Skip to main content
CVE-2026-12291 HIGH PATCH This Week

Memory corruption via use-after-free in the Networking: HTTP component of Mozilla Firefox enables remote attackers to potentially execute arbitrary code or trigger crashes when a user visits a malicious page. The flaw affects Firefox prior to version 152, Firefox ESR before 140.12, and Firefox ESR before 115.37, and carries a CVSS 3.1 score of 8.8 with high impact across confidentiality, integrity, and availability. With an EPSS of 0.16% (5th percentile) and no public exploit identified at time of analysis, opportunistic mass exploitation appears unlikely despite the high severity rating.

Mozilla Use After Free Memory Corruption Information Disclosure
NVD VulDB
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-46926 HIGH This Week

Privilege escalation and full takeover of Oracle Siebel CRM Cloud Applications (versions 17.0 through 26.5) is possible for a low-privileged attacker with logon access to the host infrastructure, via the Siebel Cloud Manager component. Successful exploitation produces a scope change that significantly impacts adjacent products beyond Siebel itself, with full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis and the issue is not listed in CISA KEV, but Oracle has issued a fix in its June 2026 Critical Patch Update.

Oracle Siebel Crm Cloud Applications Authentication Bypass
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-12256 HIGH This Week

PHP Object Injection in the ThemeFusion Avada WordPress theme versions 3.15.3 and earlier allows authenticated users with Contributor-level privileges to trigger unsafe deserialization, potentially leading to remote code execution, data tampering, or service disruption on the underlying WordPress installation. No public exploit identified at time of analysis, but the low attack complexity and widespread deployment of Avada as a commercial WordPress theme make this a meaningful risk for multi-author sites.

PHP Deserialization Avada
NVD
CVSS 3.1
8.8
EPSS
0.5%
CVE-2026-0154 HIGH This Week

In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Buffer Overflow RCE
NVD
CVSS 3.1
8.8
EPSS
0.2%
CVE-2026-0149 HIGH This Week

In RtpSession::rtpSendRtcpPacket, there is a possible OOB write due to a heap buffer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

Buffer Overflow RCE
NVD
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-0647 HIGH CISA This Week

Unauthenticated password change in Rockwell Automation 1794-AENTR Flex I/O EtherNet/IP adapter's embedded web server allows remote attackers to overwrite the web interface password via a crafted HTTP GET request to a specific endpoint, enabling full account takeover of the industrial device. The flaw, reported by Rockwell and tracked as CVE-2026-0647 with a CVSS 4.0 base score of 8.8, has no public exploit identified at time of analysis but is trivially exploitable given no authentication, no user interaction, and low attack complexity over the network.

Authentication Bypass Flex I O Ethernet Ip Adapters
NVD
CVSS 4.0
8.8
EPSS
0.4%
CVE-2026-12225 HIGH PATCH This Week

Two-factor authentication bypass in syracom AG Secure Login (2FA) plugin 3.4.0.x for Atlassian Jira, Confluence, and Bitbucket allows an attacker holding valid first-factor credentials to skip the 2FA challenge entirely by injecting strings like 'AtlassianMobileApp' or 'JIRA' into the HTTP User-Agent header. The plugin treats such requests as mobile-app traffic and waives 2FA enforcement on protected web resources, effectively neutralizing the security control the plugin exists to provide. No public exploit identified at time of analysis, but the technique is trivial to reproduce from the public advisory text.

Atlassian Authentication Bypass Secure Login 2Fa For Jira Secure Login 2Fa For Confluence Secure Login 2Fa For Bitbucket
NVD VulDB
CVSS 4.0
8.7
EPSS
0.4%
CVE-2026-46808 HIGH This Week

Cross-product compromise in Oracle WebCenter Content 14.1.2.0.0 (Content Server component) allows a low-privileged remote attacker to read and modify critical data with scope change to additional Oracle Fusion Middleware products. Exploitation requires user interaction from a separate victim and yields high confidentiality and integrity impact (CVSS 3.1 base 8.7); no public exploit identified at time of analysis and the CVE is not listed in CISA KEV.

Authentication Bypass Oracle Oracle Webcenter Content
NVD
CVSS 3.1
8.7
EPSS
0.4%
CVE-2026-46804 HIGH This Week

Cross-tenant data compromise in Oracle WebCenter Content 14.1.2.0.0 (Content Server component) allows a low-privileged authenticated attacker to coerce another user into an interaction that yields unauthorized read, create, modify, or delete access to all WebCenter Content data, with a scope change extending impact to additional Oracle Fusion Middleware products. Disclosed in Oracle's June 2026 Critical Patch Update with a CVSS 3.1 base score of 8.7; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Authentication Bypass Oracle Oracle Webcenter Content Privilege Escalation
NVD
CVSS 3.1
8.7
EPSS
0.4%
CVE-2026-35258 HIGH This Week

Cross-scope data compromise in Oracle WebLogic Server 14.1.2.0.0 and 15.1.1.0.0 allows a low-privileged remote attacker over HTTPS to read, create, modify, or delete critical data through the administration Console, provided a separate user is induced to perform an action. The CVSS 3.1 base score of 8.7 reflects high confidentiality and integrity impact with scope change reaching beyond WebLogic itself, and no public exploit identified at time of analysis.

Authentication Bypass Oracle Weblogic Server Open Redirect
NVD VulDB
CVSS 3.1
8.7
EPSS
0.4%
CVE-2026-35271 HIGH This Week

Unauthenticated remote compromise of Oracle PeopleSoft Enterprise PT PeopleTools 8.61 and 8.62 via the WebLogic component allows attackers with HTTP access to read and modify critical data across PeopleTools and additional products in scope. Oracle rates the issue 8.7 CVSS 3.1 with high attack complexity but no privileges or user interaction, and the scope-change flag means impact extends beyond PeopleTools itself. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Authentication Bypass Oracle Peoplesoft Enterprise Pt Peopletools
NVD
CVSS 3.1
8.7
EPSS
0.3%
CVE-2026-11409 HIGH PATCH This Week

Authenticated OS command injection in the TP-Link TL-WR940N v6 router's IPv6 PPPoE configuration handler allows administrators to break out of the configuration parser and execute arbitrary shell commands with elevated (typically root) privileges on the device. The flaw was reported by TP-Link itself and a firmware fix is available; no public exploit identified at time of analysis. Risk is bounded by the CVSS 4.0 vector requiring adjacent-network access and high privileges (AV:A/PR:H), but post-exploitation impact on confidentiality, integrity, and availability is rated High.

Command Injection Tl Wr940N V6
NVD
CVSS 4.0
8.5
EPSS
1.3%
CVE-2026-11410 HIGH PATCH This Week

Authenticated OS command injection in the TP-Link TL-WR940N v6 router's BigPond Cable (BPA) WAN configuration module allows administrators to execute arbitrary system commands with elevated privileges on the device. The flaw stems from improper sanitization of user-supplied input in the WAN setup path and affects firmware versions prior to V6_260528. No public exploit has been identified at time of analysis, and the issue is not listed in CISA KEV.

Command Injection Tl Wr940N V6
NVD
CVSS 4.0
8.5
EPSS
1.3%
CVE-2026-53843 HIGH PATCH GHSA This Week

Authorization bypass in OpenClaw before 2026.5.26 allows an attacker with a previously paired device to re-establish WebSocket node-level authority after the session has been revoked, effectively defeating the revocation control. The flaw stems from a surviving pairing-scoped device session that can mint new node tokens without renewed approval, letting authenticated attackers retain unauthorized node-level access longer than intended. No public exploit identified at time of analysis, but the issue is acknowledged in a GitHub Security Advisory (GHSA-q99w-vh6v-q3v7) and a VulnCheck advisory.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-0646 HIGH CISA This Week

Denial-of-service in Rockwell Automation 1794-AENTR FLEX I/O EtherNet/IP adapters allows remote unauthenticated attackers to fault the device and sever its connection to associated I/O modules via malformed CIP protocol requests. Recovery requires a manual reset, making this a high-impact availability issue for industrial control environments where uptime is critical. No public exploit identified at time of analysis, but the CVSS 4.0 score of 8.7 reflects the network-reachable, no-privilege attack path against operational technology.

Information Disclosure Flex I O Ethernet Ip Adapters
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2025-11694 HIGH CISA This Week

Denial-of-service in Rockwell Automation 1769 CompactLogix 5370 controllers allows remote unauthenticated attackers to induce a minor fault on the PLC by abusing Connection IDs exposed via the device's web interface and sending forged CIP traffic. The CVSS 4.0 base score of 8.7 reflects high availability impact with no authentication or user interaction required, and no public exploit has been identified at time of analysis.

Information Disclosure Compactlogix 5370
NVD VulDB
CVSS 4.0
8.7
EPSS
0.2%
CVE-2026-11317 HIGH CISA This Week

Remote denial of service in Rockwell Automation CompactLogix and ControlLogix programmable automation controllers allows unauthenticated attackers on the network to crash the device by sending a single crafted Common Industrial Protocol (CIP) message. The fault produces a Major Non-Recoverable Fault (MNRF) that requires a full program download to recover, meaning an outage continues until an engineer physically intervenes. No public exploit identified at time of analysis, but the CVSS 4.0 base score of 8.7 and OT impact make this a priority patch for affected plant floors.

Denial Of Service Compactlogix Controllogix
NVD
CVSS 4.0
8.7
EPSS
0.3%
CVE-2026-10649 HIGH This Week

Denial of service in Pacemaker's CIB remote listener allows unauthenticated remote attackers to crash the cluster service by sending a specially crafted compressed message. The vulnerability is an integer overflow (CWE-190) triggered during pre-authentication message decompression, leading to memory corruption. No public exploit identified at time of analysis, but the pre-auth attack vector and high availability impact on cluster-management infrastructure make this a meaningful risk for exposed deployments.

Denial Of Service Buffer Overflow Integer Overflow
NVD GitHub VulDB
CVSS 3.1
8.6
EPSS
0.5%
CVE-2026-46776 HIGH This Week

Unauthenticated LDAP-based compromise of Oracle Unified Directory 12.2.1.4.0 and 14.1.2.1.0 allows remote attackers to create, delete, or modify critical directory data, read a subset of directory data, and trigger a partial denial of service. The flaw resides in the OUD Core component and was disclosed in Oracle's June 2026 Critical Patch Update with a CVSS 3.1 base score of 8.6; no public exploit identified at time of analysis and the issue is not in CISA KEV.

Denial Of Service Oracle Oracle Unified Directory Authentication Bypass
NVD
CVSS 3.1
8.6
EPSS
0.4%
CVE-2026-22312 HIGH This Week

Authentication bypass in Radiflow iSAP Smart Collector exposes a REST API protected only by a hardcoded constant token, allowing remote attackers to read system settings, modify device configuration, and trigger commands such as a system reboot. The constant token effectively negates authentication, making the API exploitable by anyone who can reach the device's web server. No public exploit identified at time of analysis, but the CVSS 8.6 (high) score reflects network-reachable, unauthenticated, low-complexity abuse leading to high integrity impact.

Authentication Bypass Isap Smart Collector
NVD VulDB
CVSS 3.1
8.6
EPSS
0.2%
CVE-2026-53857 HIGH POC PATCH GHSA This Week

Authentication bypass in OpenClaw before 2026.5.3 allows remote attackers with low privileges to receive agent responses intended for other Zalo identities by manipulating their mutable display name to match allowFrom policy entries. The flaw stems from policy enforcement relying on mutable display metadata rather than immutable identifiers, and no public exploit has been identified at time of analysis.

Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.2%
CVE-2026-53849 HIGH POC PATCH GHSA This Week

Privilege escalation in OpenClaw before 2026.5.7 allows any user with a Discord account to assume the identity of a privileged Discord user authorized in the agent's allowFrom policy by simply renaming their account, because the access-control check matches on mutable display names rather than immutable Discord user IDs (snowflakes). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but exploitation is trivial for anyone who can read the target policy.

Privilege Escalation Authentication Bypass Openclaw
NVD GitHub VulDB
CVSS 4.0
8.6
EPSS
0.2%
CVE-2025-69139 HIGH This Week

Arbitrary file deletion in the Car Zone WordPress theme (versions through 3.7) by Aivah Themes lets remote, unauthenticated attackers remove files on the underlying server through a path-traversal flaw. The CVSS:3.1 vector (AV:N/AC:L/PR:N/UI:N/S:C/A:H) reflects that file deletion crosses scope into the broader WordPress installation, enabling denial-of-service or forced reinstall scenarios. No public exploit identified at time of analysis and the CVE is not in CISA KEV.

Path Traversal Car Zone
NVD
CVSS 3.1
8.6
EPSS
0.5%
CVE-2026-10748 HIGH PATCH This Week

Arbitrary OS command execution in Sonatype Nexus Repository 3 versions prior to 3.92.0 allows authenticated users holding the nx-licensing-create privilege to run commands as the Nexus process user by uploading a malicious license file. The flaw is rooted in unsafe deserialization (CWE-502) during license processing. No public exploit identified at time of analysis.

Deserialization Nexus Repository
NVD
CVSS 4.0
8.6
EPSS
0.3%
CVE-2026-10829 HIGH This Week

Remote code execution in Moxa NPort W2150A-W4/W2250A-W4 Series firmware version 1.5 and earlier allows authenticated administrators to corrupt memory by submitting an overlong 'Server location' value on the Basic settings page of the web management interface, yielding root-level command execution on the embedded serial device server. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but Moxa has issued advisory MPSA-261910 confirming the flaw. The companion CVE-2026-10828 (format string) was disclosed in the same advisory, suggesting the web management stack received broader scrutiny.

RCE Stack Overflow Buffer Overflow Nport W2150A W4 W2250A W4 Series Nport W2150A W2250A Series
NVD VulDB
CVSS 4.0
8.6
EPSS
0.4%
CVE-2026-46915 HIGH This Week

Takeover of Oracle Complex Maintenance, Repair and Overhaul (cMRO) versions 12.2.3 through 12.2.15 is achievable by a low-privileged attacker over HTTP, with the scope changing to impact additional Oracle E-Business Suite products beyond cMRO itself. The high CVSS 3.1 score of 8.5 reflects full confidentiality, integrity, and availability impact, though high attack complexity tempers exploitability. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Oracle Oracle Complex Maintenance Repair And Overhaul Authentication Bypass
NVD
CVSS 3.1
8.5
EPSS
0.4%
CVE-2026-39581 HIGH This Week

SQL injection in the WordPress plugin WP Sessions Time Monitoring Full Automatic (versions 1.1.4 and earlier) allows authenticated users with Subscriber-level access to inject malicious SQL into backend database queries. The CVSS scope change (S:C) and high confidentiality impact indicate that exploitation can expose data beyond the plugin's own context, including potentially the broader WordPress database. No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

SQLi Wp Sessions Time Monitoring Full Automatic
NVD
CVSS 3.1
8.5
EPSS
0.4%
CVE-2026-52797 HIGH PATCH GHSA This Week

Authenticated path traversal in Gogs self-hosted Git service (versions <= 0.13.4) allows any user with repository edit permissions to overwrite arbitrary files on the host filesystem via the diff preview endpoint, resulting in denial of service. By abusing the `git diff --output=<file>` flag through the `POST /:user/:repo/_preview/:branch/:path_to_file` handler and bypassing the standard library `path.Clean` filter, an attacker can corrupt critical files such as `gogs.db` or `app.ini`. Publicly available exploit code exists in the form of a detailed researcher write-up with payload examples, though no CISA KEV listing or active exploitation has been reported.

Path Traversal Denial Of Service
NVD GitHub
CVSS 3.1
8.5
EPSS
0.4%
CVE-2026-46870 HIGH This Week

Takeover of Oracle MySQL Shell is possible against the Shell for VS Code component in version 2026.2.0+9.6.1, where a low-privileged remote attacker can compromise the Shell with a scope-changing impact on additional products. The 8.5 CVSS score reflects full confidentiality, integrity, and availability impact, though high attack complexity tempers practical exploitability. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Oracle Mysql Shell Authentication Bypass
NVD VulDB
CVSS 3.1
8.5
EPSS
0.3%
CVE-2026-54307 HIGH PATCH GHSA This Week

Cross-user credential access in n8n workflow automation platform allows member-level users with Editor access to shared workflows to reference credentials owned by other users via specific public API endpoints. The flaw stems from incomplete ownership checks (CWE-863) and affects versions prior to 1.123.55, between 2.0.0-rc.0 and 2.25.7, and between 2.26.0 and 2.26.2. No public exploit identified at time of analysis, but the vulnerability enables credential exfiltration in multi-tenant n8n deployments where workflow sharing is enabled.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
8.5
EPSS
0.3%
CVE-2026-26231 HIGH PATCH GHSA This Week

Authorization bypass in Gitea versions up to and including 1.26.1 allows any authenticated user with mere read access to push arbitrary commits directly to any repository they can view, including all public repositories on the instance. The flaw stems from the 'Allow edits from maintainers' pull request flag being trusted without verifying the PR submitter actually owns write access on the HEAD side, enabling reverse-fork PRs to grant unauthorized push rights to upstream targets. Publicly available exploit code exists (a working poc.py is attached to the advisory), and the issue is fixed in Gitea 1.26.2.

Gitea Authentication Bypass
NVD GitHub
CVSS 3.1
8.5
EPSS
0.3%
CVE-2026-46448 HIGH PATCH GHSA This Week

Resource-accounting bypass in OpenStack Nova (compute service) lets an authenticated tenant create an instance whose scheduler hint data is not properly stripped, resulting in a running VM that has no corresponding Placement allocation. Because the instance consumes real host CPU/RAM/disk that the Placement service never accounted for, an attacker with ordinary project credentials can quietly over-subscribe a compute host and degrade availability for co-located tenants. SSVC lists exploitation as proof-of-concept (no public exploit identified as weaponized) with partial technical impact; EPSS is low at 0.26% (17th percentile).

Information Disclosure Nova Red Hat
NVD VulDB
CVSS 3.1
8.5
EPSS
0.3%
CVE-2026-49073 HIGH This Week

Blind SQL injection in the wpWax Directorist Booking WordPress plugin (versions up to and including 3.0.3) allows authenticated low-privilege users to issue crafted database queries that exfiltrate data across trust boundaries. The CVSS 3.1 score of 8.5 reflects a scope change (S:C) with high confidentiality impact, indicating the affected database context exposes data beyond the plugin's own component. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

SQLi Directorist Booking
NVD
CVSS 3.1
8.5
EPSS
0.3%
CVE-2026-49113 HIGH PATCH This Week

Arbitrary code execution in Themeco Cornerstone WordPress plugin versions prior to 7.8.8 allows authenticated low-privilege users (Subscriber role) to inject and execute arbitrary code on the underlying server. The CVSS:3.1 vector indicates a scope-changed network-vector flaw with high impact on confidentiality, integrity, and availability, though high attack complexity tempers the realistic risk. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list.

Code Injection RCE Cornerstone
NVD
CVSS 3.1
8.5
EPSS
0.4%
CVE-2026-46788 HIGH This Week

Takeover of Oracle WebCenter Content 14.1.2.0.0 is possible when a high-privileged attacker over HTTP induces a separate user to interact with crafted content, resulting in full confidentiality, integrity, and availability compromise plus impact on adjacent products via CVSS scope change. The Oracle Critical Patch Update (June 2026) lists this in the Content Server component with a CVSS 3.1 base score of 8.4. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list.

Oracle Oracle Webcenter Content Authentication Bypass
NVD
CVSS 3.1
8.4
EPSS
0.4%
CVE-2026-35272 HIGH This Week

Full compromise of Oracle PeopleSoft Enterprise PT PeopleTools 8.61 and 8.62 is possible via the Deployment Package component, where an unauthenticated attacker with logon access to the underlying host can take over the PeopleTools instance. Oracle rates this 8.4 CVSS with full confidentiality, integrity and availability impact, and no public exploit identified at time of analysis. The local attack vector keeps remote internet-based mass exploitation unlikely, but any user who can log on to the PeopleTools server should be treated as a critical risk.

Oracle Peoplesoft Enterprise Pt Peopletools Privilege Escalation
NVD VulDB
CVSS 3.1
8.4
EPSS
0.2%
CVE-2026-49401 HIGH PATCH GHSA This Week

Permission-sandbox bypass in the Deno runtime (versions <= 2.7.13) on macOS lets untrusted code reach paths that operators explicitly blocked with --deny-read, --deny-write, --deny-run, or --deny-ffi. Because Deno compared paths byte-for-byte while APFS treats Unicode-equivalent and case-equivalent spellings as the same file, a script granted broad --allow-* but with --deny-* carve-outs can read, write, execute, or FFI-load a protected file by referring to it with an alternate spelling (NFD vs NFC, case folding, ligatures, or German ss vs ß). No public exploit identified at time of analysis, and EPSS is low (0.14%), but the bypass is trivial to perform once an attacker controls the path string.

Microsoft Apple Information Disclosure
NVD GitHub VulDB
CVSS 3.1
8.4
EPSS
0.1%
CVE-2026-35262 HIGH This Week

Authenticated tampering and data exposure in Oracle Data Integrator 12.2.1.4.0 and 14.1.2.0.0 (Market Place component) allows a low-privileged attacker with HTTP network access to read, modify, or delete all data accessible to the product and induce a partial denial of service. Oracle assigns a CVSS 3.1 base score of 8.3 (AV:N/AC:L/PR:L/UI:N/C:H/I:H/A:L), and no public exploit identified at time of analysis. The flaw is described by Oracle as easily exploitable, raising the priority for any externally reachable ODI deployment.

Authentication Bypass Denial Of Service Oracle Oracle Data Integrator
NVD
CVSS 3.1
8.3
EPSS
0.4%
CVE-2026-35302 HIGH This Week

Server takeover in Oracle WebLogic Server 12.2.1.4.0 and 14.1.1.0.0 (Console component) allows a remote unauthenticated attacker who can lure an authenticated user into interacting with a crafted HTTP request to fully compromise the server with a scope change to other products. CVSS 8.3 reflects high impact tempered by high attack complexity and required user interaction; no public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Oracle Weblogic Server Open Redirect
NVD VulDB
CVSS 3.1
8.3
EPSS
0.3%
CVE-2026-46925 HIGH This Week

Adjacent-network takeover of Oracle Siebel CRM Cloud Applications (versions 17.0 through 26.5) is possible via the Siebel Cloud Manager component, where an unauthenticated attacker on the same physical communication segment can fully compromise the application and pivot to other products through a scope change. The flaw carries a CVSS 3.1 base score of 8.3 with full confidentiality, integrity, and availability impact, but high attack complexity. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Oracle Siebel Crm Cloud Applications Authentication Bypass
NVD
CVSS 3.1
8.3
EPSS
0.2%
CVE-2025-14272 HIGH CISA This Week

Authorization bypass in Rockwell Automation FactoryTalk Analytics PavilionX allows unauthenticated remote attackers to invoke privileged API endpoints, including user and role management functions, enabling full administrative takeover of the analytics platform. The CVSS 4.0 base score of 8.3 reflects high confidentiality impact with limited integrity and availability effects, and at the time of analysis there is no public exploit identified.

Authentication Bypass Factorytalk Analytics Pavilionx
NVD
CVSS 4.0
8.3
EPSS
0.2%
CVE-2026-35274 HIGH This Week

Unauthorized data access and modification in Oracle PeopleSoft Enterprise PT PeopleTools 8.61 and 8.62 allows unauthenticated remote attackers to compromise the Deployment Package component over HTTP. The flaw yields complete read access to PeopleTools-accessible data and partial write (insert/update/delete) capability without any user interaction or credentials. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV, but the low attack complexity and network reachability make it a high-priority patching target.

Authentication Bypass Oracle Peoplesoft Enterprise Pt Peopletools
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2026-46866 HIGH This Week

Remote denial-of-service and data tampering in Oracle Enterprise Manager Base Platform 13.5 and 24.1 allows unauthenticated network attackers to crash or hang the management console and to perform unauthorized modifications to a subset of accessible data via the Agent Next Gen component over HTTPS. Oracle rates the issue CVSS 8.2 and notes the flaw is easily exploitable; no public exploit identified at time of analysis, and it is not listed on the CISA KEV catalog.

Denial Of Service Oracle Oracle Enterprise Manager Base Platform
NVD
CVSS 3.1
8.2
EPSS
0.4%
CVE-2026-48788 HIGH POC PATCH GHSA This Week

Stored/reflected XSS in Remark42 self-hosted comment engine versions 1.6.0 through 1.15.0 allows unauthenticated remote attackers to execute arbitrary JavaScript in the context of a Remark42 origin by abusing a Content-Type inconsistency in the image proxy. The proxy trusts the upstream Content-Type header during the download check but re-sniffs bytes when serving, letting an HTML/JS payload advertised as image/png be re-served as text/html from the victim instance's own origin. No public exploit identified at time of analysis; fixed in 1.16.0.

XSS Remark42
NVD GitHub
CVSS 3.0
8.2
EPSS
0.3%
CVE-2026-8442 HIGH This Week

Arbitrary file deletion in the WP Review Slider Pro WordPress plugin (versions up to and including 12.6.8) allows authenticated attackers with Subscriber-level access to delete arbitrary files on the underlying server, potentially escalating to remote code execution by removing files such as wp-config.php to trigger the WordPress setup flow. The flaw stems from missing capability checks on two AJAX handlers (wpfb_hide_review and wprp_save_review_admin) combined with a defective strpos()-based prefix check in wpfb_hidereview_ajax() that fails to neutralize path traversal sequences before calling unlink(). No public exploit identified at time of analysis, and the issue is not listed in CISA KEV; reported by Wordfence.

Path Traversal WordPress RCE Wpreviewslider Com
NVD VulDB
CVSS 3.1
8.1
EPSS
0.8%
CVE-2026-46806 HIGH This Week

Cross-context compromise of Oracle WebCenter Content 14.1.2.0.0 (Content Server component) allows a remote unauthenticated attacker over HTTPS to gain high-impact read access and limited write access to managed content, with effects that cross trust boundaries into additional Oracle Fusion Middleware products (scope change). Exploitation requires a victim to interact with attacker-controlled input (UI:R), and at the time of analysis there is no public exploit identified and the issue is not listed in CISA KEV.

Authentication Bypass Oracle Oracle Webcenter Content Open Redirect
NVD
CVSS 3.1
8.2
EPSS
0.3%
CVE-2026-48780 HIGH This Week

Authentication bypass in Forem (prior to commit a2ab6d4) allows remote attackers to circumvent email domain allowlist/denylist controls by submitting RFC 2047 encoded-word email addresses, enabling unauthorized registration on invite-only deployments. The flaw arises because the raw email string passes domain checks while downstream mail decoding resolves it to an attacker-controlled address, with no public exploit identified at time of analysis.

Authentication Bypass Forem
NVD GitHub
CVSS 3.1
8.2
EPSS
0.2%
CVE-2026-35288 HIGH This Week

Privilege escalation and full takeover in Oracle PeopleSoft Enterprise PT PeopleTools 8.61 and 8.62 (Deployment Package component) allows a high-privileged attacker with logon access to the underlying infrastructure to fully compromise PeopleTools with a scope change that impacts additional products. Oracle rates this CVSS 8.2 and confirms it is easily exploitable once the attacker has the required local privileges. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.

Oracle Peoplesoft Enterprise Pt Peopletools Privilege Escalation
NVD VulDB
CVSS 3.1
8.2
EPSS
0.2%
CVE-2026-46865 HIGH This Week

Privileged local compromise in Oracle Enterprise Manager Base Platform 13.5 and 24.1 (Extensibility Framework component) allows a high-privileged attacker with logon access to the host running EM to fully take over the platform, with scope change extending impact to additional managed Oracle products. CVSS 3.1 base score is 8.2 with full confidentiality, integrity, and availability impact, and no public exploit identified at time of analysis. The scope-changing nature makes this a notable lateral-movement primitive in Oracle estates even though prerequisites are non-trivial.

Oracle Oracle Enterprise Manager Base Platform Authentication Bypass
NVD
CVSS 3.1
8.2
EPSS
0.2%
CVE-2026-28699 HIGH PATCH GHSA This Week

OAuth2 scope enforcement bypass in Gitea <= 1.26.1 allows any OAuth2 access token to perform write actions far beyond its granted scope when submitted via HTTP Basic authentication instead of as a Bearer token. A token issued with only `read:user` can modify user settings, add attacker-controlled emails, and create or delete the user's repositories, effectively nullifying the entire OAuth2 scope model for Basic-auth requests. No public exploit identified at time of analysis, but the advisory itself contains a full working PoC.

Gitea Authentication Bypass
NVD GitHub
CVSS 3.1
8.1
EPSS
0.6%
Prev Page 2 of 6 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy