concrete cms

Top products

The 15 most recently published vulnerabilities affecting concrete cms.

• CVE-2026-8340Concrete CMS 9.5.0 and below is vulnerable to CSRF via Backend\File::approveVersion4.3May 22, 2026
• CVE-2026-8139Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page cvName5.4May 21, 2026
• CVE-2026-8409Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/delete8.8May 21, 2026
• CVE-2026-8410Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/bulk/delete8.8May 21, 2026
• CVE-2026-8411Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/delete8.8May 21, 2026
• CVE-2026-8412Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/cache8.8May 21, 2026
• CVE-2026-8413Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/design8.8May 21, 2026
• CVE-2026-8414Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/event/duplicate8.8May 21, 2026
• CVE-2026-8415Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/express/association/reorder8.8May 21, 2026
• CVE-2026-8416Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file addFavoriteFolder($id)8.8May 21, 2026
• CVE-2026-8427Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file removeFavoriteFolder($id)8.8May 21, 2026
• CVE-2026-8432Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file star()8.8May 21, 2026
• CVE-2026-8433Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescan()8.8May 21, 2026
• CVE-2026-8434Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescanMultiple()8.8May 21, 2026
• CVE-2026-7882Concrete CMS 9.5.0 and below is vulnerable to CSRF via the DeleteFile controller4.3May 21, 2026