Lucene search
K

1134 matches found

Cvelist
Cvelist
added 2026/05/21 9:29 p.m.33 views

CVE-2026-8414 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/event/duplicate

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/dialog/event/duplicate. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan...

2.3CVSS0.0013EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 9:26 p.m.28 views

CVE-2026-8432

Concrete CMS versions prior to 9.5.0 are affected by a Cross-Site Request Forgery (CSRF) at the endpoint concrete/controllers/backend/file star(), due to a flaw in the star() function. Affected range includes 9.0.0 through 9.4.x. The issue is exploited by convincing an authenticated user to perfo...

8.8CVSS5.8AI score0.0013EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/21 9:25 p.m.6 views

CVE-2026-8433 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescan()

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery CSRF at concrete/controllers/backend/file rescan. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N. Thanks Yonatan...

2.3CVSS5.8AI score0.0013EPSS
Exploits0References1
CVE
CVE
added 2026/05/21 9:23 p.m.22 views

CVE-2026-8434

Concrete CMS 9.x prior to 9.5.0 is vulnerable to CSRF at the concrete/controllers/backend/file rescanMultiple() endpoint. Root cause: CSRF in the rescanMultiple() handler, reported with CVSS v4.0 vector AV:N/AC:L/AT:P/PR:N/UI:P/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N and a base score of 2.3 (LOW). Impact i...

8.8CVSS5.8AI score0.0013EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/21 9:4 p.m.20 views

CVE-2026-8238

Concrete CMS versions 9.5.0 and earlier are vulnerable to an IDOR at the endpoint /ccm/frontend/conversations/message_page, which exposes full content of any conversation message and file attachments via unauthenticated access. An attacker can enumerate messages from restricted pages, member-only...

6.3CVSS5.8AI score0.00201EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2026/05/21 8:55 p.m.16 views

CVE-2026-6826

Concrete CMS 9.5.0 and below is vulnerable to unauthenticated file usage disclosure due to a missing permission check in the usage controller. An unauthenticated visitor can access /ccm/system/dialogs/file/usage/{fID} with any file ID and obtain a list of every page referencing that file, includi...

6.9CVSS5.8AI score0.0025EPSS
Exploits0References1Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2026/05/21 7:39 p.m.11 views

Security Bulletin: Vault Terraform Provider Incorrect Defaults for LDAP Auth Method, Resulting in Insecure Configuration and Potential Authentication Bypass

Summary Vault’s Terraform Provider incorrectly set the default denynullbind parameter for the LDAP auth method to false by default. If the underlying LDAP server allowed anonymous or unauthenticated binds, this could result in authentication bypass. This vulnerability, CVE-2025-13357, is fixed in...

9.8CVSS7AI score0.00492EPSS
Exploits0Affected Software1
NVD
NVD
added 2026/05/21 1:16 p.m.12 views

CVE-2026-6841

Request Tracker is vulnerable to a reflected cross-site scripting XSS vulnerability via the "Page" parameter in GET requests. An attacker can craft a URL that, when opened, results in arbitrary JavaScript execution in the victim’s browser. This vulnerability affects versions from 5.0.4 up to 5.0....

6.1CVSS0.00235EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/21 7:34 a.m.11 views

EUVD-2026-31232

Netatalk 1.5.0 through 4.2.2 uses a broken cryptographic algorithm in the DHCAST128 UAM, which allows a remote attacker to obtain authentication credentials or impersonate a user via cryptanalytic attack...

7.4CVSS5.8AI score0.00301EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.11 views

PT-2026-42644

Impact A remote peer can crash any full node by sending a RequestBatchSet message containing the genesis block's hash. The handler calls get epoch chunks which iterates backwards through macro blocks using Policy::macro block before. When it reaches the genesis block number, macro block before...

5.3CVSS5.8AI score
Exploits0References6
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.13 views

Concrete CMS 跨站请求伪造漏洞

Concrete CMS is an open-source content management system designed for teams. Versions of Concrete CMS prior to 9.5.0 had a cross-site request forgeing vulnerability. This vulnerability stems from the function concrete/controllers/backend/file addFavoriteFolder$id, which is vulnerable to cross-sit...

8.8CVSS5.7AI score0.0013EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.9 views

Concrete CMS 跨站请求伪造漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier had a cross-site request forgeing vulnerability. This vulnerability occurred due to the lack of validation of the CSRF token before processing requests like...

7.5CVSS5.7AI score0.00118EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.9 views

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system designed for teams. Concrete CMS versions 9.5.0 and earlier have a security vulnerability. This vulnerability stems from an insecure direct object reference in the attachments parameter of the AddMessage/UpdateMessage functions, which may...

4.3CVSS5.8AI score0.00288EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.11 views

PT-2026-42421

Name of the Vulnerable Software and Affected Versions Netatalk versions 2.0.0 through 4.4.2 Description An off-by-two error in the lp write function within papd allows an adjacent network attacker to modify limited data or cause a minor service disruption by sending crafted print data...

4.2CVSS5.8AI score0.0013EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.12 views

Concrete CMS 跨站请求伪造漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier had a cross-site request forgeing vulnerability. This vulnerability stemmed from a CSRF vulnerability in the installpackage method, which could allow attackers to force t...

8.8CVSS5.8AI score0.00171EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/21 12:0 a.m.17 views

PT-2026-42461

Name of the Vulnerable Software and Affected Versions Request Tracker versions 5.0.4 through 5.0.9 Request Tracker versions 6.0.0 through 6.0.2 Description Reflected cross-site scripting XSS occurs via the Page parameter in GET requests. This allows an attacker to craft a URL that executes...

6.1CVSS5.8AI score0.00235EPSS
Exploits0References13
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.11 views

Concrete CMS 跨站请求伪造漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS prior to 9.5.0 had a cross-site request forgeing vulnerability. This vulnerability was exploited through the concrete/controllers/backend/file rescanMultiple function, making it susceptibl...

8.8CVSS5.7AI score0.0013EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: ipa: Fixed the issue where the event ring index was not properly programmed for IPA v5.0+. For IPA v5.0+ onwards, the event ring index field has been moved from CHCCNTXT0 to CHCCNTXT1. In IPA v5.0, this field was intended to...

7.5CVSS5.8AI score0.00353EPSS
Exploits0References1
NVD
NVD
added 2026/05/15 7:17 p.m.14 views

CVE-2026-8686

Missing bounds validation in the MQTT v5.0 property parser in coreMQTT before 5.0.1 allows an MQTT broker to cause a denial of service by sending a crafted packet. To remediate this issue, users should upgrade to v5.0.1...

9.1CVSS0.00388EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/15 6:38 p.m.9 views

CVE-2026-8686 DoS from MQTT v5.0 Deserialization Fault in core MQTT

Missing bounds validation in the MQTT v5.0 property parser in coreMQTT before 5.0.1 allows an MQTT broker to cause a denial of service by sending a crafted packet. To remediate this issue, users should upgrade to v5.0.1...

8.7CVSS5.8AI score0.00388EPSS
Exploits0References3
Rows per page
Query Builder