Embedded System Vulnerabilities
A focused list of vulnerabilities relevant to embedded and IoT devices.
| CVE ID | Description | Severity | Published | Type |
|---|---|---|---|---|
| CVE-2026-8411 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/page/bulk… | Unknown | 2026-05-21 | Environment Specific |
| CVE-2026-8410 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/bulk… | Unknown | 2026-05-21 | Environment Specific |
| CVE-2026-8409 | Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/dele… | Unknown | 2026-05-21 | Environment Specific |
| CVE-2026-8337 | Concrete CMS 9.5.0 and below is vulnerable to IDOR in surveys. To be vulnerable, a site would have to be configured in … | Unknown | 2026-05-21 | Environment Specific |
| CVE-2026-8327 | Concrete CMS below 9.5.0 and below is vulnerable to password change without reauthorization and session-hardening bypas… | Unknown | 2026-05-21 | Environment Specific |