CVE-2026-40075 OpenMRS Core arbitrary file read via path traversal in ModuleResourcesServlet

OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the /openmrs/moduleResources/moduleid endpoint is vulnerable to a path traversal attack. The ModuleResourcesServlet constructs a filesystem path from...

CVE-2026-40075 OpenMRS Core arbitrary file read via path traversal in ModuleResourcesServlet

OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the /openmrs/moduleResources/moduleid endpoint is vulnerable to a path traversal attack. The ModuleResourcesServlet constructs a filesystem path from...

openmrs-core 路径遍历漏洞

OpenMRS-core is an open-source electronic medical record system developed by OpenMRS. OpenMRS-core has a path traversal vulnerability. This vulnerability stems from the getFile method in ModuleResourcesServlet, which does not validate path boundaries. As a result, unauthorized attackers may be ab...

GHSA-78FC-9688-W8XW OpenMRS Module Upload Vulnerable to Path Traversal (Zip Slip)

Affected Versions version ≤ 2.7.8 latest version at time of disclosure https://github.com/openmrs/openmrs-core Impact The endpoint POST /openmrs/ws/rest/v1/module is vulnerable to a path traversal Zip Slip attack. An authenticated attacker can upload a crafted .omod archive containing ZIP entries...

OpenMRS Module Upload Vulnerable to Path Traversal (Zip Slip)

Affected Versions version ≤ 2.7.8 latest version at time of disclosure https://github.com/openmrs/openmrs-core Impact The endpoint POST /openmrs/ws/rest/v1/module is vulnerable to a path traversal Zip Slip attack. An authenticated attacker can upload a crafted .omod archive containing ZIP entries...

GHSA-JJGJ-CX3Q-PW4W OpenMRS ModuleResourcesServlet has Path Traversal that Leads to Arbitrary File Read

Affected Versions version ≤ 2.7.8 latest version at time of disclosure https://github.com/openmrs/openmrs-core Impact The /openmrs/moduleResources/moduleid endpoint in OpenMRS Core is vulnerable to a path traversal attack. The ModuleResourcesServlet does not properly validate user-supplied path...

PT-2026-36925

Name of the Vulnerable Software and Affected Versions Open5GS versions prior to 2.7.8 Description A security flaw in the authentication-subscription component allows remote exploitation leading to a denial of service. The issue exists within the udm nudr dr handle subscription authentication...

MiracleLinux 4 : python27-python-2.7.8-18.0.1.AXS4.AXS4 (AXSA:2016-643:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-643:01 advisory. Python is an interpreted, interactive, object-oriented programming language often compared to Tcl, Perl, Scheme or Java. Python includes modules, classes,...

CVE-2025-68044

Authorization Bypass Through User-Controlled Key vulnerability in Rustaurius Five Star Restaurant Reservations restaurant-reservations allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Five Star Restaurant Reservations: from n/a through = 2.7.4...

PT-2026-1269

Name of the Vulnerable Software and Affected Versions Rustaurius Five Star Restaurant Reservations versions through 2.7.8 Description An authorization bypass exists in Rustaurius Five Star Restaurant Reservations due to incorrectly configured access control security levels. This allows exploitati...

WordPress Five Star Restaurant Reservations plugin <= 2.7.4 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by daroo in WordPress Plugin Five Star Restaurant Reservations versions = 2.7.4...

CVE-2025-66117

Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through = 2.7.8...

CVE-2025-66117 WordPress Easy Form plugin <= 2.7.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through = 2.7.8...

CVE-2025-66117 WordPress Easy Form plugin <= 2.7.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through = 2.7.8...

EUVD-2025-204043

Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through = 2.7.8...

CVE-2025-66117

CVE-2025-66117 corresponds to a Missing Authorization/Broken Access Control issue in the WordPress plugin Easy Form . Affected: Easy Form versions up to and including 2.7.8 . The vulnerability arises from incorrectly configured access control, enabling exploitation due to missing authorization. M...

PT-2025-52202

Missing Authorization vulnerability in Ays Pro Easy Form easy-form allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Form: from n/a through = 2.7.8...

CVE-2025-49939 WordPress JetElements For Elementor plugin <= 2.7.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Crocoblock JetElements For Elementor jet-elements allows Stored XSS.This issue affects JetElements For Elementor: from n/a through = 2.7.8...

EUVD-2021-24189

Malware in sbrugna...

EUVD-2023-40626

Malicious code in bioql PyPI...