CVE-2026-33806

Summary: CVE-2026-33806 affects Fastify where, in applications using schema.body.content, a leading space in the Content-Type header can bypass per-content-type body validation while the body is parsed normally. This is a regression introduced in Fastify >= 5.3.2 as a follow-up to CVE-2025-324...

PT-2026-33000

Impact: Fastify applications using schema.body.content for per-content-type body validation can have validation bypassed entirely by prepending a space to the Content-Type header. The body is still parsed correctly but schema validation is skipped. This is a regression introduced in fastify = 5.3...

EspoCRM 安全漏洞

EspoCRM is an open-source, web-based Customer Relationship Management system CRM developed by EspoCRM. This system offers features such as sales automation, community management, and customer support. Version 5.8.5 of EspoCRM contains a security vulnerability. This vulnerability stems from an...

PT-2025-44477

Name of the Vulnerable Software and Affected Versions Nagios XI versions prior to CCM 3.1.3 Nagios XI versions prior to 5.8.5 Description The Core Config Manager CCM contains a SQL injection issue in how search text is handled. User-supplied input is not properly sanitized before being used in SQ...

EUVD-2021-23921

Malware in sbrugna...

EUVD-2021-23914

Malware in sbrugna...

RHSA-2025:11695 Red Hat Security Advisory: Red Hat JBoss Web Server 5.8.5 release and security update

Bulletin has no description...

📄 EMQX 5.8.5 Remote Code Execution

A remote code execution vulnerability exists in the EMQX Dashboard component of EMQX, up to and including version 5.8.5. Authenticated users can upload plugins containing arbitrary code, including any kind of Erlang code, which may be executed on the server hosting the web interface. This is...

CVE-2021-37350

Nagios XI before version 5.8.5 is vulnerable to SQL injection vulnerability in Bulk Modifications Tool due to improper input sanitisation...

CVE-2021-37345

Nagios XI before version 5.8.5 is vulnerable to local privilege escalation because xi-sys.cfg is being imported from the var directory for some scripts with elevated permissions...

WordPress 5.8.x < 5.8.5 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A SQL injection vulnerability within the Link API. - A Cross-Site Scripting XSS vulnerability on the Plugins screen. - An output escaping issue within themeta. Note that t...

CVE-2022-29272

In Nagios XI through 5.8.5, an open redirect vulnerability exists in the login function that could lead to spoofing...

CVE-2022-29272

CVE-2022-29272 affects Nagios XI

PT-2022-19511 · Nagios Xi · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI versions 5.8.5 and earlier Description: The issue allows an authenticated attacker to inject HTML tags in the schedule report function, leading to the reformatting or editing of emails from an official email address. Recommendations...

Nagios XI 安全漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. A security vulnerability exists in Nagios XI version 5.8.5 and earlier versions. An attacker can exploit th...

Nagios XI 跨站脚本漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems, and more. A cross-site scripting vulnerability exists in Nagios XI version 5.8.5 and prior versions. An attacker cou...

Nagios XI 访问控制错误漏洞

Nagios XI is a suite of IT infrastructure monitoring solutions from the US-based Nagios. The solution supports monitoring and alerting of applications, services, operating systems and more. A security vulnerability exists in Nagios XI version 5.8.5 and prior versions. An attacker can exploit the...

CVE-2021-40344

CVE-2021-40344 affects Nagios XI 5.8.5. In the Admin panel’s Custom Includes, an administrator can upload files with arbitrary extensions if the MIME type matches an image, enabling a crafted PHP script upload and remote code execution. The root cause is inadequate validation of uploaded content/...

CVE-2021-40343

CVE-2021-40343 affects Nagios XI 5.8.5 via insecure file permissions on nagios_unbundler.py, enabling a local nagios user to escalate to root. Connected docs confirm root-level impact and remote-code-execution exposure in related advisories; publicly available exploit code exists per NCSC. Remedi...

PT-2021-22866 · Nagios Xi · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI version 5.8.5 Description: An issue was discovered in the Manage Dashlets section of the Admin panel, where an administrator can upload ZIP files. A command injection, within the name of the first file in the archive, allows an...