CVE-2025-14430

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Brook brook allows PHP Local File Inclusion.This issue affects Brook: from n/a through = 2.9.0...

CVE-2025-14430 WordPress Brook - Agency Business Creative theme <= 2.9.0 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeMove Brook brook allows PHP Local File Inclusion.This issue affects Brook: from n/a through = 2.9.0...

PT-2026-1740

Name of the Vulnerable Software and Affected Versions ThemeMove Brook - Agency Business Creative versions through 2.8.9 Description The software contains a flaw related to improper control of filename for include/require statements, specifically a PHP Local File Inclusion issue. This allows for t...

EUVD-2004-1050

Malware in sbrugna...

EUVD-2022-51979

Malicious code in bioql PyPI...

CVE-2024-5149

The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email verification...

PT-2025-17898 · WordPress · Jobsearch Wp Job Board

Name of the Vulnerable Software and Affected Versions: JobSearch WP Job Board plugin for WordPress versions prior to 2.8.9 Description: The issue is related to authentication bypass due to improper configurations in the jobsearch xing response data callback, set access tokes, and google callback...

WordPress Ultimate Member plugin <= 2.8.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Profile Picture Update vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary User Profile Picture Update vulnerability discovered by tiborisaak in WordPress Plugin Ultimate Member versions = 2.8.9...

PT-2024-10044 · Rancher +1 · Rancher +1

Name of the Vulnerable Software and Affected Versions: Rancher versions prior to 2.8.9 Rancher versions prior to 2.9.3 Rancher versions 2.7.0 through 2.7.x Description: A vulnerability has been identified in the way that Rancher stores vSphere's CPI Cloud Provider Interface and CSI Container...

WordPress BuddyForms plugin <= 2.8.9 - Email Verification Bypass due to Insufficient Randomness vulnerability

Email Verification Bypass due to Insufficient Randomness vulnerability discovered by István Márton in WordPress Plugin BuddyForms versions = 2.8.9...

WordPress BuddyForms Plugin <= 2.8.9 is vulnerable to Bypass Vulnerability

Software BuddyForms Type Plugin Vulnerable versions = 2.8.9 Fixed in 2.8.10 OWASP Top 10 A4: Insecure Design Classification Bypass Vulnerability CVE CVE-2024-5149 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 5566e284be9a Credits István Márton Required privilege...

PT-2024-22417 · WordPress · Enhanced Media Library

Name of the Vulnerable Software and Affected Versions: Enhanced Media Library plugin for WordPress versions up to, and including, 2.8.9 Description: The issue allows authenticated attackers with author-level access and above to inject arbitrary web scripts in pages via media upload functionality...

WordPress Social Media & Share Icons Plugin < 2.8.9 is vulnerable to Cross Site Scripting (XSS)

Software Social Media & Share Icons Type Plugin Vulnerable versions 2.8.9 Fixed in 2.8.9 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2118 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 7af0889b0efd Credits Dmitrii Ignatye...

WordPress Enhanced Media Library plugin <= 2.8.9 - Authenticated (Author+) Stored Cross-Site Scripting vulnerability

Authenticated Author+ Stored Cross-Site Scripting vulnerability discovered by Tim Coen in WordPress Plugin Enhanced Media Library versions = 2.8.9...

BIT-DISCOURSE-2022-36066 Discourse vulnerable to RCE via admins uploading maliciously zipped file

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the stable branch and prior to 2.9.0.beta10 on the beta and tests-passed branches, admins can upload a maliciously crafted Zip or Gzip Tar archive to write files at arbitrary locations and trigger remote code execution...

BIT-DISCOURSE-2022-39226 Discourse user profile location and website fields were not sufficiently length-limited

Discourse is an open source discussion platform. In versions prior to 2.8.9 on the stable branch and prior to 2.9.0.beta10 on the beta and tests-passed branches, a malicious actor can add large payloads of text into the Location and Website fields of a user profile, which causes issues for other...

CentOS 9 : lynx-2.8.9-18.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the lynx-2.8.9-18.el9 build changelog. - Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may...

Medium: lynx

Issue Overview: Lynx through 2.8.9 mishandles the userinfo subcomponent of a URI, which allows remote attackers to discover cleartext credentials because they may appear in SNI data. CVE-2021-38165 Affected Packages: lynx Issue Correction: Run dnf update lynx --releasever 2023.3.20240219 or dnf...

Uncode Core < 2.8.9 - Authenticated (Subscriber+) Arbitrary File Deletion

Description The uncode-core plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 2.8.8. This makes it possible for authenticated attackers with subscriber level access or higher to delete arbitrary files on the site...

SUSE CVE-2017-7525

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper...