EUVD-2025-50826

OpenEXR has use after free in PyObjectStealAttrString...

CVE-2026-28042

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Astoundify Listify listify allows Reflected XSS.This issue affects Listify: from n/a through = 3.2.5...

CVE-2026-22860

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory...

CVE-2026-22860

Rack is a modular Ruby web server interface. Prior to versions 2.2.22, 3.1.20, and 3.2.5, Rack::Directory’s path check used a string prefix match on the expanded path. A request like /../rootexample/ can escape the configured root if the target path starts with the root string, allowing directory...

CVE-2024-39320

Discourse is an open source discussion platform. Prior to 3.2.5 and 3.3.0.beta5, the vulnerability allows an attacker to inject iframes from any domain, bypassing the intended restrictions enforced by the allowediframes setting. This vulnerability is fixed in 3.2.5 and 3.3.0.beta5...

CVE-2025-64183

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. In versions 3.2.0 through 3.2.4, 3.3.0 through 3.3.5, and 3.4.0 through 3.4.2, there is a use-after-free in PyObjectStealAttrString of pyOpenEXRold.cpp...

PT-2025-46203

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.2.0 through 3.2.4 OpenEXR versions 3.3.0 through 3.3.5 OpenEXR versions 3.4.0 through 3.4.2 Description OpenEXR is an image storage format used in the motion picture industry. A use-after-free condition exists in the PyObjec...

PT-2025-14419 · Shopper · Shopper

Name of the Vulnerable Software and Affected Versions: Shopper versions n/a through 3.2.5 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This could allow unauthorized database access, potentially...

WordPress plugin Easy Social Icons 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-19030 · WordPress · Houzez Login Register

Name of the Vulnerable Software and Affected Versions: Houzez Login Register versions 3.2.5 and earlier Description: A Privilege Escalation issue has been identified in the Houzez Login Register plugin. Recommendations: For Houzez Login Register versions 3.2.5 and earlier, update to a version tha...

CVE-2023-27596 OpenSIPS has vulnerability in the codec_delete_XX() functions

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.8 and 3.2.5, OpenSIPS crashes when a malformed SDP body is sent multiple times to an OpenSIPS configuration that makes use of the streamprocess function. This issue was discovered during coverage guided...

OpenSIPS 安全漏洞

OpenSIPS is a GPL-licensed SIP server implementation from the OpenSIPS Individual Developer. A security vulnerability exists in OpenSIPS versions prior to 3.1.8 and 3.2.5, which stems from a crash in OpenSIPS when a malformed SDP subject is sent multiple times to an OpenSIPS configuration using t...

AZL-6430 CVE-2018-10906 affecting package fuse for versions less than 2.9.7-10

In fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allowother' mount option regardless of whether 'userallowother' is set in the fuse configuration. An attack...

Attachments, 3.2.5, SQL Injection

Attachments from jimcameron.net, versions 3.2.5 and previous, SQL Injection resolution: update to 3.2.6 update notice: http://jmcameron.net/attachments/...