concrete5/concrete5 vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-8340Lowconcrete5/concrete5: Concrete CMS is vulnerable to CSRF via Backend\File::approveVersionCVE-2026-8347Lowconcrete5/concrete5: Concrete CMS is vulnerable to IDOR + wrong-authorization-level in the Express association Reorder…CVE-2026-8353Lowconcrete5/concrete5: Concrete CMS is vulnerable to Stored XSS via page name in the Atomik themeCVE-2026-8433Lowconcrete5/concrete5: Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at…CVE-2026-8432Lowconcrete5/concrete5: Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at…CVE-2026-8427Lowconcrete5/concrete5: Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at…CVE-2026-8435Lowconcrete5/concrete5: Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at…CVE-2026-8413Lowconcrete5/concrete5: Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at…CVE-2026-8416Lowconcrete5/concrete5: Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at…CVE-2026-8434Lowconcrete5/concrete5: Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at…CVE-2026-8410Lowconcrete5/concrete5: Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at…CVE-2026-8409Lowconcrete5/concrete5: Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at…CVE-2026-8412Lowconcrete5/concrete5: Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at…CVE-2026-8337Mediumconcrete5/concrete5: Concrete CMS is vulnerable to IDOR in surveysCVE-2026-8415Lowconcrete5/concrete5: Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at…CVE-2026-8245Mediumconcrete5/concrete5: Concrete CMS is Vulnerable to Reflected XSS in Legacy PaginationCVE-2026-8414Lowconcrete5/concrete5: Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at…CVE-2026-8411Lowconcrete5/concrete5: Concrete CMS is vulnerable to Cross Site Request Forgery (CSRF) at…CVE-2026-8240Mediumconcrete5/concrete5: Concrete CMS is vulnerable to unauthenticated page metadata disclosureCVE-2026-8239Mediumconcrete5/concrete5: Concrete CMS is vulnerable to IDORCVE-2026-7890Lowconcrete5/concrete5: Concrete CMS's RSS Displayer block accepts a feed URL from any page editor and fetches it…CVE-2026-8238Mediumconcrete5/concrete5: Concrete CMS is vulnerable to IDORCVE-2026-7887Lowconcrete5/concrete5: Concrete CMS: OAuth 2.0 Authorization-Code Handler Bypasses Account StatusCVE-2026-8139Lowconcrete5/concrete5: Concrete CMS is vulnerable to Stored XSS via external-link page cvNameCVE-2026-7881Mediumconcrete5/concrete5: Concrete CMS is subject to Insecure Direct Object Reference (IDOR) in the Express Entry Detail block

Stop the waste.
Protect your environment with Kodem.