Every CVE whose affected-product data names Mjdm Majordomo, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2026-27174 — CVSS 9.8 (critical): MajorDoMo (aka Major Domestic Module) allows unauthenticated remote code execution via the admin panel's PHP console feature. An include…
CVE-2026-27175 — CVSS 9.8 (critical): MajorDoMo (aka Major Domestic Module) is vulnerable to unauthenticated OS command injection via rc/index.php. The $param variable from user…
CVE-2023-50917 — CVSS 9.8 (critical): MajorDoMo (aka Major Domestic Module) before 0662e5e allows command execution via thumb.php shell metacharacters. NOTE: this is unrelated…
CVE-2026-27180 — CVSS 9.8 (critical): MajorDoMo (aka Major Domestic Module) is vulnerable to unauthenticated remote code execution through supply chain compromise via update URL…
CVE-2026-27179 — CVSS 8.2 (high): MajorDoMo (aka Major Domestic Module) contains an unauthenticated SQL injection vulnerability in the commands module. The…
CVE-2026-27181 — CVSS 7.5 (high): MajorDoMo (aka Major Domestic Module) allows unauthenticated arbitrary module uninstallation through the market module. The market module's…
CVE-2026-27178 — CVSS 7.2 (high): MajorDoMo (aka Major Domestic Module) contains a stored cross-site scripting (XSS) vulnerability through method parameter injection into…
CVE-2026-27177 — CVSS 7.2 (high): MajorDoMo (aka Major Domestic Module) contains a stored cross-site scripting (XSS) vulnerability via the /objects/?op=set endpoint, which…
CVE-2026-27176 — CVSS 6.1 (medium): MajorDoMo (aka Major Domestic Module) contains a reflected cross-site scripting (XSS) vulnerability in command.php. The $qry parameter is…