CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

96 matches found

CVE-2026-6075

The Media Library Assistant plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.35 This is due to missing nonce verification on the bulk action handlers in the settings tab handlers. This makes it possible for unauthenticated attackers to trick an...

8.1CVSS5.8AI score0.00043EPSS

Exploits0References12

Cvelist•added 6 days ago•30 views

CVE-2026-6075 Media Library Assistant <= 3.35 - Cross-Site Request Forgery via Bulk Action Form

8.1CVSS0.00043EPSS

Exploits0References11

EUVD•added 2026/05/22 12:31 a.m.•5 views

EUVD-2026-31373

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/page/bulk/delete. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonata...

2.3CVSS5.8AI score0.00019EPSS

Exploits0References2

EUVD•added 2026/05/22 12:31 a.m.•5 views

EUVD-2026-31376

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/logs/bulk/delete. The The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

2.3CVSS5.8AI score0.00022EPSS

Exploits0References2

NVD•added 2026/05/21 10:16 p.m.•6 views

CVE-2026-8410

8.8CVSS0.00022EPSS

Exploits0References1

NVD•added 2026/05/21 10:16 p.m.•6 views

CVE-2026-8411

8.8CVSS0.00019EPSS

Exploits0References1

Vulnrichment•added 2026/05/21 9:32 p.m.•3 views

CVE-2026-8410 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/bulk/delete

2.3CVSS5.8AI score0.00022EPSS

Exploits0References1

ATTACKERKB•added 2026/05/21 9:32 p.m.•2 views

CVE-2026-8410

2.3CVSS5.8AI score0.00022EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/05/21 9:32 p.m.•26 views

CVE-2026-8410 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/bulk/delete

2.3CVSS0.00022EPSS

Exploits0References1

CVE•added 2026/05/21 9:32 p.m.•9 views

CVE-2026-8410

Concrete CMS versions 9.0.0–9.4.9 are vulnerable to Cross-Site Request Forgery (CSRF) at the endpoint concrete/controllers/dialog/logs/bulk/delete. The issue stems from that specific path and affects versions up to 9.4.9; upgrading to 9.5.0 or later is recommended. The data in connected sources c...

8.8CVSS5.8AI score0.00022EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2026/05/21 9:32 p.m.•3 views

CVE-2026-8411 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/delete

2.3CVSS5.8AI score0.00019EPSS

Exploits0References1

Cvelist•added 2026/05/21 9:32 p.m.•24 views

CVE-2026-8411 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/delete

2.3CVSS0.00019EPSS

Exploits0References1

CVE•added 2026/05/21 9:32 p.m.•8 views

CVE-2026-8411

CVE-2026-8411 affects Concrete CMS 9.0.0–9.4.x, with CSRF at the endpoint concrete/controllers/dialog/page/bulk/delete. The issue is confirmed across multiple sources and is fixed in 9.5.0+. Exploitation requires user interaction and is scoped as a low CVSS 4.0 vector (AV:N/AC:L/AT:P/PR:N/UI:P/VC...

8.8CVSS5.8AI score0.00019EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/05/21 9:32 p.m.•2 views

CVE-2026-8411

2.3CVSS5.8AI score0.00019EPSS

Exploits0References2Affected Software1

CNNVD•added 2026/05/21 12:0 a.m.•3 views

Concrete CMS 跨站请求伪造漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS from 9 to 9.5.0 had a cross-site request forgeing vulnerability, which originated from the concrete/controllers/dialog/page/bulk/delete file...

8.8CVSS5.7AI score0.00019EPSS

Exploits0References1

Positive Technologies•added 2026/05/21 12:0 a.m.•4 views

PT-2026-42567

Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.0.0 through 9.4.x Description Concrete CMS is subject to Cross Site Request Forgery CSRF, a flaw where an attacker tricks a victim into performing actions they did not intend to do. This issue occurs at the...

2.3CVSS5.8AI score0.00019EPSS

Exploits0References3

Positive Technologies•added 2026/05/21 12:0 a.m.•5 views

PT-2026-42566

Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.0.0 through 9.4.9 Description Concrete CMS is subject to Cross Site Request Forgery CSRF, a flaw where an attacker tricks a logged-in user into executing unwanted actions. This issue occurs at the...

2.3CVSS5.8AI score0.00022EPSS

Exploits0References3

OSV•added 2026/05/05 6:28 p.m.•0 views

GHSA-9WHX-C884-C68Q Langflow Knowledge Bases API is Vulnerable to Path Traversal

Summary Langflow is vulnerable to Path Traversal in the Knowledge Bases API DELETE /api/v1/knowledgebases. This occurs because user-supplied knowledge base names are concatenated directly into file paths without proper sanitization or boundary validation. An authenticated attacker can exploit thi...

9.6CVSS6AI score0.00015EPSS

Exploits1References3

Github Security Blog•added 2026/05/05 6:28 p.m.•3 views

Langflow Knowledge Bases API is Vulnerable to Path Traversal

9.6CVSS6AI score0.00015EPSS

Exploits1References3Affected Software1

Positive Technologies•added 2026/04/28 12:0 a.m.•0 views

PT-2026-35816

Name of the Vulnerable Software and Affected Versions Langflow versions prior to 1.9.0 Description Langflow is a tool for building and deploying AI-powered agents and workflows. A path traversal flaw exists in the Knowledge Bases API endpoint "DELETE /api/v1/knowledge bases" within the delete...

9.6CVSS5.9AI score0.00015EPSS

Exploits1References12

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by