PT-2026-42773

Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in the Express association Reorder dialog. This can cause Cross-entity state tampering with view-only permission on one entry. To be affected, a website has to be using express and relying on express entity...

PT-2026-42797

Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the getResultLogs API endpoint authorizes the caller against the provided typebotId but fetches logs solely by resultId without verifying that the result belongs to the authorized typebot, leading to IDOR. An authenticated attacker...

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier contain security vulnerabilities. These vulnerabilities stem from insecure direct object references in the Express-associated reorder dialog boxes, as well as incorrect...

CVE-2026-7881

Concrete CMS 9.5.0 and below is subject to Insecure Direct Object Reference IDOR in the Express Entry Detail block via the exEntryID parameter. This IDOR leads to unauthorized access to all Express form submissions. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3...

CVE-2026-7886 Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments[] parameter

Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments parameter which can lead to file permission bypass. The AddMessage and UpdateMessage conversation controllers accept user-supplied file attachment IDs and load files directly via $em-findFile::class,...

CVE-2026-7886 Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments[] parameter

Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments parameter which can lead to file permission bypass. The AddMessage and UpdateMessage conversation controllers accept user-supplied file attachment IDs and load files directly via $em-findFile::class,...

CVE-2026-8337

Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unauthenticated attacker can vote in the restricted survey by submitting the restricted optionID throu...

CVE-2026-8337 Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys when sites are running concurrent public surveys and private surveys

Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unauthenticated attacker can vote in the restricted survey by submitting the restricted optionID throu...

CVE-2026-7881

CVE-2026-7881 affects Concrete CMS 9.5.0 and earlier. The vulnerability is an Insecure Direct Object Reference (IDOR) in the Express Entry Detail block via the exEntryID parameter, enabling unauthorized access to all Express form submissions. The CVSS v4.0 score is 6.3 (AV:N/AC:L/AT:P/PR:N/UI:N/V...

CVE-2026-8238

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/messagepage' endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and th...

CVE-2026-8237 Concrete CMS 9.5.0 and below is vulnerable to IDOR in the`/ccm/frontend/conversations/message_detail` endpoint

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The /ccm/frontend/conversations/messagedetail endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and th...

CVE-2026-8237

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The /ccm/frontend/conversations/messagedetail endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and th...

CVE-2026-8239

Concrete CMS

CVE-2026-8236

Concrete CMS 9.5.0 and earlier is affected by an IDOR flaw due to a missing authentication gate on GET requests to /ccm/system/dialogs/file/usage/{fID}. The endpoint accepts an integer file ID and can disclose internal site structure data (page IDs, versions, URL paths) to unauthenticated users. ...

CVE-2025-13479 IDOR in PosCube's QR Menu

Authorization bypass through User-Controlled key vulnerability in PosCube Hardware Software and Consulting Ltd. QR Menu allows Exploitation of Trusted Identifiers. This issue affects QR Menu: through 21052026. NOTE: The vendor was contacted early about this disclosure but did not respond in any w...

EUVD-2026-31206

The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the getsponsoredmeta AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2026-1881 Broadstreet <= 1.52.2 - Authenticated (Subscriber+) Private Post Meta Disclosure via get_sponsored_meta

The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the getsponsoredmeta AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...

PT-2026-42391

The Broadstreet plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.52.2 via the get sponsored meta AJAX action due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level...

PT-2026-42561

Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description An Insecure Direct Object Reference IDOR exists where the '/ccm/frontend/conversations/get rating' endpoint confirms the existence of and returns the rating score for any message by ID. IDOR is ...

PT-2026-42556

Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description An Insecure Direct Object Reference IDOR exists in the 'AddMessage' and 'UpdateMessage' conversation controllers. These controllers accept user-supplied file attachment IDs through the attachmen...