16 matches found
SUSE CVE-2026-34543
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leaked through the decoded pixel data information disclosure...
CVE-2026-34543
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leaked through the decoded pixel data information disclosure...
CVE-2026-34543
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leaked through the decoded pixel data information disclosure...
CVE-2026-34545
OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.7, an attacker providing a crafted .exr file with HTJ2K compression and a channel width of 32768 can write...
EUVD-2026-8789
ZITADEL's truncated opaque tokens are still valid...
CVE-2026-27946
ZITADEL exposes a vulnerability in its self-management capability prior to versions 4.11.1 and 3.4.7 that allowed a user to mark their email and/or phone as verified without going through actual verification. The fix, in versions 4.11.1 and 3.4.7, enforces the correct permission when the verifica...
ZITADEL 安全漏洞
ZITADEL is a modern open-source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak, developed by ZITADEL in Switzerland for the era of containers and serverless architectures. Versions of ZITADEL prior to 4.11.1 and 3.4.7 contain security vulnerabilities. These vulnerabilities stem fr...
EUVD-2026-4347
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in PluginOps Landing Page Builder page-builder-add allows Stored XSS.This issue affects Landing Page Builder: from n/a through = 1.5.3.3...
CVE-2025-13925
IBM Aspera Console 3.4.7 stores potentially sensitive information in log files that could be read by a local privileged user...
CVE-2025-62993
CVE-2025-62993 concerns WordPress plugin Notification for Telegram (plugin slug: notification-for-telegram) with versions up to and including 3.4.7. The Red Hat/EUVD/NVD/NIST entries describe a Missing Authorization vulnerability (Broken Access Control) arising from incorrectly configured access ...
PT-2025-40484
Name of the Vulnerable Software and Affected Versions Unify WordPress Plugin versions through 3.4.7 Description The Unify plugin for WordPress is susceptible to Stored Cross-Site Scripting. This is due to inadequate input sanitization and output escaping on user-supplied attributes within the...
CVE-2025-45376
Dell Repository Manager DRM, versions 3.4.7 and 3.4.8, contains an Improper Handling of Insufficient Permissions or Privileges vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...
WordPress plugin Post Grid Master 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2023-1898 · Adobe · Dimension
Name of the Vulnerable Software and Affected Versions: Adobe Dimension versions 3.4.7 and earlier Description: The issue is related to a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user...
CVE-2021-34736
creationtimestamp| type| source ---|---|--- 2021-10-21 07:36:18+00:00| seen| https://t.me/cibsecurity/30929...
CVE-2025-34712
CVE-2025-34712 is rejected/not used and does not represent an active vulnerability entry.