🚨 EUVD-2026-31378

📊 Score: 2.3/10 (CVSS v3.1)
📦 Product: Concrete CMS
🏢 Vendor: Concrete CMS
📅 Updated: 2026-05-21

📝 Concrete CMS 9 before 9.5.0 is vulnerable to Cross Site Request Forgery (CSRF) at concrete/controllers/dialog/logs/delete.  The The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.3 with vector CVSS:4.0/AV:N/AC:L/AT:P/PR...

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-31378

#cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-31379

📊 Score: 2.1/10 (CVSS v3.1)
📦 Product: Concrete CMS
🏢 Vendor: Concrete CMS
📅 Updated: 2026-05-21

📝 In Concrete CMS 9.5.0 and below, the RSS Displayer block accepts a feed URL from any page editor and fetches it server-side without validation enabling redirect-to-internal bypasses.  The Concrete CMS security team gave this vulnerability a CVSS v...

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-31379

#cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-31380

📊 Score: 2.0/10 (CVSS v3.1)
📦 Product: Concrete CMS
🏢 Vendor: Concrete CMS
📅 Updated: 2026-05-21

📝 Concrete CMS 9.5.0 and below is vulnerable to Stored XSS via external-link page cvName because updateCollectionAliasExternal bypasses being sanitized. The Concrete CMS security team gave this vulnerability a CVSS v.4.0 score of 2.0 with vector CVS...

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-31380

#cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-31381

📊 Score: 5.1/10 (CVSS v3.1)
📦 Product: Simple Hierarchical Select (shs)
🏢 Vendor: Drupal
📅 Updated: 2026-05-21

📝 Simple Hierarchical Select (SHS) for Drupal 7 contains cross-site scripting risk due to improper output escaping of term-derived text. Confirmed affected paths include field formatter output (shs_field_formatter_view) and term-tree ch...

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-31381

#cybersecurity #infosec #euvd #cve #vulnerability

🚨 EUVD-2026-31377

📊 Score: 5.1/10 (CVSS v3.1)
📦 Product: Term Reference Tree
🏢 Vendor: Drupal
📅 Updated: 2026-05-21

📝 In the Drupal 7 Term Reference Tree module, two stored XSS vectors exist in the widget/formatter rendering pipeline.

Vector A (token display templates): When the Token module is enabled and token display templates are configured, attacker-control...

🔗 https://euvd.enisa.europa.eu/vulnerability/EUVD-2026-31377

#cybersecurity #infosec #euvd #cve #vulnerability

Firefox is working on a rounded redesign with easy-to-find controls for privacy and AI

Firefox is getting a drastic visual overhaul with a redesigned Settings section that will make it easier to find and use privacy settings, including the switch for turning off all present and future AI features. Mozilla…

https://www.theverge.com/tech/935631/firefox-project-nova-redesign

#Tech #Technology #TechNews #AI #Gadgets #Software #Cybersecurity #Apple #Google #Microsoft #Startup #OpenSource #TheVerge [The Verge]

CVE-2025-41742 - Critical auth bypass in Sprecher Automations SPRECON-E-C/P/T3. Default crypto keys allow remote read, modify, write access. CVSS 9.8. No patch available. Isolate affected systems immediately. #CVE #ICS #cybersecurity

https://www.valtersit.com/cve/CVE-2025-41742/

🟠 CVE-2025-71214 - High (7.8)

An origin validation error vulnerability in the Trend Micro Apex One (mac) agent iCore service could allow a local attacker to escalate privileges on affected installations.

Please note: an attacker must first obtain the ability to execute low-...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2025-71214/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack

🟠 CVE-2026-34930 - High (7.8)

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different process protection mechanism.

Please note: an ...

🔗 https://www.thehackerwire.com/vulnerability/CVE-2026-34930/

#CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack