Astra Linux - уязвимость в python-ldap

Python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the ldap.dn.escapednchars function incorrectly escaped \x00 by emitting a slash followed by a literal NUL byte instead of the RFC-4514 hex form \00. Any application that uses this functi...

Astra Linux - уязвимость в python-ldap

Python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars could be exploited to skip escaping special characters when a crafted list or dict was provided as the assertionvalue parameter, and...

Unity Linux 20.1070e Security Update: python-ldap (UTSA-2026-007091)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007091 advisory. python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitization method ldap.filter.escapefilterchars...

OpenSSL Toolkit 3.4.5

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer and Transport Layer Security protocols with full-strength cryptography world-wide. This is the 3.4 release...

EulerOS Virtualization 2.10.0 : python-ldap (EulerOS-SA-2026-1563)

According to the versions of the python-ldap packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitizatio...

CVE-2026-28803 Open Forms possible to view submission details of other people than intended

Open Forms allows users create and publish smart forms. Prior to 3.3.13 and 3.4.5, to be able to cosign, the cosigner receives an e-mail with instructions or a deep-link to start the cosign flow. The submission reference is communicated so that the user can retrieve the submission to be cosigned...

PT-2026-24717

Open Forms allows users create and publish smart forms. Prior to 3.3.13 and 3.4.5, to be able to cosign, the cosigner receives an e-mail with instructions or a deep-link to start the cosign flow. The submission reference is communicated so that the user can retrieve the submission to be cosigned...

Open Forms 访问控制错误漏洞

Open Forms is an open-source intelligent dynamic form tool. It is used to quickly create powerful and intelligent forms that can be exposed via APIs. Versions of Open Forms prior to 3.3.13 and 3.4.5 contained a access control vulnerability. This vulnerability allowed attackers to guess or modify...

SUSE CVE-2026-26981

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4, a heap-buffer-overflow OOB read occurs in the istreamnonparallelread function in...

CVE-2026-26981

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.3.0 through 3.3.6 and 3.4.0 through 3.4.4, a heap-buffer-overflow OOB read occurs in the istreamnonparallelread function in...

CVE-2025-62106

Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through = 3.4.5...

CVE-2025-62106

The WP-CRM System WordPress plugin is affected by a Missing Authorization / Broken Access Control vulnerability through version 3.4.5. Reports describe missing capability checks on wpcrm_get_email_recipients and wpcrm_system_ajax_task_change_status AJAX endpoints, allowing authenticated users (su...

CVE-2025-62106 WordPress WP-CRM System plugin <= 3.4.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through = 3.4.5...

CVE-2025-62106 WordPress WP-CRM System plugin <= 3.4.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Mario Peshev WP-CRM System wp-crm-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-CRM System: from n/a through = 3.4.5...

PT-2026-3995

Name of the Vulnerable Software and Affected Versions WP-CRM System versions through 3.4.5 Description An authorization issue exists in the WP-CRM System, allowing exploitation of incorrectly configured access control security levels. Recommendations Update WP-CRM System to a version later than...

PT-2026-2818

The WP-CRM System plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on the wpcrm get email recipients and wpcrm system ajax task change status AJAX functions in all versions up to, and including, 3.4.5. This makes it possible for authenticated attackers,...

CVE-2021-41112

Rundeck is an open source automation service with a web console, command line tools and a WebAPI. In versions prior to 3.4.5, authenticated users could craft a request to modify or delete System or Project level Calendars, without appropriate authorization. Modifying or removing calendars could...

EulerOS Virtualization 2.13.1 : python-ldap (EulerOS-SA-2025-2629)

According to the versions of the python-ldap packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : python-ldap is a lightweight directory access protocol LDAP client API for Python. In versions prior to 3.4.5, the sanitizatio...

CVE-2025-68587

Missing Authorization vulnerability in Bob Watu Quiz watu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watu Quiz: from n/a through = 3.4.5...

CVE-2025-68587

Missing Authorization vulnerability in Bob Watu Quiz watu allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Watu Quiz: from n/a through = 3.4.5...