CVE-2026-8135 Concrete CMS 9.5.0 and below is vulnerable to RCE due to insecure deserialization occurring in the ExpressEntryList block controller.

Concrete CMS 9.5.0 and below is vulnerable to Remote Code Execution due to insecure deserialization occurring in the ExpressEntryList block controller. An rogue administrator with privileges to add blocks to an area can bypass the intended protection mechanism fromCIF === true, which normally...

CVE-2026-8135 Concrete CMS 9.5.0 and below is vulnerable to RCE due to insecure deserialization occurring in the ExpressEntryList block controller.

Concrete CMS 9.5.0 and below is vulnerable to Remote Code Execution due to insecure deserialization occurring in the ExpressEntryList block controller. An rogue administrator with privileges to add blocks to an area can bypass the intended protection mechanism fromCIF === true, which normally...

PT-2026-42536

Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description Remote Code Execution RCE is possible due to insecure deserialization in the ExpressEntryList block controller. An administrator with permissions to add blocks can bypass the fromCIF === true...

Concrete CMS 代码问题漏洞

Concrete CMS is an open-source content management system developed by Concrete CMS. Versions of Concrete CMS 9.5.0 and earlier have code vulnerabilities. These vulnerabilities stem from insecure deserialization in the ExpressEntryList block controller. This could allow malicious administrators wi...

CVE-2026-31655

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: Keep the NOCHDCP clock enabled Keep the NOCHDCP clock always enabled to fix the potential hang caused by the NoC ADB400 port power down handshake...

CVE-2026-23187

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc-domains Fix out-of-range access of bc-domains in imx8mblkctrlremove...

CVE-2026-23187

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc-domains Fix out-of-range access of bc-domains in imx8mblkctrlremove...

CVE-2026-23187

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc-domains Fix out-of-range access of bc-domains in imx8mblkctrlremove...

CVE-2026-23187 pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc-domains Fix out-of-range access of bc-domains in imx8mblkctrlremove...

EUVD-2026-5855

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc-domains Fix out-of-range access of bc-domains in imx8mblkctrlremove...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, caused by improper settings of the rst and clk masks for 8mq vpu in pmdomain imx8m-blk-ctrl, which may lead to...

EUVD-2024-52335

Malicious code in bioql PyPI...

kernel: pmdomain: imx93-blk-ctrl: correct remove path

In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx93-blk-ctrl: correct remove path The check condition should be 'i onecelldata.numdomains', not 'bc-onecelldata.numdomains' which will make the look never finish and cause kernel panic. Also disable runtime to address...

CVE-2024-54208

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Joni Halabi Block Controller block-controller allows Reflected XSS.This issue affects Block Controller: from n/a through = 1.4.3...

CVE-2024-54208

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Joni Halabi Block Controller block-controller allows Reflected XSS.This issue affects Block Controller: from n/a through = 1.4.3...

CVE-2024-54208 WordPress Block Controller plugin <= 1.4.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Joni Halabi Block Controller block-controller allows Reflected XSS.This issue affects Block Controller: from n/a through = 1.4.3...

CVE-2024-54208 WordPress Block Controller plugin <= 1.4.3 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Joni Halabi Block Controller block-controller allows Reflected XSS.This issue affects Block Controller: from n/a through = 1.4.3...

CVE-2024-54208

CVE-2024-54208 is a Reflected XSS in the WordPress Block Controller plugin affecting versions up to 1.4.2. The vulnerability arises from improper input neutralization during web page generation. The CVSSv3.1 base score is 7.1 (HIGH) with NETWORK attack vector, requiring user interaction. Remediat...

WordPress plugin Block Controller 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

PT-2024-36085 · Unknown · Joni Halabi Block Controller

Name of the Vulnerable Software and Affected Versions: Joni Halabi Block Controller versions 1.4.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential...