CVE Security

medium 4.3

28/05/2026

Vulnérabilité medium détectée - CVE-2026-8327

Concrete CMS below 9.5.0 and below is vulnerable to password change without reauthorization and session-hardening bypass. The user-profile edit contr...

Applications

CVE-2026-8327

Lire l'article

medium 5.3

28/05/2026

Vulnérabilité medium détectée - CVE-2026-8337

Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public a...

Applications

CVE-2026-8337

Lire l'article

medium 5.3

28/05/2026

Vulnérabilité medium détectée - CVE-2026-8238

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/message_page' endpoint returns the full content of any convers...

Applications

CVE-2026-8238

Lire l'article

medium 5.3

28/05/2026

Vulnérabilité medium détectée - CVE-2026-8239

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/get_rating' endpoint confirms existence and returns rating sco...

Applications

CVE-2026-8239

Lire l'article

medium 5.3

28/05/2026

Vulnérabilité medium détectée - CVE-2026-8240

Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure across every page with a configured summary template, revealin...

Applications

CVE-2026-8240

Lire l'article

medium 4.3

28/05/2026

Vulnérabilité medium détectée - CVE-2026-7886

Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments[] parameter which can lead to file permission bypass.�...

Applications

CVE-2026-7886

Lire l'article

medium 6.4

28/05/2026

Vulnérabilité medium détectée - CVE-2026-7887

For Concrete CMS 9.5.0 and below, OAuth 2.0 Authorization-Code Handler Bypasses Account Status. A user with uIsActive=0 (suspended, banned, terminate...

Applications

CVE-2026-7887

Lire l'article

medium 6.4

28/05/2026

Vulnérabilité medium détectée - CVE-2026-7890

In Concrete CMS 9.5.0 and below, the RSS Displayer block accepts a feed URL from any page editor and fetches it server-side without validation enabli...

Applications

CVE-2026-7890

Lire l'article

medium 4.3

28/05/2026

Vulnérabilité medium détectée - CVE-2026-8236

Concrete CMS 9.5.0 and below is vulnerable to IDOR combined with a missing authentication gate. The endpoint /ccm/system/dialogs/file/usage/{fID} ac...

Applications

CVE-2026-8236

Lire l'article

medium 5.3

28/05/2026

Vulnérabilité medium détectée - CVE-2026-8237

Concrete CMS 9.5.0 and below is vulnerable to IDOR. The `/ccm/frontend/conversations/message_detail` endpoint returns the full content of any convers...

Applications

CVE-2026-8237

Lire l'article

medium 5.1

28/05/2026

Vulnérabilité medium détectée - CVE-2026-5091

Catalyst::Plugin::Authentication versions through 0.10024 for Perl is susceptible to timing attacks. These versions use Perl's built-in eq compariso...

Applications

CVE-2026-5091

Lire l'article

medium 4.3

28/05/2026

Vulnérabilité medium détectée - CVE-2026-7881

Concrete CMS 9.5.0 and below is subject to Insecure Direct Object Reference (IDOR) in the Express Entry Detail block via the exEntryID parameter. Th...

Applications

CVE-2026-7881

Lire l'article