Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-8340 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8340)
vulnerability in concrete5/concrete5 (CVE-2026-8340). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8413 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8413)
vulnerability in concrete5/concrete5 (CVE-2026-8413). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8414 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8414)
vulnerability in concrete5/concrete5 (CVE-2026-8414). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8415 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8415)
vulnerability in concrete5/concrete5 (CVE-2026-8415). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8416 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8416)
vulnerability in concrete5/concrete5 (CVE-2026-8416). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8427 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8427)
vulnerability in concrete5/concrete5 (CVE-2026-8427). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8432 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8432)
vulnerability in concrete5/concrete5 (CVE-2026-8432). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8433 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8433)
vulnerability in concrete5/concrete5 (CVE-2026-8433). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8434 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8434)
vulnerability in concrete5/concrete5 (CVE-2026-8434). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8412 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8412)
vulnerability in concrete5/concrete5 (CVE-2026-8412). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8411 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8411)
vulnerability in concrete5/concrete5 (CVE-2026-8411). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8410 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8410)
vulnerability in concrete5/concrete5 (CVE-2026-8410). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8409 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8409)
vulnerability in concrete5/concrete5 (CVE-2026-8409). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8327 |
|
Privilege Escalation in concrete5/concrete5 (CVE-2026-8327)
vulnerability in concrete5/concrete5 (CVE-2026-8327). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8240 |
|
Vulnerability in concrete5/concrete5 (CVE-2026-8240)
vulnerability in concrete5/concrete5 (CVE-2026-8240). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8239 |
|
Vulnerability in concrete5/concrete5 (CVE-2026-8239)
vulnerability in concrete5/concrete5 (CVE-2026-8239). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8236 |
|
Vulnerability in concrete5/concrete5 (CVE-2026-8236)
vulnerability in concrete5/concrete5 (CVE-2026-8236). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8238 |
|
Vulnerability in concrete5/concrete5 (CVE-2026-8238)
vulnerability in concrete5/concrete5 (CVE-2026-8238). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8237 |
|
Vulnerability in concrete5/concrete5 (CVE-2026-8237)
vulnerability in concrete5/concrete5 (CVE-2026-8237). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8139 |
|
Cross-Site Scripting (XSS) in concrete5/concrete5 (CVE-2026-8139)
cross-site scripting in concrete5/concrete5 (CVE-2026-8139). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-7882 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-7882)
vulnerability in concrete5/concrete5 (CVE-2026-7882). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8426 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8426)
vulnerability in concrete5/concrete5 (CVE-2026-8426). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8421 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8421)
vulnerability in concrete5/concrete5 (CVE-2026-8421). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8428 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8428)
vulnerability in concrete5/concrete5 (CVE-2026-8428). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8417 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8417)
vulnerability in concrete5/concrete5 (CVE-2026-8417). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8205 |
|
Vulnerability in concrete5/concrete5 (CVE-2026-8205)
vulnerability in concrete5/concrete5 (CVE-2026-8205). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8203 |
|
Cross-Site Scripting (XSS) in concrete5/concrete5 (CVE-2026-8203)
cross-site scripting in concrete5/concrete5 (CVE-2026-8203). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8350 |
|
Authorization Flaw in concrete5/concrete5 (CVE-2026-8350)
vulnerability in concrete5/concrete5 (CVE-2026-8350). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8135 |
|
Unsafe Deserialization in concrete5/concrete5 (CVE-2026-8135)
vulnerability in concrete5/concrete5 (CVE-2026-8135). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8134 |
|
Vulnerability in concrete5/concrete5 (CVE-2026-8134)
vulnerability in concrete5/concrete5 (CVE-2026-8134). Successful exploitation can lead to full system takeover. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8140 |
|
Cross-Site Request Forgery (CSRF) in concrete5/concrete5 (CVE-2026-8140)
vulnerability in concrete5/concrete5 (CVE-2026-8140). Data can be tampered with by attackers. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-6826 |
|
Information Disclosure in concrete5/concrete5 (CVE-2026-6826)
vulnerability in concrete5/concrete5 (CVE-2026-6826). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2026-8197 |
|
Cross-Site Scripting (XSS) in concrete5/concrete5 (CVE-2026-8197)
cross-site scripting in concrete5/concrete5 (CVE-2026-8197). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `9.5.1` or later.
|
| CVE-2015-4724 |
|
SQL injection vulnerability in Concrete5 5.7.3.1.
SQL injection vulnerability in Concrete5 5.7.3.1.
|
| CVE-2015-4721 |
|
Multiple cross-site scripting (XSS) vulnerabilities in Concrete5 5.7.3.1.
Multiple cross-site scripting (XSS) vulnerabilities in Concrete5 5.7.3.1.
|
| CVE-2017-8082 |
|
Cross-Site Request Forgery (CSRF) in csrf (CVE-2017-8082)
vulnerability in csrf (CVE-2017-8082). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-7725 |
|
Cross-Site Scripting (XSS) in concretecms (CVE-2017-7725)
cross-site scripting in concretecms (CVE-2017-7725). Risk of unauthorized operations or information disclosure. Exploitable via `Host header`.
|