CVE-2026-42880 ArgoCD ServerSideDiff is vulnerable to Kubernetes Secret Extraction

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. From versions 3.2.0 to before 3.2.11 and 3.3.0 to before 3.3.9, there is a missing authorization and data-masking gap in Argo CD's ServerSideDiff endpoint that allows an attacker with read-only access to extract plaintext...

Astra Linux - уязвимость в ruby2.5

REXML is an XML toolkit for Ruby. The REXML gem prior to version 3.3.9 has a ReDoS vulnerability when it parses an XML document containing many digits between “&” and “x…” in a hexadecimal character reference &x…. This issue does not occur in Ruby 3.2 or later versions. Ruby 3.1 is the only...

EUVD-2026-26726

In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data...

CVE-2026-43824

In Argo CD 3.2.0 before 3.2.11 and 3.3.0 before 3.3.9, ServerSideDiff allows reading cleartext Kubernetes Secret data...

PT-2026-36558

Name of the Vulnerable Software and Affected Versions Argo CD versions 3.2.0 through 3.2.10 Argo CD versions 3.3.0 through 3.3.8 Description The 'ServerSideDiff' endpoint allows the disclosure of cleartext Kubernetes Secret data. This occurs when the IncludeMutationWebhook variable is set to true...

Linux Distros Unpatched Vulnerability : CVE-2026-33691

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The OWASP core rule set CRS is a set of generic attack detection rules for use with compatible web application firewalls. Prior to versions 3.3.9 and 4.25.0, a...

EUVD-2026-23670

The Content Blocks Custom Post Widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's contentblock shortcode in all versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping on user supplied values consumed from user-created...

[SECURITY] Fedora 42 Update: mingw-openexr-3.3.9-1.fc42

MinGW Windows openexr library...

[SECURITY] Fedora 43 Update: mingw-openexr-3.3.9-1.fc43

MinGW Windows openexr library...

Fedora 43 : mingw-openexr (2026-c803743b67)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-c803743b67 advisory. Update to openexr-3.3.9. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Out-of-bounds Write

Overview OpenEXR is a Python bindings for the OpenEXR image file format Affected versions of this package are vulnerable to Out-of-bounds Write through the LossyDctDecoderexecute process. An attacker can cause a crash or denial of service by providing a crafted scanline DWAA file that triggers an...

Out-of-bounds Write

Overview Affected versions of this package are vulnerable to Out-of-bounds Write through the LossyDctDecoderexecute process. An attacker can cause a crash or denial of service by providing a crafted scanline DWAA file that triggers an integer overflow, resulting in a heap out-of-bounds write duri...

SUSE CVE-2026-34380

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a signed integer overflow exists in undopxr24impl in src/lib/OpenEXRCore/internalpxr24.c at line 377. The...

CVE-2026-34589

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. Fo...

DEBIAN-CVE-2026-34380

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a signed integer overflow exists in undopxr24impl in src/lib/OpenEXRCore/internalpxr24.c at line 377. The...

CVE-2026-34589

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. Fo...

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the genericunpack function when parsing EXR files containing a crafted negative value for dataWindow.min.x. An attacker can cause the process to terminate unexpectedly by supplying a specially crafted E...

CVE-2026-34379 OpenEXR has a misaligned write in LossyDctDecoder_execute leading to undefined behavior (DWA/DWAB decompression)

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists in LossyDctDecoderexecute in...

PT-2026-30662

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.1.0 through 3.2.6, versions prior to 3.3.9, and versions prior to 3.4.9 Description OpenEXR, an image storage format used in the motion picture industry, contains a flaw in the internal exr undo piz function. Specifically, t...

OpenEXR 安全漏洞

OpenEXR is an open standard for high dynamic range image file formats, open-sourced by the Academy Software Foundation. Versions of OpenEXR prior to 3.2.0, 3.3.9, and 3.4.9 contain security vulnerabilities due to misaligned memory writes, which may lead to crashes or exploitable undefined behavio...