CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

89552 matches found

Vulnrichment•added 2026/05/21 9:28 p.m.•6 views

CVE-2026-8416 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file addFavoriteFolder($id)

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file addFavoriteFolder$id. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

2.3CVSS5.8AI score0.0013EPSS

Exploits0References1

ATTACKERKB•added 2026/05/21 9:28 p.m.•4 views

CVE-2026-8416

2.3CVSS5.8AI score0.0013EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/05/21 9:28 p.m.•30 views

CVE-2026-8416 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file addFavoriteFolder($id)

2.3CVSS0.0013EPSS

Exploits0References1

CVE•added 2026/05/21 9:28 p.m.•19 views

CVE-2026-8416

Concrete CMS versions 9.0.0 through 9.4.x are vulnerable to Cross Site Request Forgery (CSRF) in the concrete/controllers/backend/file addFavoriteFolder($id) function. The issue stems from CSRF protection gaps in that endpoint. Public disclosures in multiple sources (including PT-2026-42572) conf...

8.8CVSS5.8AI score0.0013EPSS

Exploits0References1Affected Software1

CVE•added 2026/05/21 9:27 p.m.•18 views

CVE-2026-8427

Concrete CMS versions 9.0.0–9.4.x are affected by a Cross-Site Request Forgery (CSRF) in the endpoint concrete/controllers/backend/file removeFavoriteFolder($id). The issue is caused by insufficient CSRF protection in that function, enabling an attacker to induce authenticated users to perform un...

8.8CVSS5.8AI score0.0013EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/05/21 9:27 p.m.•4 views

CVE-2026-8427

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file removeFavoriteFolder$id. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

2.3CVSS5.8AI score0.0013EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/05/21 9:27 p.m.•29 views

CVE-2026-8427 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file removeFavoriteFolder($id)

2.3CVSS0.0013EPSS

Exploits0References1

Vulnrichment•added 2026/05/21 9:27 p.m.•7 views

CVE-2026-8427 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file removeFavoriteFolder($id)

2.3CVSS5.8AI score0.0013EPSS

Exploits0References1

Vulnrichment•added 2026/05/21 9:26 p.m.•8 views

CVE-2026-8432 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file star()

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file star. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan Dror...

2.3CVSS5.8AI score0.0013EPSS

Exploits0References1

Cvelist•added 2026/05/21 9:26 p.m.•33 views

CVE-2026-8432 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file star()

2.3CVSS0.0013EPSS

Exploits0References1

CVE•added 2026/05/21 9:26 p.m.•27 views

CVE-2026-8432

Concrete CMS versions prior to 9.5.0 are affected by a Cross-Site Request Forgery (CSRF) at the endpoint concrete/controllers/backend/file star(), due to a flaw in the star() function. Affected range includes 9.0.0 through 9.4.x. The issue is exploited by convincing an authenticated user to perfo...

8.8CVSS5.8AI score0.0013EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/05/21 9:26 p.m.•5 views

CVE-2026-8432

2.3CVSS5.8AI score0.0013EPSS

Exploits0References2Affected Software1

ATTACKERKB•added 2026/05/21 9:25 p.m.•6 views

CVE-2026-8433

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file rescan. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan...

2.3CVSS5.8AI score0.0013EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/05/21 9:25 p.m.•35 views

CVE-2026-8433 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescan()

2.3CVSS0.0013EPSS

Exploits0References1

Vulnrichment•added 2026/05/21 9:25 p.m.•6 views

CVE-2026-8433 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescan()

2.3CVSS5.8AI score0.0013EPSS

Exploits0References1

Cvelist•added 2026/05/21 9:23 p.m.•33 views

CVE-2026-8434 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescanMultiple()

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file rescanMultiple. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

2.3CVSS0.0013EPSS

Exploits0References1

ATTACKERKB•added 2026/05/21 9:23 p.m.•11 views

CVE-2026-8434

2.3CVSS5.8AI score0.0013EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2026/05/21 9:23 p.m.•8 views

CVE-2026-8434 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescanMultiple()

2.3CVSS5.8AI score0.0013EPSS

Exploits0References1

CVE•added 2026/05/21 9:23 p.m.•17 views

CVE-2026-8434

Concrete CMS 9.x prior to 9.5.0 is vulnerable to CSRF at the concrete/controllers/backend/file rescanMultiple() endpoint. Root cause: CSRF in the rescanMultiple() handler, reported with CVSS v4.0 vector AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N and a base score of 2.3 (LOW). Impact i...

8.8CVSS5.8AI score0.0013EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/05/21 9:22 p.m.•8 views

CVE-2026-8435

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file approveVersion. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

2.3CVSS5.8AI score0.00115EPSS

Exploits0References2Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by