EUVD-2026-32204

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Ludwig You QuickWebP Compress / Optimize Images & Convert WebP | SEO Friendly quickwebp allows Path Traversal.This issue affects QuickWebP Compress / Optimize Images & Convert WebP | SEO Friendly: from n...

SUSE CVE-2026-34380

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a signed integer overflow exists in undopxr24impl in src/lib/OpenEXRCore/internalpxr24.c at line 377. The...

DEBIAN-CVE-2026-34380

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a signed integer overflow exists in undopxr24impl in src/lib/OpenEXRCore/internalpxr24.c at line 377. The...

EUVD-2026-19305

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From 3.2.0 to before 3.2.7, 3.3.9, and 3.4.9, a misaligned memory write vulnerability exists in LossyDctDecoderexecute in...

CLEANSTART-2026-FF20499 Security fixes for CVE-2025-55190, CVE-2025-55191, CVE-2025-58183, CVE-2025-58185, CVE-2025-58187, CVE-2025-58188, CVE-2025-58189, CVE-2025-59537, CVE-2025-59538, CVE-2025-61723, CVE-2025-61724, CVE-2025-61725, CVE-2026-25934, ghsa-2v5j-vhc3-9cwm, ghsa-2vgg-9h3w-qbr4, ghsa-2xsj-vh29-9cwm, ghsa-37cx-329c-33x3, ghsa-3wgm-2mw2-vh5m, ghsa-4x4m-3c2p-qppc, ghsa-6v2p-p543-phr9, ghsa-92cp-5422-2m47, ghsa-93mq-9ffx-83m2, ghsa-f6x5-jh6r-wrfv, ghsa-hj2p-8wj8-pfq4, ghsa-j5w8-q4qc-rx2x, ghsa-mh63-6h87-95cp, ghsa-mw99-9chc-xw7r applied in versions: 2.13.9-r0, 2.14.20-r0, 3.0.16-r0, 3.0.19-r0, 3.1.4-r0, 3.1.8.-r0, 3.1.9-r4, 3.2.7-r0

Multiple security vulnerabilities affect the argo-cd-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

EUVD-2025-28302

Malicious code in bioql PyPI...

EUVD-2025-28111

Malicious code in bioql PyPI...

CVE-2025-49408

Insertion of Sensitive Information Into Sent Data vulnerability in WPDeveloper Templately allows Retrieve Embedded Sensitive Data. This issue affects Templately: from n/a through 3.2.7...

WordPress Ultimate Blocks plugin <= 3.2.7 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by zaim in WordPress Plugin Ultimate Blocks versions = 3.2.7...

WordPress plugin WP Legal Pages 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

WordPress SSV Events plugin <= 3.2.7 - Local File Inclusion to RCE vulnerability

Local File Inclusion to RCE vulnerability discovered by tahu.datar Patchstack Alliance in WordPress Plugin SSV Events versions = 3.2.7...

PT-2024-24021 · WordPress · Wp2Leads

Name of the Vulnerable Software and Affected Versions: WP2LEADS versions 3.2.7 and earlier Description: A Missing Authorization issue affects the software, potentially allowing unauthorized access. The estimated number of affected devices is not specified. There is no information about real-world...

PT-2023-30929 · Unknown · Tripay Payment Gateway

Name of the Vulnerable Software and Affected Versions: TriPay Payment Gateway versions 3.2.7 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can...

CVE-2023-44144

Unauth. Reflected Cross-Site Scripting XSS vulnerability in Dreamfox Payment gateway per Product for WooCommerce plugin = 3.2.7 versions...

PT-2023-18665 · WordPress · Oi Yandex.Maps For Wordpress

Name of the Vulnerable Software and Affected Versions: Oi Yandex.Maps for WordPress versions = 3.2.7 Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS in Oi Yandex.Maps for WordPress. This allows an attacker to inject malicious scripts into the application,...