CVE-2026-34543

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leaked through the decoded pixel data information disclosure...

ZITADEL 安全漏洞

ZITADEL is a modern open-source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak, developed by ZITADEL in Switzerland for the era of containers and serverless architectures. Versions of ZITADEL prior to 4.11.1 and 3.4.7 contain security vulnerabilities. These vulnerabilities stem fr...

WordPress plugin Templately 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

WordPress Custom Post Type Attachment plugin <= 3.4.6 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Muhammad Yudha - DJ in WordPress Plugin Custom Post Type Attachment versions = 3.4.6...

WordPress NGG Smart Image Search Plugin <= 3.4.3 - Cross Site Scripting (XSS) Vulnerability

Cross Site Scripting XSS Vulnerability discovered by Prissy in WordPress Plugin NGG Smart Image Search versions = 3.4.3...

CVE-2021-20655

FileZen V3.0.0 to V4.2.7 and V5.0.0 to V5.0.2 allows a remote attacker with administrator rights to execute arbitrary OS commands via unspecified vectors...

BeyondTrust U-Series Appliance 安全漏洞

BeyondTrust U-Series Appliance is an application from BeyondTrust USA. A security vulnerability exists in BeyondTrust U-Series Appliance versions 3.4 through prior to 4.0.3 that stems from an elevation of privilege vulnerability in the local appliance api module...

PT-2023-30037 · Unknown · Juzawebcms

Name of the Vulnerable Software and Affected Versions: juzawebCMS versions 3.4 and earlier Description: An issue in the software allows a remote attacker to execute arbitrary code via a crafted file to the custom plugin function. This enables the attacker to potentially gain control over the...

Wireshark 缓冲区错误漏洞

Wireshark formerly Ethereal is a set of network packet analysis software from the Wireshark team. Wireshark versions 3.6.0 and 3.4.0 - 3.4.10 contain an injection vulnerability that stems from a crash in the Sysdig event parser. An attacker could exploit this vulnerability to cause a denial of...

DEBIAN-CVE-2015-7972

The 1 libxlsetmemorytarget function in tools/libxl/libxl.c and 2 libxlbuildpost function in tools/libxl/libxldom.c in Xen 3.4.x through 4.6.x do not properly calculate the balloon size when using the populate-on-demand PoD system, which allows local HVM guest users to cause a denial of service...

PT-2008-5344 · Microsoft · Xml Core Services

Name of the Vulnerable Software and Affected Versions: Microsoft XML Core Services versions 3.0 through 4.0 Description: The issue allows remote attackers to obtain sensitive information from another domain via a crafted XML document, related to improper error checks for external DTDs...