43559 matches found
CVE-2026-8417 Concrete CMS 9.5.0 and below is vulnerable to CSRF in do_update() in the package update controller
Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/update/doupdate/. The doupdate method in concrete/controllers/singlepage/dashboard/extend/update.php checks only canInstallPackages before executing upgradeCoreData and upgrade on the named...
CVE-2026-8135
Concrete CMS 9.5.0 and below is vulnerable to Remote Code Execution due to insecure deserialization occurring in the ExpressEntryList block controller. An rogue administrator with privileges to add blocks to an area can bypass the intended protection mechanism fromCIF === true, which normally...
EUVD-2026-31336
Concrete CMS 9.5.0 and below is vulnerable to Remote Code Execution due to insecure deserialization occurring in the ExpressEntryList block controller. An rogue administrator with privileges to add blocks to an area can bypass the intended protection mechanism fromCIF === true, which normally...
CVE-2026-8135 Concrete CMS 9.5.0 and below is vulnerable to RCE due to insecure deserialization occurring in the ExpressEntryList block controller.
Concrete CMS 9.5.0 and below is vulnerable to Remote Code Execution due to insecure deserialization occurring in the ExpressEntryList block controller. An rogue administrator with privileges to add blocks to an area can bypass the intended protection mechanism fromCIF === true, which normally...
CVE-2026-8135 Concrete CMS 9.5.0 and below is vulnerable to RCE due to insecure deserialization occurring in the ExpressEntryList block controller.
Concrete CMS 9.5.0 and below is vulnerable to Remote Code Execution due to insecure deserialization occurring in the ExpressEntryList block controller. An rogue administrator with privileges to add blocks to an area can bypass the intended protection mechanism fromCIF === true, which normally...
CVE-2026-8135
Concrete CMS 9.5.0 and below is vulnerable to Remote Code Execution via insecure deserialization in the ExpressEntryList block controller. A rogue admin with block-adding privileges can bypass protection by abusing REST API requests; json_decode() converts the string "true" to PHP Boolean true, a...
EUVD-2026-31335
Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field when saving page type composer form layouts. An authenticated rogue administrator with composer form editing rights can exploit this to include arbitrary readable file...
CVE-2026-8134
Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field when saving page type composer form layouts. An authenticated rogue administrator with composer form editing rights can exploit this to include arbitrary readable file...
CVE-2026-8134 Concrete CMS 9.5.0 and below is vulnerable to Authenticated RCE via Composer customTemplate Path Traversal leading to PHP File Inclusion
Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field when saving page type composer form layouts. An authenticated rogue administrator with composer form editing rights can exploit this to include arbitrary readable file...
CVE-2026-8134 Concrete CMS 9.5.0 and below is vulnerable to Authenticated RCE via Composer customTemplate Path Traversal leading to PHP File Inclusion
Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field when saving page type composer form layouts. An authenticated rogue administrator with composer form editing rights can exploit this to include arbitrary readable file...
CVE-2026-8134
Concrete CMS 9.5.0 and earlier fails to sanitize path traversal in the ptComposerFormLayoutSetControlCustomTemplate field when saving page-type composer form layouts. An authenticated rogue administrator with composer form editing rights can cause arbitrary readable files to be included on the se...
GHSA-2QJJ-H6WP-C7H7 Umbraco.Cms: Open Redirect Vulnerability in Surface Controllers
Impact Some of the Surface Controllers in the CMS provide to support member related operations fail to validate redirect URLs, making Razor templates that derive 'RedirectUrl' from user-controlled query parameters vulnerable to malicious redirect attacks. Patches The issue is resolved in versions...
Umbraco.Cms: Open Redirect Vulnerability in Surface Controllers
Impact Some of the Surface Controllers in the CMS provide to support member related operations fail to validate redirect URLs, making Razor templates that derive 'RedirectUrl' from user-controlled query parameters vulnerable to malicious redirect attacks. Patches The issue is resolved in versions...
PT-2026-42555
Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description An inverted CSRF token check in the DeleteFile controller allows unauthorized file deletion. The system incorrectly throws an error when the token is valid and proceeds with the deletion process...
PT-2026-42683
Name of the Vulnerable Software and Affected Versions Umbraco CMS versions prior to 17.4.0 Description Authenticated users can inject HTML into an input field. This content is then rendered in the confirmation dialog without proper output encoding, leading to Cross-Site Scripting XSS or HTML...
PT-2026-42545
Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.5.0 and earlier Description An authorization bypass exists in the Calendar Block. The function action get events fails to verify the canView permission on the calendar, which allows the disclosure of restricted event...
PT-2026-42536
Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description Remote Code Execution RCE is possible due to insecure deserialization in the ExpressEntryList block controller. An administrator with permissions to add blocks can bypass the fromCIF === true...
PT-2026-42573
Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.0.0 through 9.4.x Description Cross Site Request Forgery CSRF occurs at the 'concrete/controllers/backend/file' endpoint within the removeFavoriteFolder$id function. CSRF is a flaw that allows an attacker to induce a us...
PT-2026-42575
Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.0.0 through 9.4.x Description Cross Site Request Forgery CSRF occurs at the 'concrete/controllers/backend/file' endpoint within the rescan function. CSRF is a type of attack that tricks a victim into submitting a...
PT-2026-42561
Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description An Insecure Direct Object Reference IDOR exists where the '/ccm/frontend/conversations/get rating' endpoint confirms the existence of and returns the rating score for any message by ID. IDOR is ...