EUVD-2026-18058

OpenEXR: Heap information disclosure in PXR24 decompression via unchecked decompressed size undopxr24impl...

DEBIAN-CVE-2026-34543

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leaked through the decoded pixel data information disclosure...

CVE-2026-32132

ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a potential vulnerability exists in Zitadel's passkey registration endpoints. This endpoint allows registering a new passkey using a previously retrieved code. An improper expiration check of the code, could allow ...

PT-2026-24854

🚨 CVE-2026-32131 ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a vulnerability in Zitadel's Management API has been reported, which allowed authenticated users holding a valid low-privilege token e.g., project.read, project.grant.read, or project.app.read to...

CVE-2025-55170

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a reflected cross-site scripting XSS vulnerability was identified in the /html/alterarsenha.php endpoint of the WeGIA application. This vulnerability allows attackers t...

CVE-2025-55171

CVE-2025-55171 (WeGIA) affects WeGIA prior to version 3.4.8. The vulnerability arises from missing authentication checks at the endpoint /html/personalizacao_remover.php, allowing an anonymous attacker to delete image files by supplying an image id via the imagem_0 parameter. This leads to arbitr...