CVE-2018-25393 Navigate CMS 2.8.5 Path Traversal via navigate_download.php

Navigate CMS 2.8.5 contains a path traversal vulnerability that allows authenticated users to download arbitrary files by injecting directory traversal sequences in the id parameter. Attackers can send GET requests to navigatedownload.php with path traversal payloads ../../../cfg/globals.php to...

CVE-2026-40075 OpenMRS Core arbitrary file read via path traversal in ModuleResourcesServlet

OpenMRS Core is an open source electronic medical record system platform. In versions 2.7.8 and earlier and versions 2.8.0 through 2.8.5, the /openmrs/moduleResources/moduleid endpoint is vulnerable to a path traversal attack. The ModuleResourcesServlet constructs a filesystem path from...

openmrs-core 路径遍历漏洞

OpenMRS-core is an open-source electronic medical record system developed by OpenMRS. OpenMRS-core has a path traversal vulnerability. This vulnerability stems from the getFile method in ModuleResourcesServlet, which does not validate path boundaries. As a result, unauthorized attackers may be ab...

Important: Red Hat Security Advisory: multicluster engine for Kubernetes v2.8.5 security update

The multicluster engine for Kubernetes 2.8 General Availability release images, which add new features and enhancements, bug fixes, and updated container images. The multicluster engine for Kubernetes v2.8 images The multicluster engine for Kubernetes provides the foundational components that are...

org.apache.storm:storm-webapp-bin (>=2.0.0 <=2.8.5) potentially affected by CVE-2026-35565 via org.apache.storm:storm-webapp (>=2.0.0 <=2.8.5)

org.apache.storm:storm-webapp MAVEN version =2.0.0, =2.0.0, =2.8.5 Source cves: CVE-2026-35565 Source advisory: SNYK:JAVA-ORGAPACHESTORM-16321660...

MiracleLinux 4 : gnutls-2.8.5-19.AXS4 (AXSA:2016-014:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2016-014:01 advisory. GnuTLS is a project that aims to develop a library which provides a secure layer, over a reliable transport layer. Currently the GnuTLS library implements the...

CVE-2025-68492

Chainlit contains an authorization bypass vulnerability (CVE-2025-68492) affecting versions prior to 2.8.5. An attacker who can log in may view threads or obtain thread ownership due to a user-controlled key flaw (CWE-639). Documented impact is limited to those who can authenticate; no exploit sp...

Chainlit 安全漏洞

Chainlit is a large model dialog interface framework open-sourced by chainlit. A security vulnerability exists in Chainlit versions prior to 2.8.5 that stems from the presence of an authorization bypass via a user control key, which could lead to an attacker logging in to view threads or gain...

MiracleLinux 3 : lynx-2.8.5-28.1.1.1AXS3 (AXSA:2008-473:01)

The remote MiracleLinux 3 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2008-473:01 advisory. Lynx is a text-based Web browser. Lynx does not display any images, but it does support frames, tables, and most other HTML tags. One advantage Lynx...

EUVD-2004-0188

Malware in sbrugna...

EUVD-2025-26173

Malicious code in bioql PyPI...

EUVD-2025-30537

Malicious code in bioql PyPI...

CVE-2025-58677

Cross-Site Request Forgery CSRF vulnerability in puravida1976 ShrinkTheWeb STW Website Previews shrinktheweb-website-preview-plugin allows Stored XSS.This issue affects ShrinkTheWeb STW Website Previews: from n/a through = 2.8.5...

CVE-2025-58677

Cross-Site Request Forgery CSRF vulnerability in puravida1976 ShrinkTheWeb STW Website Previews shrinktheweb-website-preview-plugin allows Stored XSS.This issue affects ShrinkTheWeb STW Website Previews: from n/a through = 2.8.5...

WordPress ShrinkTheWeb (STW) Website Previews Plugin <= 2.8.5 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin ShrinkTheWeb STW Website Previews versions = 2.8.5...

CVE-2025-58677

Technical details about CVE-2025-58677 are not provided in the supplied documents. The Initial Description notes a CSRF-related Stored XSS affecting ShrinkTheWeb up to 2.8.5, but specific vectors, vulnerable components, affected files, or remediation steps are not disclosed here; monitor for upda...

PT-2025-38965

Name of the Vulnerable Software and Affected Versions ShrinkTheWeb STW Website Previews versions through 2.8.5 Description A Cross-Site Request Forgery CSRF issue exists in ShrinkTheWeb STW Website Previews, which also allows Stored Cross-Site Scripting XSS. This allows an attacker to perform...

CVE-2025-8147

The LWSCache plugin for WordPress is vulnerable to unauthorized modification of data due to improper authorization on the lwscacheactivatePlugin function in all versions up to, and including, 2.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

PT-2025-35187

Name of the Vulnerable Software and Affected Versions: LWSCache plugin for WordPress versions up to and including 2.8.5 Description: The LWSCache plugin for WordPress is susceptible to unauthorized data modification because of insufficient authorization within the lwscache activatePlugin function...

WordPress LWSCache plugin <= 2.8.5 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation via lwscache_activatePlugin Function vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Plugin Activation via lwscacheactivatePlugin Function vulnerability discovered by wesley wcraft in WordPress Plugin LWSCache versions = 2.8.5...