|
121
|
5.3 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/message_page' endpoint returns the full content of any conversation message. An unauthenticated attacker can enume…
Update
|
CWE-862
Missing Authorization
|
CVE-2026-8238
|
2026-05-27 02:29 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
122
|
5.3 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
Concrete CMS 9.5.0 and below is vulnerable to IDOR. The '/ccm/frontend/conversations/get_rating' endpoint confirms existence and returns rating score for any message by ID. The Concrete CMS security …
Update
|
CWE-862
Missing Authorization
|
CVE-2026-8239
|
2026-05-27 02:25 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
123
|
5.3 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
Concrete CMS 9.5.0 and below is vulnerable to unauthenticated page metadata disclosure across every page with a configured summary template, revealing the existence of private, draft, and restricted …
Update
|
CWE-284
NVD-CWE-noinfo
Improper Access Control
|
CVE-2026-8240
|
2026-05-27 02:24 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
124
|
5.4 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection. Concrete\Core\Legacy\Pagination builds pagination links by raw-interpolating its $URL fi…
Update
|
CWE-83
Improper Neutralization of Script in Attributes in a Web Page
|
CVE-2026-8245
|
2026-05-27 02:19 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
125
|
4.3 |
MEDIUM
Network
|
concretecms
|
concrete_cms
|
Concrete CMS below 9.5.0 and below is vulnerable to password change without reauthorization and session-hardening bypass. The user-profile edit controller passes the entire raw POST array to UserInfo…
Update
|
CWE-269
CWE-620
CWE-915
Improper Privilege Management
Unverified Password Change
Improperly Controlled Modification of Dynamically-Determined Object Attributes
|
CVE-2026-8327
|
2026-05-27 02:18 |
2026-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
126
|
6.3 |
MEDIUM
Network
|
-
|
-
|
A vulnerability was determined in haojing8312 WorkClaw up to 0.6.4. This affects the function is_dangerous of the file apps/runtime/src-tauri/src/agent/tools/bash.rs of the component Blacklist Handle…
New
|
CWE-77
CWE-78
Command Injection
OS Command
|
CVE-2026-9565
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
127
|
2.4 |
LOW
Network
|
-
|
-
|
A vulnerability was found in SourceCodester/oretnom23 Hospitals Patient Records Management System 1.0. The impacted element is an unknown function of the file /admin/?page=patients/view_patient. Perf…
New
|
CWE-79
CWE-94
Cross-site Scripting
Code Injection
|
CVE-2026-9564
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
128
|
7.3 |
HIGH
Network
|
-
|
-
|
A vulnerability has been found in sambitraj STUDENT-MANAGEMENT-SYSTEM up to 56ba287f2e9031523ccb4244cb6e3fe530e4e5d5. The affected element is an unknown function of the component Dashboard. Such mani…
New
|
CWE-266
CWE-284
Incorrect Privilege Assignment
Improper Access Control
|
CVE-2026-9562
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
129
|
6.2 |
MEDIUM
Local
|
-
|
-
|
IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_fastcgi module.
New
|
CWE-617
Reachable Assertion
|
CVE-2026-8852
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
130
|
7.5 |
HIGH
Network
|
-
|
-
|
IBM HTTP Server 8.5, and 9.0 is vulnerable to denial of service via the optional module mod_ibm_upload.
New
|
CWE-476
NULL Pointer Dereference
|
CVE-2026-8850
|
2026-05-27 02:16 |
2026-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
