2 matches found
CVE-2026-8327
creationtimestamp| type| source ---|---|--- 2026-05-22 02:53:00+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mmfwkatib32o...
CVE-2026-8327 Concrete CMS below 9.5.0 and below is vulnerable to password change without reauthorization and session-hardening bypass.
Concrete CMS below 9.5.0 and below is vulnerable to password change without reauthorization and session-hardening bypass. The user-profile edit controller passes the entire raw POST array to UserInfo::update without field whitelisting resulting in password change without requiring the current...