erp Vulnerabilities

CVE security advisories and vulnerability history for ci4-cms-erp.

33

Total CVEs

Published

0

In CISA KEV

Exploited in the wild

30

Public exploits

With known exploit

7.9

Avg CVSS

2026–2026

Overview

ci4-cms-erp has 33 published CVE records since 2026, of which 0 are in CISA's Known Exploited Vulnerabilities catalog and 30 have a known public exploit. The average CVSS base score across scored CVEs is 7.9.

This page aggregates every publicly disclosed vulnerability (CVE) affecting ci4-cms-erp products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of ci4-cms-erp's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical17

High6

Medium10

Low0

In CISA’s Known Exploited Vulnerabilities catalog

0

None of ci4-cms-erp's CVEs are currently listed in CISA's KEV catalog.

Public exploits

30

30 of ci4-cms-erp's CVEs have a known public exploit available.

Most affected products

The ci4-cms-erp products with the most published CVEs.

ci4-cms-erp/ci4ms33 CVEs
ci4ms33 CVEs

Common weakness types

The CWE weakness categories most often found in ci4-cms-erp CVEs. Follow any weakness for its full explanation.

CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')21 CVEs
CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')2 CVEs
CWE-1254Incorrect Comparison Logic Granularity2 CVEs
CWE-285Improper Authorization1 CVE
CWE-306Missing Authentication for Critical Function1 CVE
CWE-434Unrestricted Upload of File with Dangerous Type1 CVE
CWE-613Insufficient Session Expiration1 CVE
CWE-93Improper Neutralization of CRLF Sequences ('CRLF Injection')1 CVE

CNAs that assign these CVEs

The CVE Numbering Authorities that publish ci4-cms-erp CVE records.

GitHub_M33 CVEs

Latest ci4-cms-erp CVEs

The most recently disclosed vulnerabilities affecting ci4-cms-erp.

CI4MS: Deactivated User Session Bypass (active=0)
CWE-613
Medium · CVSS 5.3
EPSS 0.0%2026-05-07
CI4MS: Arbitrary Database Table Drop via Theme deleteProcess
CWE-20
Medium · CVSS 6.9
EPSS 0.0%2026-05-07
ci4ms Theme::upload is vulnerable to Zip Slip leading to RCE
CWE-22
Critical · CVSS 9.4
EPSS 0.5%2026-05-07
ci4ms Backup::restore is vulnerable to Zip Slip leading to RCE
CWE-22
Critical · CVSS 9.4
EPSS 0.5%2026-05-07
CI4MS: Backup Management Full Account Takeover for All-Roles & Privilege-Escalation via Stored DOM Blind XSS Version 2
CWE-79
Critical · CVSS 9.1
EPSS 0.1%2026-05-07
CI4MS: Unrestricted PHP File Upload via Theme Installation Leads to Authenticated Remote Code Execution
CWE-434
High · CVSS 8.6
EPSS 0.1%2026-05-07
CI4MS has an .env CRLF Injection via Unvalidated `host` Parameter in Install Controller
CWE-93
High · CVSS 8.1
EPSS 0.0%2026-04-08
Post-Installation Re-entry via Cache-Dependent Install Guard Bypass in ci4ms
CWE-306
High · CVSS 8.1
EPSS 0.1%2026-04-08
CI4MS has Stored XSS in Pages Content Due to Missing html_purify Sanitization
CWE-79
Medium · CVSS 5.5
EPSS 0.0%2026-04-08
CI4MS has Stored XSS via Unescaped Blacklist Note in Admin User List
CWE-79
Medium · CVSS 4.8
EPSS 0.0%2026-04-08
CI4MS has Stored XSS via srcdoc attribute bypass in Google Maps iframe setting
CWE-79
Medium · CVSS 5.5
EPSS 0.0%2026-04-08
CI4MS has a Hidden Items Authorization Bypass in Fileeditor Allows Reading Secrets and Writing Protected Files
CWE-285
Medium · CVSS 6.7
EPSS 0.0%2026-04-08

Track new ci4-cms-erp CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor ci4-cms-erp CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

microsoft24,097 CVEs Linux19,131 CVEs google14,281 CVEs apple14,019 CVEs oracle10,440 CVEs debian10,201 CVEs IBM8,265 CVEs Adobe7,222 CVEs

Browse all vendors

Frequently asked questions

Common questions about ci4-cms-erp vulnerabilities.

How many CVEs does ci4-cms-erp have?

ci4-cms-erp has 33 published CVE records since 2026, including 33 in the last two years.

How many ci4-cms-erp CVEs are in CISA KEV?

None of ci4-cms-erp's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.

Which ci4-cms-erp products have the most CVEs?

The ci4-cms-erp products with the most published CVEs are ci4-cms-erp/ci4ms, ci4ms.

What are the most common weakness types in ci4-cms-erp CVEs?

ci4-cms-erp's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-22 (Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')), CWE-1254 (Incorrect Comparison Logic Granularity), CWE-285 (Improper Authorization).

Are there public exploits for ci4-cms-erp vulnerabilities?

Yes — 30 of ci4-cms-erp's CVEs have a known public exploit.

How many critical ci4-cms-erp vulnerabilities are there?

ci4-cms-erp has 17 critical and 6 high-severity CVEs.

What is the average severity of ci4-cms-erp CVEs?

The average CVSS base score across ci4-cms-erp's scored CVEs is 7.9.

References

The MITRE CVE Program (opens in a new tab)
Learn: What is a CVE?
CWE directory: the weakness types these CVEs map to
CNA directory: the CNAs that assign these CVEs

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track ci4-cms-erp vulnerabilities

Monitor new ci4-cms-erp vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing

On this page

Overview
Severity and exploitation
Most affected products
Common weakness types
Assigning CNAs
Latest CVEs
Other vendors
FAQ
References