Vulnerability Platform

Vulnerability List

CVE ID	Title	Vendor	Product	Severity	CVSS Score	Published At	AI Analysis
CVE-2026-2994	Concrete CMS below 9.4.8 is vulnerable to CSRF by a Rogue Admin using the Anti-Spam Allowlist Group	Concrete CMS	Concrete CMS	中危	-	2026-03-04 02:18:31	Deep Dive
CVE-2026-3240	Concrete CMS below 9.4.8 is vulnerable to Stored XSS via Legacy form	Concrete CMS	Concrete CMS	中危	-	2026-03-04 02:15:53	Deep Dive
CVE-2026-3241	Concrete CMS below version 9.4.8 is vulnerable to a stored cross-site scripting (XSS) in the "Legacy Form" block.	Concrete CMS	Concrete CMS	中危	-	2026-03-04 02:12:51	Deep Dive
CVE-2026-3242	Concrete CMS below 9.4.8 is vulnerable to Stored XSS in the Switch Language block	Concrete CMS	Concrete CMS	中危	-	2026-03-04 02:00:39	Deep Dive
CVE-2026-3244	Concrete CMS below version 9.4.8 is vulnerable to Stored XSS in Search Results via Page Names	Concrete CMS	Concrete CMS	中危	-	2026-03-04 01:55:47	Deep Dive
CVE-2026-3452	Concrete CMS below 9.4.8 is vulnerable to stored deserialization leading to RCE in the Express Entry List block.	Concrete CMS	Concrete CMS	高危	-	2026-03-04 01:49:27	Deep Dive
CVE-2025-8571	Concrete CMS 9 through 9.4.2 and below 8.5.21 is vulnerable to Reflected Cross-Site Scripting (XSS) in Conversation Messages Dashboard Page	Concrete CMS	Concrete CMS	-	-	2025-08-05 22:37:15	Deep Dive
CVE-2025-8573	Concrete CMS 9 through 9.4.2 is vulnerable to Stored XSS from Home Folder on Members Dashboard page	Concrete CMS	Concrete CMS	-	-	2025-08-05 22:36:49	Deep Dive
CVE-2025-3153	Concrete CMS version 9 below 9.4.0RC2 and versions below 8.5.20 - CSRF and XSS in Concrete CMS Custom Address attribute	Concrete CMS	Concrete CMS	-	-	2025-04-03 00:17:15	Deep Dive
CVE-2025-0660	Stored XSS in Folder Function by Rogue Admin	Concrete CMS	Concrete CMS	中危	-	2025-03-10 20:57:58	Deep Dive
CVE-2024-7398	Concrete CMS Stored XSS Vulnerability in Calendar Event Addition Feature	Concrete CMS	Concrete CMS	-	-	2024-09-24 21:30:37	Deep Dive
CVE-2024-8291	Concrete CMS Stored XSS in Image Editor Background Color	Concrete CMS	Concrete CMS	-	-	2024-09-24 21:17:01	Deep Dive
CVE-2024-8660	Stored XSS in the "Top Navigator Bar" block	Concrete CMS	Concrete CMS	中危	-	2024-09-17 18:13:59	Deep Dive
CVE-2024-8661	Concrete CMS version 9.0.0 to 9.3.3 and below 8.5.19 are vulnerable to Stored XSS in the "Next&Previous Nav" block	Concrete CMS	Concrete CMS	中危	-	2024-09-16 17:37:29	Deep Dive
CVE-2024-4350	Concrete CMS version 9 below 9.3.3 and below 8.5.18 are vulnerable to Stored XSS in RSS Displayer	Concrete CMS	Concrete CMS	-	-	2024-08-09 00:37:44	Deep Dive
CVE-2024-7512	Concrete CMS Stored XSS in Board instances	Concrete CMS	Concrete CMS	-	-	2024-08-09 00:19:14	Deep Dive
CVE-2024-7394	Concrete CMS version 9.0.0 through 9.3.2 and below 8.5.18 - Stored XSS in getAttributeSetName()	Concrete CMS	Concrete CMS	-	-	2024-08-08 16:31:48	Deep Dive
CVE-2024-4353	Stored XSS in Generate Board Name Input Field	Concrete CMS	Concrete CMS	-	-	2024-08-01 18:23:31	Deep Dive
CVE-2024-3181	Concrete CMS version 9 prior to 9.2.8 and previous versions prior to 8.5.16 are vulnerable to Stored XSS in the Search Field.	Concrete CMS	Concrete CMS	Low	3.1	2024-04-03 19:09:44	Deep Dive
CVE-2024-3180	Concrete CMS version 9 below 9.2.8 and previous versions below 8.5.16 is vulnerable to Stored XSS in blocks of type file	Concrete CMS	Concrete CMS	Low	3.1	2024-04-03 19:00:03	Deep Dive

Goal Reached Thanks to every supporter — we hit 100%!

Vulnerability List