CVE-2026-4888

The Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the sendtestemail function in all versions up to, and including, 3.4.7. This makes it possible for authenticated...

WordPress plugin Everest Forms 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

CVE-2026-4888

CVE-2026-4888 affects the Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder for WordPress. The vulnerability is due to a missing capability check in the send_test_email() function across all versions up to and including 3.4.7, allowing authenticated attackers with Sub...

WordPress Everest Forms – Contact Form, Payment Form, Quiz, Survey & Custom Form Builder plugin <= 3.4.7 - Missing Authorization to Authenticated (Subscriber+) Email Sending vulnerability

Missing Authorization to Authenticated Subscriber+ Email Sending vulnerability discovered by Quốc Huy jtwings - Puramu in WordPress Plugin Everest Forms versions = 3.4.7...

JLSEC-2026-147

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.7, an attacker providing a crafted .exr file with HTJ2K compression and a channel width of 32768 can write...

EUVD-2026-18058

OpenEXR: Heap information disclosure in PXR24 decompression via unchecked decompressed size undopxr24impl...

SUSE CVE-2026-34545

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.7, an attacker providing a crafted .exr file with HTJ2K compression and a channel width of 32768 can write...

DEBIAN-CVE-2026-34545

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.7, an attacker providing a crafted .exr file with HTJ2K compression and a channel width of 32768 can write...

UBUNTU-CVE-2026-34545

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.7, an attacker providing a crafted .exr file with HTJ2K compression and a channel width of 32768 can write...

CVE-2026-34545 OpenEXR: integer overflow lead to OOB in HTJ2K decoder

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.7, an attacker providing a crafted .exr file with HTJ2K compression and a channel width of 32768 can write...

CVE-2026-34545

CVE-2026-34545 affects OpenEXR versions 3.4.0–3.4.6, where decoding an EXR file using HTJ2K compression with a channel width of 32768 can trigger a heap write overflow. The overflow occurs while decoding and writes beyond the output heap buffer, with a write primitive of 2 bytes per overflow iter...

PT-2026-29620

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.4.0 through 3.4.7 Description OpenEXR, an image storage format used in the motion picture industry, may disclose sensitive information from heap memory through decoded pixel data. This information disclosure occurs when...

CVE-2026-27840

Technical details for CVE-2026-27840 are not provided in the supplied documents. Monitor for updates and vendor advisories for Zitadel versions and remediation.

CVE-2026-27840 ZITADEL's truncated opaque tokens are still valid

ZITADEL is an open source identity management platform. Starting in version 2.31.0 and prior to versions 3.4.7 and 4.11.0, opaque OIDC access tokens in the v2 format truncated to 80 characters are still considered valid. Zitadel uses a symmetric AES encryption for opaque tokens. The cleartext...

ZITADEL 安全漏洞

ZITADEL is a modern open-source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak, developed for the era of containers and serverless environments by ZITADEL in Switzerland. There were security vulnerabilities in versions of ZITADEL between 2.31.0 and 3.4.7, as well as in version...

CVE-2021-47902 Testa Online Test Management System 3.4.7 - 'q' SQL Injection

Testa Online Test Management System 3.4.7 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'q' search parameter. Attackers can inject malicious SQL code in the search field to extract database information, potentially accessing sensitive user...

EUVD-2021-34748

Testa Online Test Management System 3.4.7 contains a SQL injection vulnerability that allows attackers to manipulate database queries through the 'q' search parameter. Attackers can inject malicious SQL code in the search field to extract database information, potentially accessing sensitive user...

PT-2026-4933

Name of the Vulnerable Software and Affected Versions Testa Online Test Management System version 3.4.7 Description The software contains a SQL injection issue. Attackers can manipulate database queries through the q search parameter. By injecting malicious SQL code into the search field, attacke...

Testa Online Test Management System SQL Injection Vulnerability

Testa Online Test Management System is an online examination software developed by the Malta-based company Testa. Version 3.4.7 of the Testa Online Test Management System has a SQL injection vulnerability. This vulnerability stems from incorrect handling of the search parameter “q”, and it may le...

CVE-2025-13925

IBM Aspera Console 3.4.7 stores potentially sensitive information in log files that could be read by a local privileged user...