← Browse

Concrete Cms

46 CVEs
CVE IDSeverityProduct / summaryPublished
CVE-2026-10721 HIGH 8.4 Concrete Cms — Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the  in Permission, … 2026-06-10 CVE-2026-7888 HIGH 8.4 Concrete Cms — Concrete CMS below 9.5.2 is vulnerable to PHP Object Injection via unserialize() calls in the Workflow, Form b… 2026-06-03 CVE-2026-8340 LOW 2.3 Concrete Cms — Concrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::approveVersion. Victim with edit_file_con… 2026-05-22 CVE-2026-8347 LOW 2.3 Concrete Cms — Concrete CMS 9.5.0 and below is vulnerable to IDOR + wrong-authorization-level in the Express association Reor… 2026-05-22 CVE-2026-8353 LOW 2.1 Concrete Cms — Concrete CMS version 9.0 to 9.5.0 is vulnerable to Stored XSS via page name in the Atomik theme. A rogue edito… 2026-05-22 CVE-2026-6826 MEDIUM 6.9 Concrete Cms — Concrete CMS 9.5.0 and below  is vulnerable to unauthenticated file usage disclosure via missing permission ch… 2026-05-21 CVE-2026-7879 MEDIUM 6.3 Concrete Cms — In Concrete CMS 9.5.0 and below,  the submit_password() method in concrete/controllers/single_page/download_fi… 2026-05-21 CVE-2026-7881 MEDIUM 6.3 Concrete Cms — Concrete CMS 9.5.0 and below is subject to Insecure Direct Object Reference (IDOR) in the Express Entry Detail… 2026-05-21 CVE-2026-7882 LOW 2.3 Concrete Cms — Concrete CMS 9.5.0 and below is vulnerable to unauthorized file deletion due to an Inverted CSRF token check … 2026-05-21 CVE-2026-7886 LOW 2.3 Concrete Cms — Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments[] parameter whi… 2026-05-21 CVE-2026-7887 LOW 2.3 Concrete Cms — For Concrete CMS 9.5.0 and below, OAuth 2.0 Authorization-Code Handler Bypasses Account Status. A user with uI… 2026-05-21 CVE-2026-7890 LOW 2.1 Concrete Cms — In Concrete CMS 9.5.0 and below, the RSS Displayer block accepts a feed URL from any page editor and fetches i… 2026-05-21 CVE-2026-8134 CRITICAL 9.4 Concrete Cms — Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlC… 2026-05-21 CVE-2026-8135 HIGH 8.9 Concrete Cms — Concrete CMS 9.5.0 and below is vulnerable to Remote Code Execution due to insecure deserialization occurring… 2026-05-21 CVE-2026-8139 LOW 2 Concrete Cms — Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page cvName because updateCollectio… 2026-05-21 CVE-2026-8140 HIGH 7.5 Concrete Cms — Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/in… 2026-05-21 CVE-2026-8197 HIGH 7.3 Concrete Cms — Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via OAuth integration name. The OAuth authorize templ… 2026-05-21 CVE-2026-8203 HIGH 7.3 Concrete Cms — Concrete CMS 9.5.0 and below has Stored XSS on the height parameter. The controller does not validate or sanit… 2026-05-21 CVE-2026-8204 MEDIUM 6.3 Concrete Cms — Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in the Calendar Event Frontend Dialog which… 2026-05-21 CVE-2026-8205 MEDIUM 6.3 Concrete Cms — Concrete CMS 9.5.0 and below is vulnerable to authorization bypass in the Calendar Block since action_get_even… 2026-05-21 CVE-2026-8236 MEDIUM 6.3 Concrete Cms — Concrete CMS 9.5.0 and below is vulnerable to IDOR combined with a missing authentication gate. The endpoint /… 2026-05-21 CVE-2026-8237 MEDIUM 6.3 Concrete Cms — Concrete CMS 9.5.0 and below is vulnerable to IDOR. The `/ccm/frontend/conversations/message_detail` endpoint … 2026-05-21 CVE-2026-8238 MEDIUM 6.3 Concrete Cms — Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/message_page' endpoint re… 2026-05-21 CVE-2026-8239 MEDIUM 6.3 Concrete Cms — Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/get_rating' endpoint conf… 2026-05-21 CVE-2026-8240 MEDIUM 6.3 Concrete Cms — Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure across every page with … 2026-05-21 CVE-2026-8245 MEDIUM 6 Concrete Cms — Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection.… 2026-05-21 CVE-2026-8327 MEDIUM 5.3 Concrete Cms — Concrete CMS below 9.5.0 and below is vulnerable to password change without reauthorization and session-harden… 2026-05-21 CVE-2026-8337 MEDIUM 6.3 Concrete Cms — Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be confi… 2026-05-21 CVE-2026-8350 HIGH 7.5 Concrete Cms — Concrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulk_user_assignment.php which can … 2026-05-21 CVE-2026-8409 LOW 2.3 Concrete Cms — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/… 2026-05-21 CVE-2026-8410 LOW 2.3 Concrete Cms — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/… 2026-05-21 CVE-2026-8411 LOW 2.3 Concrete Cms — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/… 2026-05-21 CVE-2026-8412 LOW 2.3 Concrete Cms — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog… 2026-05-21 CVE-2026-8413 LOW 2.3 Concrete Cms — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/… 2026-05-21 CVE-2026-8414 LOW 2.3 Concrete Cms — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/… 2026-05-21 CVE-2026-8415 LOW 2.3 Concrete Cms — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/… 2026-05-21 CVE-2026-8416 LOW 2.3 Concrete Cms — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend… 2026-05-21 CVE-2026-8417 HIGH 7.5 Concrete Cms — Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/up… 2026-05-21 CVE-2026-8421 HIGH 7.5 Concrete Cms — Concrete CMS 9.5.0 and below contains a CSRF vulnerability in the install_package() method of concrete/control… 2026-05-21 CVE-2026-8426 HIGH 7.5 Concrete Cms — Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/up… 2026-05-21 CVE-2026-8427 LOW 2.3 Concrete Cms — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend… 2026-05-21 CVE-2026-8428 HIGH 7.5 Concrete Cms — Concrete CMS 9.5.0 and below emits a CSRF token in the local_available_update.php view ($token->output('do_upd… 2026-05-21 CVE-2026-8432 LOW 2.3 Concrete Cms — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend… 2026-05-21 CVE-2026-8433 LOW 2.3 Concrete Cms — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend… 2026-05-21 CVE-2026-8434 LOW 2.3 Concrete Cms — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend… 2026-05-21 CVE-2026-8435 LOW 2.3 Concrete Cms — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend… 2026-05-21