Lucene search
K

5492 matches found

Vulnrichment
Vulnrichment
added 2026/05/21 9:29 p.m.9 views

CVE-2026-8415 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/express/association/reorder

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/express/association/reorder. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

2.3CVSS5.8AI score0.0013EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/21 9:29 p.m.34 views

CVE-2026-8415 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/express/association/reorder

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/express/association/reorder. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N...

2.3CVSS0.0013EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 9:29 p.m.21 views

CVE-2026-8415

Concrete CMS 9.x before 9.5.0 is vulnerable to Cross-Site Request Forgery at the endpoint concrete/controllers/dialog/express/association/reorder. Affected versions include 9.0.0 through 9.4.x. Root cause is CSRF in the reorder action; exploitation details are not provided in the documents beyond...

8.8CVSS5.8AI score0.0013EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/21 9:9 p.m.38 views

CVE-2026-7881 Concrete CMS 9.5.0 and below is vulnerable to IDOR in the Express Entry Detail block

Concrete CMS 9.5.0 and below is subject to Insecure Direct Object Reference IDOR in the Express Entry Detail block via the exEntryID parameter. This IDOR leads to unauthorized access to all Express form submissions. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3...

6.3CVSS0.00204EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/21 9:9 p.m.13 views

CVE-2026-7881 Concrete CMS 9.5.0 and below is vulnerable to IDOR in the Express Entry Detail block

Concrete CMS 9.5.0 and below is subject to Insecure Direct Object Reference IDOR in the Express Entry Detail block via the exEntryID parameter. This IDOR leads to unauthorized access to all Express form submissions. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3...

6.3CVSS5.8AI score0.00204EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/21 9:9 p.m.7 views

CVE-2026-7881

Concrete CMS 9.5.0 and below is subject to Insecure Direct Object Reference IDOR in the Express Entry Detail block via the exEntryID parameter. This IDOR leads to unauthorized access to all Express form submissions. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 6.3...

6.3CVSS5.8AI score0.00204EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/05/21 9:9 p.m.18 views

CVE-2026-7881

CVE-2026-7881 affects Concrete CMS 9.5.0 and earlier. The vulnerability is an Insecure Direct Object Reference (IDOR) in the Express Entry Detail block via the exEntryID parameter, enabling unauthorized access to all Express form submissions. The CVSS v4.0 score is 6.3 (AV:N/AC:L/AT:P/PR:N/UI:N/V...

6.3CVSS5.8AI score0.00204EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/21 8:16 p.m.19 views

CVE-2026-8135

Concrete CMS 9.5.0 and below is vulnerable to Remote Code Execution via insecure deserialization in the ExpressEntryList block controller. A rogue admin with block-adding privileges can bypass protection by abusing REST API requests; json_decode() converts the string "true" to PHP Boolean true, a...

8.9CVSS5.9AI score0.0047EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.9 views

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier have security vulnerabilities. These vulnerabilities stem from insecure direct object references in the Express Entry Detail block, which may allow unauthorized access to...

6.3CVSS5.8AI score0.00204EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.14 views

PT-2026-42571

Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.0.0 through 9.4.x Description Cross Site Request Forgery CSRF occurs at the 'concrete/controllers/dialog/express/association/reorder' endpoint. CSRF is a type of attack that tricks a victim into submitting a malicious...

2.3CVSS5.8AI score0.0013EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.14 views

PT-2026-42554

Name of the Vulnerable Software and Affected Versions Concrete CMS versions 9.5.0 and earlier Description An Insecure Direct Object Reference IDOR, which occurs when an application provides direct access to objects based on user-supplied input, exists in the Express Entry Detail block. By...

6.3CVSS5.8AI score0.00204EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: nvme-core: fixed a memory leak in dhchapsecretstore Free the dhchapsecret from dhchapsecretstore before returning. Fixed the following kmemleak: Unreferenced object 0xffff8886376ea800 size 64: Command “check”, PID 22048,...

5.9AI score0.00199EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.2 views

Astra Linux – Vulnerability in Linux 5.10, Linux

A flaw was discovered in the Linux kernel. A denial-of-service attack may occur if a consecutive request for NVMEIOCTLRESET and NVMEIOCTLSUBSYSRESET is made through the device file of the driver, resulting in a disconnection of the PCIe link...

5.5CVSS6.5AI score0.0023EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.7 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: nvme: Fix for admin queue leaks upon controller reset When the nvmeallocadmintagset function is called during a controller reset, an existing admin queue may still exist. Properly release this queue before allocating a new one to...

5.5CVSS6AI score0.00123EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: phy: ralink: mt7621-pci: add sentinel to quirks table By fixing socdevattr to register the SOC as a device, the kernel will encounter an OOPs error in socdevicematchattr. This quirks test was introduced in the staging driver in t...

5.5CVSS6.1AI score0.00164EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: PCI: dwc – Deallocation of EPC memory during dwpcieepinit failures If dwpcieepinit fails to perform any actions after the EPC memory is initialized and the MSI memory region is allocated, the latter parts will not be...

5.5CVSS6.2AI score0.00159EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: cxl/region: Fixed the validation of region HPA ordering. Some regions may not have any address space allocated. Skip these regions when validating HPA order; otherwise, a crash similar to the following may occur: devmcxladdregion...

5.5CVSS5.4AI score0.0014EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: nvme: Fixed a multipath crash caused by the flush request when blktrace is enabled. The flush request initialized by blkkickflush has a NULL bio. This issue may be addressed during the nvmeendreq operation during io completion...

5.5CVSS6.2AI score0.00145EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: ena: Fixed incorrect descriptor freeing behavior. ENA has two types of TX queues: - Queues that only process TX packets arriving from the network stack. - Queues that only process TX packets forwarded to them by XDPREDIRECT ...

5.5CVSS5.7AI score0.00248EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.12 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: igb: Clean up operations in all error paths when enabling SR-IOV After commit 50f303496d92 “igb: Enabling SR-IOV after reinit”, removing the igb module could cause a hang or crash depending on the machine when the module was load...

6.4AI score0.00155EPSS
Exploits0References2
Rows per page
Query Builder