CVE security advisories and vulnerability history for concretecms by Concrete CMS.
150
Total CVEs
Published
0
In CISA KEV
Exploited in the wild
8
Public exploits
PoC or exploit code
5.6
Avg CVSS
2017–2026
Last updated
Overview
Concrete CMS concretecms has 150 published CVE records since 2017, of which 0 are in CISA's Known Exploited Vulnerabilities catalog and 8 have a known public exploit. The average CVSS base score across scored CVEs is 5.6.
This page aggregates every publicly disclosed vulnerability (CVE) affecting Concrete CMS concretecms, with a severity breakdown, the affected and patched versions, the most common weakness types, and the full CVE list.
Severity and exploitation
How the CVSS severity of Concrete CMS concretecms's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.
Critical7
High29
Medium90
Low24
In CISA’s Known Exploited Vulnerabilities catalog
0
None of Concrete CMS concretecms's CVEs are currently listed in CISA's KEV catalog.
Public exploits
8
8 of Concrete CMS concretecms's CVEs have a known public exploit available.
Affected versions and CVEs
Browse every Concrete CMS concretecms version named in a CVE, then pick one to see only the CVEs that affect it.
Common questions about Concrete CMS concretecms vulnerabilities.
How many CVEs does Concrete CMS concretecms have?
Concrete CMS concretecms has 150 published CVE records since 2017.
How many Concrete CMS concretecms CVEs are in CISA KEV?
None of Concrete CMS concretecms's CVEs are currently listed in CISA's Known Exploited Vulnerabilities catalog.
Are there public exploits for Concrete CMS concretecms vulnerabilities?
Yes — 8 of Concrete CMS concretecms's CVEs have a known public exploit.
Which versions of Concrete CMS concretecms are affected?
112 distinct Concrete CMS concretecms versions are named across its CVEs. Use the version filter above to see the CVEs affecting a specific version.
What are the most common weakness types in Concrete CMS concretecms CVEs?
Concrete CMS concretecms's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-352 (Cross-Site Request Forgery (CSRF)), CWE-20 (Improper Input Validation), CWE-639 (Authorization Bypass Through User-Controlled Key).
How many critical Concrete CMS concretecms vulnerabilities are there?
Concrete CMS concretecms has 7 critical and 29 high-severity CVEs.
What is the average severity of Concrete CMS concretecms CVEs?
The average CVSS base score across Concrete CMS concretecms's scored CVEs is 5.6.