Embedded System Vulnerabilities
A focused list of vulnerabilities relevant to embedded and IoT devices.
| CVE ID | Description | Severity | Published | Type |
|---|---|---|---|---|
| CVE-2026-8204 | Concrete CMS 9.5.0 and below is vulnerable to authorization Bypass in the Calendar Event Frontend Dialog which can allo… | Unknown | 2026-05-21 | Environment Specific |
| CVE-2026-8203 | Concrete CMS 9.5.0 and below has Stored XSS on the height parameter. The controller does not validate or sanitize $heig… | Unknown | 2026-05-21 | Environment Specific |
| CVE-2026-8197 | Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via OAuth integration name. The OAuth authorize template rende… | Unknown | 2026-05-21 | Environment Specific |
| CVE-2026-8135 | Concrete CMS 9.5.0 and below is vulnerable to Remote Code Execution due to insecure deserialization occurring in the E… | Unknown | 2026-05-21 | Environment Specific |
| CVE-2026-8134 | Concrete CMS 9.5.0 and below fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemp… | Unknown | 2026-05-21 | Environment Specific |