Latest CVE Feed

Vulnerabilities published in the last 30 days. Filter by severity, exploit status, or attack vector.

Score
Vulnerability
Published
10.0 CRITICAL
CVE-2026-34910 — "UniFi OS Command Injection Vulnerability"

A malicious actor with access to the network could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.

Remote | Injection
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
10.0 CRITICAL
CVE-2026-34909 — "UniFi OS Path Traversal Vulnerability"

A malicious actor with access to the network could exploit a Path Traversal vulnerability found in UniFi OS devices to access files on the underlying system that could be manipulated to access an und…

Remote | Path Traversal
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
10.0 CRITICAL
CVE-2026-34908 — "UniFi OS Improper Access Control Vulnerability"

A malicious actor with access to the network could exploit an Improper Access Control vulnerability found in UniFi OS devices to make unauthorized changes to the system.

Remote | Authorization
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
9.1 CRITICAL
CVE-2026-33000 — "UniFi OS Command Injection Vulnerability"

A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection.

Remote | Injection
May 22, 2026 May 22, 2026
May 22, 2026
May 22, 2026
2.3 LOW
CVE-2026-8435 — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concret…

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file approveVersion(). The Concrete CMS security team gave this vulnerability a CVSS v.4…

Remote | Cross-Site Request Forgery
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
2.3 LOW
CVE-2026-8434 — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concret…

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescanMultiple(). The Concrete CMS security team gave this vulnerability a CVSS v.4…

Remote | Cross-Site Request Forgery
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
2.3 LOW
CVE-2026-8433 — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concret…

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file rescan(). The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score…

Remote | Cross-Site Request Forgery
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
2.3 LOW
CVE-2026-8432 — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concret…

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file star(). The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score o…

Remote | Cross-Site Request Forgery
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
2.3 LOW
CVE-2026-8427 — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concret…

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file removeFavoriteFolder($id). The Concrete CMS security team gave this vulnerability a…

Remote | Cross-Site Request Forgery
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
2.3 LOW
CVE-2026-8416 — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concret…

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/backend/file addFavoriteFolder($id). The Concrete CMS security team gave this vulnerability a CV…

Remote | Cross-Site Request Forgery
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
2.3 LOW
CVE-2026-8415 — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concret…

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/express/association/reorder. The Concrete CMS security team gave this vulnerability a CVS…

Remote | Cross-Site Request Forgery
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
2.3 LOW
CVE-2026-8414 — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concret…

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/event/duplicate. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 scor…

Remote | Cross-Site Request Forgery
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
2.3 LOW
CVE-2026-8413 — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concret…

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/design. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 sco…

Remote | Cross-Site Request Forgery
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
2.3 LOW
CVE-2026-8412 — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concret…

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/cache. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 sco…

Remote | Cross-Site Request Forgery
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
2.3 LOW
CVE-2026-8411 — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concret…

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk/delete. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 sco…

Remote | Cross-Site Request Forgery
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
2.3 LOW
CVE-2026-8410 — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concret…

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/bulk/delete.  The The Concrete CMS security team gave this vulnerability a CVSS v.4.…

Remote | Cross-Site Request Forgery
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
2.3 LOW
CVE-2026-8409 — Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concret…

Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/delete.  The The Concrete CMS security team gave this vulnerability a CVSS v.4.0 sco…

Remote | Cross-Site Request Forgery
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
6.3 MEDIUM
CVE-2026-8337 — Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys when sites are running conc…

Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in such a way that both public and private surveys are present on the site. An unau…

Remote | Authorization
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
5.3 MEDIUM
CVE-2026-8327 — Concrete CMS below 9.5.0 and below is vulnerable to password change without reauthorizati…

Concrete CMS below 9.5.0 and below is vulnerable to password change without reauthorization and session-hardening bypass. The user-profile edit controller passes the entire raw POST array to UserInfo…

Remote | Authentication
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
6.0 MEDIUM
CVE-2026-8245 — Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML…

Concrete CMS 9.5.0 and below is vulnerable to Reflected XSS in Legacy Pagination via HTML attribute injection. Concrete\Core\Legacy\Pagination builds pagination links by raw-interpolating its $URL fi…

Remote | Cross-Site Scripting
May 21, 2026 May 21, 2026
May 21, 2026
May 21, 2026
Showing 20 of 6224 Results