CVE Security

Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via OAuth integration name. The OAuth authorize template renders the integration name (admin-...

Web


                                    CVE-2026-8197

Lire l'article

medium 5.4

28/05/2026

Vulnérabilité medium détectée - CVE-2026-8203

Concrete CMS 9.5.0 and below has Stored XSS on the height parameter. The controller does not validate or sanitize $height. Any user with editor priv...

Applications Web


                                    CVE-2026-8203

Lire l'article

high 7.2

28/05/2026

Vulnérabilité high détectée - CVE-2026-8134

Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field when saving page typ...

Web


                                    CVE-2026-8134

Lire l'article

high 7.2

28/05/2026

Vulnérabilité high détectée - CVE-2026-8135

Concrete CMS 9.5.0 and below is vulnerable to Remote Code Execution due to insecure deserialization occurring in the ExpressEntryList block control...

Web


                                    CVE-2026-8135

Lire l'article

medium 6.5

28/05/2026

Vulnérabilité medium détectée - CVE-2026-8140

Concrete CMS 9.5.0 and below does not validate a CSRF token before processing requests to /dashboard/extend/install/download/<remoteId>. The download(...

Web


                                    CVE-2026-8140

Lire l'article

medium 5.9

28/05/2026

Vulnérabilité medium détectée - CVE-2026-48246

Open ISES Tickets before 3.44.2 disables TLS certificate verification in ajax/reports.php by setting CURLOPT_SSL_VERIFYPEER to false (and not setting ...

Web


                                    CVE-2026-48246

Lire l'article

medium 5.9

28/05/2026

Vulnérabilité medium détectée - CVE-2026-48247

Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/functions.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not se...

Web


                                    CVE-2026-48247

Lire l'article

medium 5.9

28/05/2026

Vulnérabilité medium détectée - CVE-2026-48248

Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and not settin...

Web


                                    CVE-2026-48248

Lire l'article

medium 5.9

28/05/2026

Vulnérabilité medium détectée - CVE-2026-48249

Open ISES Tickets before 3.44.2 disables TLS certificate verification in rm/incs/mobile_login.inc.php by setting CURLOPT_SSL_VERIFYPEER to false (and ...

Mobile Web


                                    CVE-2026-48249

Lire l'article

medium 4.3

28/05/2026

Vulnérabilité medium détectée - CVE-2026-4843

The GSheet For Woo Importer plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the process_ajax_rest...

Web


                                    CVE-2026-4843

Lire l'article

high 7.1

28/05/2026

Vulnérabilité high détectée - CVE-2026-48240

Open ISES Tickets before 3.44.2 contains a SQL injection vulnerability in ajax/statistics.php where the tick_id and f_tick_id POST parameters are conc...

Web


                                    CVE-2026-48240

Lire l'article

high 8.1

28/05/2026

Vulnérabilité high détectée - CVE-2026-48241

Open ISES Tickets before 3.44.2 contains hardcoded MySQL database credentials in loader.php (a public-facing database utility) that are committed to t...

Web


                                    CVE-2026-48241

Lire l'article

7 8 9 10 11