CVE-2026-34543

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leaked through the decoded pixel data information disclosure...

CVE-2026-34543 OpenEXR: Heap information disclosure in PXR24 decompression via unchecked decompressed size (undo_pxr24_impl)

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leaked through the decoded pixel data information disclosure...

CVE-2026-34543

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leaked through the decoded pixel data information disclosure...

CVE-2026-34543

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, sensitive information from heap memory may be leaked through the decoded pixel data information disclosure...

CVE-2026-34544

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that decodes it via...

CVE-2026-34544 OpenEXR: integer overflow to OOB write in uncompress_b44_impl()

OpenEXR provides the specification and reference implementation of the EXR file format, an image storage format for the motion picture industry. From version 3.4.0 to before version 3.4.8, a crafted B44 or B44A EXR file can cause an out-of-bounds write in any application that decodes it via...

PT-2026-29620

Name of the Vulnerable Software and Affected Versions OpenEXR versions 3.4.0 through 3.4.7 Description OpenEXR, an image storage format used in the motion picture industry, may disclose sensitive information from heap memory through decoded pixel data. This information disclosure occurs when...

CVE-2025-13460

IBM Aspera Console 3.3.0 through 3.4.8 could allow an attacker to enumerate usernames due to an observable response discrepancy...

EUVD-2025-208660

IBM Aspera Console 3.3.0 through 3.4.8 could allow an attacker to enumerate usernames due to an observable response discrepancy...

CVE-2025-13459

IBM Aspera Console 3.3.0 through 3.4.8 could allow a privileged user to cause a denial of service due to improper enforcement of behavioral workflow...

CVE-2025-13460 IBM Aspera Console Information Disclosure

IBM Aspera Console 3.3.0 through 3.4.8 could allow an attacker to enumerate usernames due to an observable response discrepancy...

CVE-2025-13460

Summary: CVE-2025-13460 affects IBM Aspera Console versions 3.3.0–3.4.8 and enables an attacker to enumerate usernames due to an observable response discrepancy (information disclosure). Affected software: IBM Aspera Console (Web-based management/UI) within the 3.3.0–3.4.8 range. Impact: Informat...

Authentication Bypass Using an Alternate Path or Channel

Overview Affected versions of this package are vulnerable to Authentication Bypass Using an Alternate Path or Channel in the SCIM API when URL-encoded path values are used. An attacker can access sensitive user information, including names, email addresses, phone numbers, addresses, external IDs,...

CVE-2026-32132

ZITADEL is an open source identity management platform. Prior to 3.4.8 and 4.12.2, a potential vulnerability exists in Zitadel's passkey registration endpoints. This endpoint allows registering a new passkey using a previously retrieved code. An improper expiration check of the code, could allow ...

CVE-2026-32132

CVE-2026-32132 (ZITADEL) affects Zitadel identity management platform prior to versions 3.4.8 and 4.12.2. The vulnerability lies in the passkey registration endpoint, where an improper expiration check of a retrieved code could allow an attacker to register their own passkey and gain access to th...

CVE-2026-32130

Zitadel SCIM API vulnerability CVE-2026-32130 affects versions 2.68.0 up to before 3.4.8 and 4.12.2. Requesting the API with URL-encoded path values could bypass authentication and authorization checks, allowing unauthenticated attackers to retrieve sensitive user data (names, emails, phone numbe...

ZITADEL 代码问题漏洞

ZITADEL is an open-source identity and access management platform developed by ZITADEL in Switzerland. Versions of ZITADEL prior to 3.4.8 and 4.12.2 contained code vulnerabilities. These vulnerabilities stemmed from improper code expiration checks in the passkey registration endpoint, which could...

CVE-2025-13379

IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

EUVD-2025-206875

IBM Aspera Console 3.4.0 through 3.4.8 is vulnerable to SQL injection. A remote attacker could send specially crafted SQL statements, which could allow the attacker to view, add, modify, or delete information in the back-end database...

CVE-2026-0831

The Templately plugin for WordPress is vulnerable to Arbitrary File Write in all versions up to, and including, 3.4.8. This is due to inadequate input validation in the savetemplatetofile function where user-controlled parameters like sessionid, contentid, and aipageids are used to construct file...