CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

Cvelist•added 2026/05/21 9:32 p.m.•27 views

CVE-2026-8411 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/delete

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/page/bulk/delete. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonata...

2.3CVSS0.00019EPSS

Exploits0References1

CVE•added 2026/05/21 9:31 p.m.•14 views

CVE-2026-8412

Concrete CMS prior to version 9.5.0 is vulnerable to Cross-Site Request Forgery (CSRF) at the endpoint concrete/controllers/dialog/page/bulk/cache. The issue is caused by insufficient verification of user intent for requests to that endpoint. Impact is described as CSRF with potential to perform ...

8.8CVSS5.8AI score0.00019EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/05/21 9:29 p.m.•3 views

CVE-2026-8415

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/express/association/reorder. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

2.3CVSS5.8AI score0.00019EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/21 9:27 p.m.•4 views

CVE-2026-8427 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file removeFavoriteFolder($id)

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file removeFavoriteFolder$id. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

2.3CVSS5.8AI score0.00019EPSS

Exploits0References1

Cvelist•added 2026/05/21 9:23 p.m.•31 views

CVE-2026-8434 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescanMultiple()

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file rescanMultiple. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

2.3CVSS0.00019EPSS

Exploits0References1

Positive Technologies•added 2026/05/21 12:0 a.m.•10 views

PT-2026-42576

Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.0 through 9.4.x Description Cross Site Request Forgery CSRF occurs at the 'concrete/controllers/backend/file' endpoint within the rescanMultiple function. CSRF is a type of attack that tricks a victim into submitting a...

8.8CVSS5.9AI score0.00019EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by