CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

CVE-2026-8434

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file rescanMultiple. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks...

8.8CVSS5.5AI score0.00019EPSS

Exploits0References1

Vulnrichment•added 2026/05/21 9:40 p.m.•5 views

CVE-2026-8409 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/delete

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/logs/delete. The The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan...

2.3CVSS5.8AI score0.00022EPSS

Exploits0References1

Cvelist•added 2026/05/21 9:32 p.m.•29 views

CVE-2026-8410 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/bulk/delete

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/logs/bulk/delete. The The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

2.3CVSS0.00022EPSS

Exploits0References1

Cvelist•added 2026/05/21 9:22 p.m.•26 views

CVE-2026-8435 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file approveVersion()

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file approveVersion. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

2.3CVSS0.00017EPSS

Exploits0References1

Positive Technologies•added 2026/05/21 12:0 a.m.•8 views

PT-2026-42568

Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.0 Description Cross Site Request Forgery CSRF is possible at the 'concrete/controllers/dialog/page/bulk/cache' endpoint. CSRF is a type of attack that tricks a victim into submitting a malicious request. It...

2.3CVSS5.8AI score0.00019EPSS

Exploits0References3

CNNVD•added 2026/05/21 12:0 a.m.•5 views

Concrete CMS 跨站请求伪造漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions prior to Concrete CMS 9.5.0 had a cross-site request forgeing vulnerability, which was exploited through the concrete/controllers/dialog/page/bulk/cache code...

8.8CVSS5.7AI score0.00019EPSS

Exploits0References1

CNNVD•added 2026/05/21 12:0 a.m.•6 views

Concrete CMS 跨站请求伪造漏洞

Concrete CMS is an open-source content management system designed for teams. Versions of Concrete CMS prior to 9.5.0 had a cross-site request forgeing vulnerability. This vulnerability stems from the function concrete/controllers/backend/file removeFavoriteFolder$id, which is vulnerable to...

8.8CVSS5.7AI score0.00019EPSS

Exploits0References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by