CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

RedhatCVE•added 2026/06/05 7:43 p.m.•6 views

CVE-2026-8416

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file addFavoriteFolder$id. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

8.8CVSS5.5AI score0.00019EPSS

Exploits0References1

EUVD•added 2026/05/22 12:31 a.m.•7 views

EUVD-2026-31363

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file approveVersion. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

2.3CVSS5.8AI score0.00017EPSS

Exploits0References2

Cvelist•added 2026/05/21 9:28 p.m.•26 views

CVE-2026-8416 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file addFavoriteFolder($id)

2.3CVSS0.00019EPSS

Exploits0References1

ATTACKERKB•added 2026/05/21 9:27 p.m.•3 views

CVE-2026-8427

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file removeFavoriteFolder$id. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

2.3CVSS5.8AI score0.00019EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/21 9:23 p.m.•6 views

CVE-2026-8434 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescanMultiple()

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file rescanMultiple. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

2.3CVSS5.8AI score0.00019EPSS

Exploits0References1

Positive Technologies•added 2026/05/21 12:0 a.m.•8 views

PT-2026-42572

Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.0.0 through 9.4.x Description Cross Site Request Forgery CSRF occurs at the 'concrete/controllers/backend/file' endpoint within the addFavoriteFolder$id function. CSRF is a flaw that allows an attacker to induce a user ...

2.3CVSS5.8AI score0.00019EPSS

Exploits0References4

Positive Technologies•added 2026/05/21 12:0 a.m.•8 views

PT-2026-42577

Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.0 through 9.4.x Description Cross Site Request Forgery CSRF occurs at the 'concrete/controllers/backend/file' endpoint within the approveVersion function. CSRF is a flaw that allows an attacker to induce a user to perfo...

2.3CVSS5.8AI score0.00017EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by