concrete5/concrete5 vulnerabilities

Browse known CVEs and advisories by package and ecosystem. Severity tells you the worst case. What determines real risk is whether the vulnerable code actually runs in your applications.

Get a demo

Browse by ecosystem

npmPyPIMavenGoRubyGemsCargoNuGetComposerpubSwiftGitHub Actions
CVE-IDSeverityPackage summary
CVE-2026-8237Mediumconcrete5/concrete5: Concrete CMS is vulnerable to IDORCVE-2026-7879Mediumconcrete5/concrete5: Concrete CMS has an unauthorized file access issueCVE-2026-8327Mediumconcrete5/concrete5: Concrete CMS has a session-hardening bypass and allows password change without reauthorizationCVE-2026-8236Mediumconcrete5/concrete5: Concrete CMS is vulnerable to IDOR combined with a missing authentication gateCVE-2026-7882Lowconcrete5/concrete5: Concrete CMS is vulnerable to unauthorized file deletionCVE-2026-7886Lowconcrete5/concrete5: Concrete CMS is vulnerable to IDOR in AddMessage/UpdateMessageCVE-2026-8426Highconcrete5/concrete5: Concrete CMS does not validate a CSRF token before processing requests to…CVE-2026-8421Highconcrete5/concrete5: Concrete CMS contains a CSRF vulnerabilityCVE-2026-8428Highconcrete5/concrete5: Concrete CMS is Vulnerable to Cross-Site Request ForgeryCVE-2026-8417Highconcrete5/concrete5: Concrete does not validate a CSRF token before processing requests to…CVE-2026-8205Mediumconcrete5/concrete5: Concrete CMS is vulnerable to authorization bypass in the Calendar BlockCVE-2026-8203Highconcrete5/concrete5: Concrete CMS has Stored XSS through its height parameterCVE-2026-8350Highconcrete5/concrete5: Concrete CMS is vulnerable to missing authorization in the bulk_user_assignment.phpCVE-2026-8204Mediumconcrete5/concrete5: Concrete CMS is vulnerable to authorization bypass in the Calendar Event Frontend DialogCVE-2026-8135Highconcrete5/concrete5: Concrete CMS Vulnerable to Deserialization of Untrusted DataCVE-2026-8197Highconcrete5/concrete5: Concrete CMS is vulnerable to Stored XSS via OAuth integration nameCVE-2026-6826Mediumconcrete5/concrete5: Concrete CMS is vulnerable to unauthenticated file usage disclosureCVE-2026-8140Highconcrete5/concrete5: Concrete CMS is Vulnerable to Cross-Site Request ForgeryCVE-2026-8134Criticalconcrete5/concrete5: Concrete CMS Vulnerable to Relative Path TraversalCVE-2026-30662Mediumconcrete5/concrete5: ConcreteCMS is vulnerable to Denial of Service During Bulk DownloadsCVE-2026-3242Mediumconcrete5/concrete5: Concrete CMS has a stored Cross-site Scripting (XSS) vulnerabilityCVE-2026-3241Mediumconcrete5/concrete5: Concrete CMS has a stored Cross-site Scripting (XSS) vulnerabilityCVE-2026-3240Mediumconcrete5/concrete5: Concrete CMS has a stored Cross-site Scripting (XSS) vulnerabilityCVE-2026-2994Lowconcrete5/concrete5: Concrete CMS vulnerable to Cross-Site Request Forgery (CSRF)CVE-2026-3452Highconcrete5/concrete5: Concrete CMS vulnerable to Remote Code Execution by stored PHP object injection

Stop the waste.
Protect your environment with Kodem.