5 matches found
CVE-2026-34589
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. Fo...
PT-2026-30662
Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.1.0 through 3.2.6, versions prior to 3.3.9, and versions prior to 3.4.9 Description OpenEXR, an image storage format used in the motion picture industry, contains a flaw in the internal exr undo piz function. Specifically, t...
WordPress Academy LMS plugin <= 3.3.8 - Authenticated (Administrator+) PHP Object Injection via 'import_all_courses' vulnerability
Authenticated Administrator+ PHP Object Injection via 'importallcourses' vulnerability discovered by Michelle Porter - Wordfence in WordPress Plugin Academy LMS versions = 3.3.8...
WordPress Academy LMS Pro plugin <= 3.3.8 - Unauthenticated Sensitive Information Exposure via 'enqueue_social_login_script' vulnerability
Unauthenticated Sensitive Information Exposure via 'enqueuesocialloginscript' vulnerability discovered by Michelle Porter - Wordfence in WordPress Plugin Academy LMS Pro versions = 3.3.8...
WordPress Easy Digital Downloads plugin <= 3.3.8.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via edd_receipt Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via eddreceipt Shortcode vulnerability discovered by muhammad yudha in WordPress Plugin Easy Digital Downloads versions = 3.3.8.1...