Skip to main content
CVE-2026-21938 MEDIUM This Month

Peoplesoft Enterprise Peopletools versions up to 8.60 contains a vulnerability that allows attackers to unauthorized update, insert or delete access to some of PeopleSoft Enterprise Pe (CVSS 6.1).

Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-21933 MEDIUM PATCH CISA This Month

Graalvm versions up to 21.3.16 contains a vulnerability that allows attackers to unauthorized update, insert or delete access to some of Oracle Java SE, Oracle G (CVSS 6.1).

Oracle Java Authentication Bypass
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-21985 MEDIUM This Month

Vm Virtualbox versions up to 7.1.14 contains a vulnerability that allows attackers to unauthorized access to critical data or complete access to all Oracle VM Virtual (CVSS 6.0).

Oracle Virtualbox Vm Virtualbox Suse
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2026-21963 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.14 and 7.2.4. [CVSS 6.0 MEDIUM]

Oracle Virtualbox Vm Virtualbox Suse
NVD
CVSS 3.1
6.0
EPSS
0.0%
CVE-2025-15366 MEDIUM PATCH This Month

The imaplib module, when passed a user-controlled command, can have additional commands injected using newlines. Mitigation rejects commands containing control characters.

Command Injection Red Hat Suse
NVD GitHub VulDB
CVSS 4.0
5.9
EPSS
0.1%
CVE-2025-1722 MEDIUM This Month

Concert versions up to 2.1.0 contains a vulnerability that allows attackers to a remote attacker to obtain sensitive information from allocated memory due to i (CVSS 5.9).

IBM Concert
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-1719 MEDIUM This Month

Concert versions up to 2.1.0 contains a vulnerability that allows attackers to a remote attacker to obtain sensitive information from allocated memory due to i (CVSS 5.9).

IBM Concert
NVD
CVSS 3.1
5.9
EPSS
0.1%
CVE-2025-58742 MEDIUM This Month

Imagedirector Capture versions up to 7.6.3.25808. is affected by insufficiently protected credentials (CVSS 5.9).

Windows Imagedirector Capture
NVD
CVSS 3.1
5.9
EPSS
0.0%
CVE-2026-1180 MEDIUM PATCH This Month

Keycloak's OpenID Connect Dynamic Client Registration feature fails to validate jwks_uri values when clients authenticate via private_key_jwt, allowing attackers to redirect the server to arbitrary network endpoints. This enables reconnaissance and information disclosure attacks against internal services and cloud metadata endpoints accessible from the Keycloak server. No patch is currently available for this MEDIUM severity vulnerability.

Information Disclosure SSRF Red Hat
NVD
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-21935 MEDIUM This Month

Solaris versions up to 11 contains a vulnerability that allows attackers to unauthorized creation, deletion or modification access to critical data or all O (CVSS 5.8).

Oracle Solaris
NVD
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-21927 MEDIUM This Month

Solaris versions up to 10 contains a vulnerability that allows attackers to unauthorized creation, deletion or modification access to critical data or all O (CVSS 5.8).

Oracle Solaris
NVD
CVSS 3.1
5.8
EPSS
0.0%
CVE-2025-41768 MEDIUM This Month

An high privileged remote attacker can inject arbitrary content into the custom CSS field on the affected devices due to improper neutralization of input during web page generation ('Cross-site Scripting'). [CVSS 5.5 MEDIUM]

XSS
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-14369 MEDIUM This Month

dr_flac, an audio decoder within the dr_libs toolset, contains an integer overflow vulnerability flaw due to trusting the totalPCMFrameCount field from FLAC metadata before calculating buffer size, allowing an attacker with a specially crafted file to perform DoS against programs using the tool. [CVSS 5.5 MEDIUM]

Integer Overflow Denial Of Service Red Hat
NVD GitHub
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-36058 MEDIUM This Month

Business Automation Workflow versions up to 24.0.0 is affected by insertion of sensitive information into externally-accessible file (CVSS 5.5).

IBM Business Automation Workflow
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-58740 MEDIUM This Month

Imagedirector Capture versions up to 7.6.3.25808. is affected by use of hard-coded cryptographic key (CVSS 5.5).

Windows Imagedirector Capture
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-15043 MEDIUM This Month

The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'start_migration', 'cancel_migration', and 'revert_migration' functions in all versions up to, and including, 6.15.13. [CVSS 5.4 MEDIUM]

WordPress PHP
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2026-0548 MEDIUM This Month

Tutor LMS plugin for WordPress through version 3.9.4 fails to validate user permissions on the delete_existing_user_photo function, allowing authenticated subscribers and higher-privileged users to delete arbitrary attachments. This integrity and availability vulnerability requires an active WordPress account but no elevated privileges, making it exploitable by low-level users to disrupt site content.

WordPress
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-15466 MEDIUM This Month

Image Photo Gallery Final Tiles Grid (WordPress plugin) versions up to 3.6.9. is affected by missing authorization (CVSS 5.4).

WordPress PHP
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-36397 MEDIUM This Month

IBM Application Gateway 23.10 through 25.09 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site. [CVSS 5.4 MEDIUM]

IBM Application Gateway
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-0903 MEDIUM PATCH This Month

Google Chrome's Downloads feature on Windows versions before 144.0.7559.59 fails to properly validate file types, enabling remote attackers to circumvent safety protections for dangerous files through crafted malicious uploads. An unauthenticated attacker can exploit this via a specially designed file to bypass download security warnings. No patch is currently available for this medium-severity vulnerability.

Google Windows Chrome Suse
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-41025 MEDIUM This Month

Poultry Farm Management System versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 5.4).

PHP XSS Poultry Farm Management System
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-41024 MEDIUM This Month

Poultry Farm Management System versions up to 1.0 is affected by cross-site scripting (xss) (CVSS 5.4).

PHP XSS Poultry Farm Management System
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-0904 MEDIUM PATCH This Month

Chrome versions up to 144.0.7559.59 is affected by user interface (ui) misrepresentation of critical information (CVSS 5.4).

Google Chrome Red Hat Suse
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-0901 MEDIUM PATCH This Month

Chrome versions up to 144.0.7559.59 is affected by user interface (ui) misrepresentation of critical information (CVSS 5.4).

Google Android Chrome Suse
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-36409 MEDIUM This Month

IBM ApplinX 11.1 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. [CVSS 5.4 MEDIUM]

IBM XSS Applinx
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-36396 MEDIUM This Month

IBM Application Gateway 23.10 through 25.09 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. [CVSS 5.4 MEDIUM]

IBM XSS Application Gateway
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-36113 MEDIUM This Month

Sterling Connect\ versions up to express_adapter_for_sterling_b2b_integrator is affected by cross-site scripting (xss) (CVSS 5.4).

IBM XSS
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-21971 MEDIUM This Month

Peoplesoft Supply Chain Management Purchasing versions up to 9.2 contains a vulnerability that allows attackers to unauthorized update, insert or delete access to some of PeopleSoft Enterprise SC (CVSS 5.4).

Oracle Peoplesoft Supply Chain Management Purchasing
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-21934 MEDIUM This Month

Peoplesoft Enterprise Peopletools versions up to 8.60 contains a vulnerability that allows attackers to unauthorized update, insert or delete access to some of PeopleSoft Enterprise Pe (CVSS 5.4).

Oracle Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-21931 MEDIUM This Month

Apex versions up to 23.2.0 contains a vulnerability that allows attackers to unauthorized update, insert or delete access to some of Oracle APEX Sample Appli (CVSS 5.4).

Oracle Apex
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2026-21924 MEDIUM This Month

Utilities Framework versions up to 4.3.0.3.0 contains a vulnerability that allows attackers to unauthorized update, insert or delete access to some of Oracle Utilities Applica (CVSS 5.4).

Oracle Utilities Framework
NVD
CVSS 3.1
5.4
EPSS
0.0%
CVE-2025-14978 MEDIUM This Month

The PeachPay - Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the ConvesioPay webhook REST endpoint in all versions up to, and including, 1.119.8. [CVSS 5.3 MEDIUM]

WordPress .NET PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-14351 MEDIUM This Month

The Custom Fonts - Host Your Fonts Locally plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'BCF_Google_Fonts_Compatibility' class constructor function in all versions up to, and including, 2.1.16. [CVSS 5.3 MEDIUM]

WordPress PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-14348 MEDIUM This Month

The weMail - Email Marketing, Lead Generation, Optin Forms, Email Newsletters, A/B Testing, and Automation plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.7. [CVSS 5.3 MEDIUM]

WordPress PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2025-14798 MEDIUM This Month

The LearnPress - WordPress LMS Plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.3.2.4 via the get_item_permissions_check function. [CVSS 5.3 MEDIUM]

WordPress Information Disclosure PHP
NVD
CVSS 3.1
5.3
EPSS
0.1%
CVE-2026-21929 MEDIUM PATCH This Month

Mysql Server contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 5.3).

Oracle MySQL MSSQL Denial Of Service Mysql Server +2
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2025-36419 MEDIUM This Month

IBM ApplinX 11.1 could disclose sensitive information about server architecture that could aid in further attacks against the system. [CVSS 5.3 MEDIUM]

IBM Applinx
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-21974 MEDIUM This Month

Unauthenticated attackers can read sensitive data from Oracle Life Sciences Central Designer 7.0.1.0 through an easily exploitable information disclosure vulnerability accessible via HTTP. The flaw requires no user interaction or privileges, allowing remote attackers with network access to gain unauthorized access to a subset of application data. No patch is currently available for this vulnerability.

Oracle Life Sciences Central Designer
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-21972 MEDIUM This Month

Configurator contains a vulnerability that allows attackers to unauthorized read access to a subset of Oracle Configurator accessible data (CVSS 5.3).

Oracle Configurator
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-21928 MEDIUM This Month

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. [CVSS 5.3 MEDIUM]

Oracle Linux Solaris
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-1196 LOW POC Monitor

A security vulnerability has been detected in MineAdmin 1.x/2.x. Affected is an unknown function of the file /system/getFileInfoById. [CVSS 3.1 LOW]

Information Disclosure Mineadmin
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.0%
CVE-2026-1195 LOW POC Monitor

MineAdmin 1.x and 2.x contains insufficient JWT token verification in the /system/refresh endpoint, allowing authenticated remote attackers to tamper with token data and potentially escalate privileges or bypass security controls. Public exploit code exists for this vulnerability, and the vendor has not provided a patch despite early notification. Exploitation requires authenticated access and specific conditions, resulting in a medium severity rating with limited immediate impact.

Information Disclosure Mineadmin
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.0%
CVE-2026-1197 LOW POC Monitor

A vulnerability was detected in MineAdmin 1.x/2.x. Affected by this vulnerability is an unknown functionality of the file /system/downloadById. [CVSS 3.1 LOW]

Information Disclosure Mineadmin
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.0%
CVE-2025-55132 MEDIUM PATCH This Month

A flaw in Node.js's permission model allows a file's access and modification timestamps to be changed via `futimes()` even when the process has only read permissions. [CVSS 5.3 MEDIUM]

Node.js Node.Js Red Hat Suse
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-21942 MEDIUM This Month

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystems). Supported versions that are affected are 10 and 11. [CVSS 5.0 MEDIUM]

Oracle Denial Of Service Solaris
NVD
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-21964 MEDIUM PATCH This Month

Mysql contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 4.9).

Oracle MySQL MSSQL Denial Of Service Red Hat +1
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-21952 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Supported versions that are affected are 9.0.0-9.5.0. [CVSS 4.9 MEDIUM]

Oracle MySQL MSSQL Denial Of Service Mysql Server +2
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-21948 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. [CVSS 4.9 MEDIUM]

Oracle MySQL MSSQL Denial Of Service Mysql Server +2
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-21941 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.44, 8.4.0-8.4.7 and 9.0.0-9.5.0. [CVSS 4.9 MEDIUM]

Oracle MySQL MSSQL Denial Of Service Mysql Server +2
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-21937 MEDIUM PATCH This Month

Mysql Server contains a vulnerability that allows attackers to unauthorized ability to cause a hang or frequently repeatable crash (complete DO (CVSS 4.9).

Oracle MySQL MSSQL Denial Of Service Mysql Server +2
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
Prev Page 4 of 5 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy