266 matches found
Astra Linux - уязвимость в python-ldap
Python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the ldap.dn.escapednchars function incorrectly escaped \x00 by emitting a slash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this functi...
Astra Linux - уязвимость в python-ldap
Python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars could be exploited to skip escaping special characters when a crafted list or dict was provided as the assertionvalue parameter, and...
Unity Linux 20.1070e Security Update: python-ldap (UTSA-2026-007091)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007091 advisory. python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars...
OpenSSL Toolkit 3.4.5
OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 3.4 release...
EulerOS Virtualization 2.10.0 : python-ldap (EulerOS-SA-2026-1563)
According to the versions of the python-ldap packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitizatio...
EulerOS 2.0 SP11 : python-ldap (EulerOS-SA-2026-1617)
According to the versions of the python-ldap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, ldap.dn.escapednchars escapes...
EulerOS 2.0 SP11 : python-ldap (EulerOS-SA-2026-1589)
According to the versions of the python-ldap packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, ldap.dn.escapednchars escapes...
CVE-2026-28803 Open Forms possible to view submission details of other people than intended
Open Forms allows users create and publish smart forms. Prior to 3.3.13 and 3.4.5, to be able to cosign, the cosigner receives an e-mail with instructions or a deep-link to start the cosign flow. The submission reference is communicated so that the user can retrieve the submission to be cosigned...
CVE-2026-28803 Open Forms possible to view submission details of other people than intended
Open Forms allows users create and publish smart forms. Prior to 3.3.13 and 3.4.5, to be able to cosign, the cosigner receives an e-mail with instructions or a deep-link to start the cosign flow. The submission reference is communicated so that the user can retrieve the submission to be cosigned...
PT-2026-24717
Open Forms allows users create and publish smart forms. Prior to 3.3.13 and 3.4.5, to be able to cosign, the cosigner receives an e-mail with instructions or a deep-link to start the cosign flow. The submission reference is communicated so that the user can retrieve the submission to be cosigned...
Open Forms 访问控制错误漏洞
Open Forms is an open-source intelligent dynamic form tool. It is used to quickly create powerful and intelligent forms that can be exposed via APIs. Versions of Open Forms prior to 3.3.13 and 3.4.5 contained a access control vulnerability. This vulnerability allowed attackers to guess or modify...
SUSE CVE-2026-26981
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4, a heap-buffer-overflow OOB read occurs in the istreamnonparallelread function in...
CVE-2026-26981
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4, a heap-buffer-overflow OOB read occurs in the istreamnonparallelread function in...
CVE-2026-26981
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4, a heap-buffer-overflow OOB read occurs in the istreamnonparallelread function in...
CVE-2026-26981 OpenEXR has heap-buffer-overflow via signed integer underflow in ImfContextInit.cpp
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4, a heap-buffer-overflow OOB read occurs in the istreamnonparallelread function in...
CVE-2026-26981
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4, a heap-buffer-overflow OOB read occurs in the istreamnonparallelread function in...
CVE-2026-2246
CVE-2026-2246 affects the apriltag library (AprilRobotics) up to version 3.4.5. The vulnerability targets function apriltag_detector_detect in apriltag.c and results in memory corruption when exploited locally. Publicly disclosed exploit details are available, and a patch is identified by the pat...
CVE-2025-62106
Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through = 3.4.5...
CVE-2025-62106 WordPress WP-CRM System plugin <= 3.4.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through = 3.4.5...
CVE-2025-62106
The WP-CRM System WordPress plugin is affected by a Missing Authorization / Broken Access Control vulnerability through version 3.4.5. Reports describe missing capability checks on wpcrm_get_email_recipients and wpcrm_system_ajax_task_change_status AJAX endpoints, allowing authenticated users (su...