CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

89552 matches found

NVD•added 2026/05/21 10:16 p.m.•15 views

CVE-2026-8414

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/event/duplicate. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan...

8.8CVSS0.0013EPSS

Exploits0References1

NVD•added 2026/05/21 10:16 p.m.•11 views

CVE-2026-8427

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file removeFavoriteFolder$id. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

8.8CVSS0.0013EPSS

Exploits0References1

NVD•added 2026/05/21 10:16 p.m.•17 views

CVE-2026-8415

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/express/association/reorder. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

8.8CVSS0.0013EPSS

Exploits0References1

NVD•added 2026/05/21 10:16 p.m.•14 views

CVE-2026-8434

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file rescanMultiple. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

8.8CVSS0.0013EPSS

Exploits0References1

NVD•added 2026/05/21 10:16 p.m.•19 views

CVE-2026-8432

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file star. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan Dror...

8.8CVSS0.0013EPSS

Exploits0References1

NVD•added 2026/05/21 10:16 p.m.•14 views

CVE-2026-8433

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file rescan. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan...

8.8CVSS0.0013EPSS

Exploits0References1

NVD•added 2026/05/21 10:16 p.m.•15 views

CVE-2026-8416

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file addFavoriteFolder$id. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

8.8CVSS0.0013EPSS

Exploits0References1

NVD•added 2026/05/21 10:16 p.m.•12 views

CVE-2026-8409

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/logs/delete. The The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan...

8.8CVSS0.00142EPSS

Exploits0References1

NVD•added 2026/05/21 10:16 p.m.•13 views

CVE-2026-8410

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/logs/bulk/delete. The The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

8.8CVSS0.00142EPSS

Exploits0References1

NVD•added 2026/05/21 10:16 p.m.•12 views

CVE-2026-8412

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/page/bulk/cache. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan...

8.8CVSS0.0013EPSS

Exploits0References1

NVD•added 2026/05/21 10:16 p.m.•19 views

CVE-2026-7882

Concrete CMS 9.5.0 and below is vulnerable to unauthorized file deletion due to an Inverted CSRF token check in the DeleteFile controller. The code throws an error when the token IS valid and proceeds with file deletion when the token is invalid or missing. This effectively disables CSRF protecti...

4.3CVSS0.00116EPSS

Exploits0References1

Vulnrichment•added 2026/05/21 9:43 p.m.•11 views

CVE-2026-7890 Concrete CMS 9.5.0 is vulnerable to SSRF via RSS Displayer Block

In Concrete CMS 9.5.0 and below, the RSS Displayer block accepts a feed URL from any page editor and fetches it server-side without validation enabling redirect-to-internal bypasses. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.1 with a...

2.1CVSS5.8AI score0.00152EPSS

Exploits0References1

Vulnrichment•added 2026/05/21 9:40 p.m.•11 views

CVE-2026-8409 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/delete

2.3CVSS5.8AI score0.00142EPSS

Exploits0References1

CVE•added 2026/05/21 9:40 p.m.•26 views

CVE-2026-8409

Concrete CMS 9 before 9.5.0 is vulnerable to Cross-Site Request Forgery (CSRF) at the endpoint concrete/controllers/dialog/logs/delete. This CSRF flaw can enable an attacker to trick a user into submitting a request, with CVSS v4.0 base score 2.3 reported. Remediation: upgrade to Concrete CMS 9.5...

8.8CVSS5.8AI score0.00142EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/05/21 9:40 p.m.•6 views

CVE-2026-8409

2.3CVSS5.8AI score0.00142EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/21 9:32 p.m.•9 views

CVE-2026-8410 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/bulk/delete

2.3CVSS5.8AI score0.00142EPSS

Exploits0References1

ATTACKERKB•added 2026/05/21 9:32 p.m.•6 views

CVE-2026-8410

2.3CVSS5.8AI score0.00142EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/05/21 9:32 p.m.•31 views

CVE-2026-8410 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/bulk/delete

2.3CVSS0.00142EPSS

Exploits0References1

CVE•added 2026/05/21 9:32 p.m.•20 views

CVE-2026-8410

Concrete CMS versions 9.0.0–9.4.9 are vulnerable to Cross-Site Request Forgery (CSRF) at the endpoint concrete/controllers/dialog/logs/bulk/delete. The issue stems from that specific path and affects versions up to 9.4.9; upgrading to 9.5.0 or later is recommended. The data in connected sources c...

8.8CVSS5.8AI score0.00142EPSS

Exploits0References1Affected Software1

CVE•added 2026/05/21 9:32 p.m.•17 views

CVE-2026-8411

CVE-2026-8411 affects Concrete CMS 9.0.0–9.4.x, with CSRF at the endpoint concrete/controllers/dialog/page/bulk/delete. The issue is confirmed across multiple sources and is fixed in 9.5.0+. Exploitation requires user interaction and is scoped as a low CVSS 4.0 vector (AV:N/AC:L/AT:P/PR:N/UI:P/VC...

8.8CVSS5.8AI score0.0013EPSS

Exploits0References1Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by