LOW - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
LOW 2.3	CVE-2026-8415	Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/express/association/reorder_CVE-2026-8415 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/express/association/reorder. The Conc...	Concrete CMS	Concrete CMS 9.0	May 21, 2026	CVE
LOW 2.3	CVE-2026-8414	Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/event/duplicate_CVE-2026-8414 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/event/duplicate. The Concrete CMS sec...	Concrete CMS	Concrete CMS 9.0	May 21, 2026	CVE
LOW 2.3	CVE-2026-8413	Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/design_CVE-2026-8413 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/design. The Concrete CMS se...	Concrete CMS	Concrete CMS 9.0	May 21, 2026	CVE
LOW 2.3	CVE-2026-8412	Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/cache_CVE-2026-8412 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/cache. The Concrete CMS se...	Concrete CMS	Concrete CMS 9.0	May 21, 2026	CVE
LOW 2.3	CVE-2026-8411	Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/delete_CVE-2026-8411 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/delete. The Concrete CMS se...	Concrete CMS	Concrete CMS 9.0	May 21, 2026	CVE
LOW 2.3	CVE-2026-8410	Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/bulk/delete_CVE-2026-8410 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/bulk/delete. The The Concrete C...	Concrete CMS	Concrete CMS 9.0	May 21, 2026	CVE
LOW 2.3	CVE-2026-7887	For Concrete CMS 9.5.0 and below, OAuth 2.0 Authorization-Code Handler Bypasses Account Status_CVE-2026-7887 For Concrete CMS 9.5.0 and below, OAuth 2.0 Authorization-Code Handler Bypasses Account Status. A user with uIsActive=0 (suspended, banned, termina...	Concrete CMS	Concrete CMS 5.0	May 21, 2026	CVE
LOW 2.3	CVE-2026-7886	Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments[] parameter_CVE-2026-7886 Concrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments[] parameter which can lead to file permission bypass...	Concrete CMS	Concrete CMS 5.0	May 21, 2026	CVE
LOW 2.3	CVE-2026-7882	Concrete CMS 9.5.0 and below is vulnerable to CSRF via the DeleteFile controller_CVE-2026-7882 Concrete CMS 9.5.0 and below is vulnerable to unauthorized file deletion due to an Inverted CSRF token check in the DeleteFile controller. The cod...	Concrete CMS	Concrete CMS 5.0	May 21, 2026	CVE
LOW 2.3	CVE-2026-8409	Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/delete_CVE-2026-8409 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/delete. The The Concrete CMS se...	Concrete CMS	Concrete CMS 9.0	May 21, 2026	CVE