EUVD-2026-26745

The Gravity Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Consent field hidden inputs in versions up to and including 2.10.0. This is due to a flawed state validation mechanism that fails open when input is sanitized by wpkses, combined with insufficient output...

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the columns parameter in the Express Entry List block configuration. An attacker can execute arbitrary code on the server by injecting crafted serialized data that is later processed without proper...

Concrete CMS vulnerable to Remote Code Execution by stored PHP object injection

Concrete CMS below version 9.4.8 is vulnerable to Remote Code Execution by stored PHP object injection into the Express Entry List block via the columns parameter. An authenticated administrator can store attacker-controlled serialized data in block configuration fields that are later passed to...

EUVD-2026-9356

Concrete CMS below version 9.4.8 is vulnerable to Remote Code Execution by stored PHP object injection into the Express Entry List block via the columns parameter. An authenticated administrator can store attacker-controlled serialized data in block configuration fields that are later passed to...

GHSA-GJ26-W59C-29MF Concrete CMS vulnerable to Remote Code Execution by stored PHP object injection

Concrete CMS below version 9.4.8 is vulnerable to Remote Code Execution by stored PHP object injection into the Express Entry List block via the columns parameter. An authenticated administrator can store attacker-controlled serialized data in block configuration fields that are later passed to...

CVE-2026-3452

Concrete CMS below version 9.4.8 is vulnerable to Remote Code Execution by stored PHP object injection into the Express Entry List block via the columns parameter. An authenticated administrator can store attacker-controlled serialized data in block configuration fields that are later passed to...

CVE-2026-3452 Concrete CMS below 9.4.8 is vulnerable to stored deserialization leading to RCE in the Express Entry List block.

Concrete CMS below version 9.4.8 is vulnerable to Remote Code Execution by stored PHP object injection into the Express Entry List block via the columns parameter. An authenticated administrator can store attacker-controlled serialized data in block configuration fields that are later passed to...

CVE-2026-3452

Concrete CMS versions below 9.4.8 are vulnerable to Remote Code Execution via stored PHP object injection in the Express Entry List block, using the columns parameter. An authenticated administrator can store attacker-controlled serialized data in block configuration fields that are later passed ...

CVE-2026-3452 Concrete CMS below 9.4.8 is vulnerable to stored deserialization leading to RCE in the Express Entry List block.

Concrete CMS below version 9.4.8 is vulnerable to Remote Code Execution by stored PHP object injection into the Express Entry List block via the columns parameter. An authenticated administrator can store attacker-controlled serialized data in block configuration fields that are later passed to...

PT-2026-22863

Concrete CMS below version 9.4.8 is vulnerable to Remote Code Execution by stored PHP object injection into the Express Entry List block via the columns parameter. An authenticated administrator can store attacker-controlled serialized data in block configuration fields that are later passed to...

Concrete CMS 安全漏洞

Concrete CMS is an open-source content management system designed for teams. Versions of Concrete CMS prior to 9.4.8 contained a security vulnerability. This vulnerability stemmed from PHP object injection in the columns parameter within the Express Entry List block, which could lead to remote co...

DEBIAN-CVE-2023-53444

In the Linux kernel, the following vulnerability has been resolved: drm/ttm: fix bulkmove corruption when adding a entry When the resource is the first in the bulkmove range, adding it again thus moving it to the tail will corrupt the list since the first pointer is not moved. This eventually lea...

PT-2025-16766

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free vulnerability has been identified in the Linux kernel. The issue occurs while iterating the all mddevs list from md notify reboot and md exit, where list for each entry...

SUSE CVE-2025-21730

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: avoid to init mgntentry list twice when WoWLAN failed If WoWLAN failed in resume flow, the rtw89opsaddinterface triggered without removing the interface first. Then the mgntentry list init again, causing the listempt...

DEBIAN-CVE-2025-21730

In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: avoid to init mgntentry list twice when WoWLAN failed If WoWLAN failed in resume flow, the rtw89opsaddinterface triggered without removing the interface first. Then the mgntentry list init again, causing the listempt...

CVE-2025-21730

CVE-2025-21730 affects the Linux kernel WiFi driver rtw89. The issue occurs during WoWLAN resume when an interface is re-added without removing the previous entry, causing mgnt_entry list to be initialized twice and leading to list corruption (list_add_tail on an already linked entry). The fix ad...

FlatPress 跨站脚本漏洞

FlatPress is a Php-based blogging system from the FlatPress community that does not require database support. A cross-site scripting vulnerability exists in FlatPress, which stems from a problem with an unknown part of the admin/panels/entry/admin.entry.list.php file in the Admin Area component...

FlatPress < 1.3 Multiple Vulnerabilities

FlatPress is prone to multiple vulnerabilities. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...