Brafton WordPress Plugin < 3.4.8 - Cross-Site Scripting

The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php. id: CVE-2016-10973 info: name: Brafton WordPress Plugin 3.4.8 - Cross-Site Scripting author: Harsh severity: medium description: | The Brafton plugin...

CVE-2026-8719

The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is due to missing WordPress capability enforcement in the MCP OAuth bearer-token authorization path, where any valid OAuth token causes MCP access to be...

CVE-2026-8719 AI Engine 3.4.9 - Authenticated (Subscriber+) Privilege Escalation via Missing Authorization in MCP OAuth Bearer Token

The AI Engine – The Chatbot, AI Framework & MCP for WordPress plugin for WordPress is vulnerable to Privilege Escalation in version 3.4.9. This is due to missing WordPress capability enforcement in the MCP OAuth bearer-token authorization path, where any valid OAuth token causes MCP access to be...

PT-2026-41513

Name of the Vulnerable Software and Affected Versions The AI Engine – The Chatbot, AI Framework & MCP for WordPress version 3.4.9 Description Missing WordPress capability enforcement in the MCP OAuth bearer-token authorization path allows authenticated users with Subscriber privileges or higher t...

WordPress Blog Designer Pack – Blog, Post Grid, Post Slider, Post Carousel, Category Post, News plugin <= 3.4.9 - Unauthenticated Reflected Cross-Site Scripting vulnerability

Unauthenticated Reflected Cross-Site Scripting vulnerability discovered by Asaf Mozes in WordPress Plugin News & Blog Designer Pack versions = 3.4.9...

Out-of-bounds Write

Overview OpenEXR is a Python bindings for the OpenEXR image file format Affected versions of this package are vulnerable to Out-of-bounds Write through the LossyDctDecoderexecute process. An attacker can cause a crash or denial of service by providing a crafted scanline DWAA file that triggers an...

CVE-2026-34589

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, the DWA lossy decoder constructs temporary per-component block pointers using signed 32-bit arithmetic. Fo...

CVE-2026-34378 OpenEXR has a signed integer overflow in generic_unpack() when parsing EXR files with crafted negative dataWindow.min.x

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signed integer overfl...

EUVD-2026-19303

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to before 3.4.9, a missing bounds check on the dataWindow attribute in EXR file headers allows an attacker to trigger a signed integer overfl...

CVE-2026-34378

OpenEXR (OpenEXR 3.4.9) includes CVE-2026-34378: a signed integer overflow in generic_unpack() when parsing EXR files with crafted negative dataWindow.min.x. The FreeBSD VID notes this as one of multiple vulnerabilities addressed by 3.4.9. The impact details are not fully specified in the provide...

Linux Distros Unpatched Vulnerability : CVE-2026-34378

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.4.0 to...

OpenEXR 安全漏洞

OpenEXR is an open standard for high dynamic range image file formats, open-sourced by the Academy Software Foundation. Versions of OpenEXR prior to 3.2.0, 3.3.9, and 3.4.9 contain security vulnerabilities due to misaligned memory writes, which may lead to crashes or exploitable undefined behavio...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization due to missing enforcement of organization scopes in the zitadel process. An attacker can gain unauthorized access to resources or perform actions outside their permitted organization by exploiting this lack of sco...

Security Bulletin: Multiple vulnerabilities in IBM Aspera Console

Summary Multiple vulnerabilities were addressed in IBM Aspera Console version 3.4.9 Vulnerability Details CVEID:CVE-2025-13459 DESCRIPTION: IBM Aspera Console could allow a privileged user to cause a denial of service due to improper enforcement of behavioral workflow. CWE:CWE-841: Improper...

CVE-2026-24621

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vladimir Statsenko Terms descriptions terms-descriptions allows DOM-Based XSS.This issue affects Terms descriptions: from n/a through = 3.4.9...

CVE-2026-24621

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vladimir Statsenko Terms descriptions terms-descriptions allows DOM-Based XSS.This issue affects Terms descriptions: from n/a through = 3.4.9...

CVE-2026-24621 WordPress Terms descriptions plugin <= 3.4.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Vladimir Statsenko Terms descriptions terms-descriptions allows DOM-Based XSS.This issue affects Terms descriptions: from n/a through = 3.4.9...

CVE-2026-24621

CVE-2026-24621 is a DOM-based XSS in the WordPress Terms descriptions plugin (terms-descriptions) caused by improper input neutralization during web page generation. Affected: Terms descriptions plugin, versions n/a through 3.4.9. Impact per sources: DOM-based XSS could leak or alter content in t...

WordPress plugin terms description: Security vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There was a...

CVE-2017-18614

The kama-clic-counter plugin 3.4.9 for WordPress has SQL injection via the admin.php order parameter...