Unauthenticated remote compromise of Oracle WebCenter Sites 12.2.1.4.0 and 14.1.2.0.0 is possible via HTTP, allowing attackers to read, create, modify, or delete all data accessible to the application. Oracle rates this as easily exploitable with no privileges or user interaction required (CVSS 9.1), and no public exploit identified at time of analysis. The flaw is tagged as an authentication bypass affecting the WebCenter Sites component of Oracle Fusion Middleware.
Unauthenticated remote compromise of Oracle WebCenter Content: Imaging (component: Core) in Oracle Fusion Middleware versions 12.2.1.4.0 and 14.1.2.0.0 allows attackers to read and modify all data accessible to the Imaging service over HTTP. The flaw is rated CVSS 9.1 with high confidentiality and integrity impact but no availability impact, and Oracle classifies it as easily exploitable. No public exploit identified at time of analysis, and the CVE is not currently listed on CISA KEV.
Unauthenticated remote compromise of Oracle WebCenter Content (Fusion Middleware Content Server) in versions 12.2.1.4.0 and 14.1.2.0.0 allows network-based attackers to read, create, modify, or delete any data accessible to the Content Server via HTTP. The flaw carries a CVSS 3.1 base score of 9.1 with high confidentiality and integrity impact, no authentication, and low attack complexity. No public exploit identified at time of analysis, but Oracle's tagging as an authentication-bypass class issue and the trivial exploitability profile make it a high-priority patch target.
Remote unauthenticated compromise of Oracle Advanced Outbound Telephony (Oracle E-Business Suite, Internal Operations component) versions 12.2.3 through 12.2.15 allows attackers to read, create, modify, or delete all data accessible to the application via HTTP. Oracle rates the issue 9.1 (CVSS 3.1) due to network attack vector with no authentication and high confidentiality and integrity impact, though availability is unaffected. No public exploit identified at time of analysis, but the trivial exploitability and EBS exposure profile make it a priority patch.
Remote unauthenticated compromise of Oracle In-Memory Cost Management for Discrete Industries (Oracle E-Business Suite versions 12.2.12 through 12.2.15) allows network-based attackers to read, modify, create, or delete all data accessible to the product via HTTPS. The flaw carries a CVSS 3.1 base score of 9.1 with high confidentiality and integrity impact but no availability impact, and no public exploit has been identified at time of analysis. Oracle disclosed the issue in the June 2026 Critical Patch Update advisory cspujun2026.
Unauthenticated remote compromise of Oracle JD Edwards EnterpriseOne Human Resources Management 9.2 allows network attackers to read and modify all data accessible through the Human Resources component via crafted HTTP requests. Oracle rates this CVSS 9.1 with high confidentiality and integrity impact but no availability impact, and labels it 'easily exploitable.' No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
{owner}/{repo}/archive/* accepts OAuth2 tokens but never validates the token's scope, unlike the equivalent API and git-HTTP paths. The issue was found via variant analysis of prior fix PR #37698, is fixed in 1.26.2, and carries a low EPSS (0.26%, 17th percentile) with no public exploit identified at time of analysis beyond the reproduction steps published in the GHSA advisory.
Security mitigation bypass in the DOM: Security component of Mozilla Firefox prior to version 152 allows remote attackers to compromise confidentiality and integrity of browser-rendered content without user interaction. The flaw carries a critical CVSS 3.1 score of 9.1 (AV:N/AC:L/PR:N/UI:N) and is tagged as an Authentication Bypass class issue, though no public exploit identified at time of analysis. The vulnerability has been patched by Mozilla in Firefox 152 per MFSA2026-57/MFSA2026-60.
Security mitigation bypass in the DOM: Security component of Mozilla Firefox allows remote attackers to circumvent browser security controls, with high impact to confidentiality and integrity. The flaw affects Firefox versions prior to 152 and Firefox ESR prior to 140.12, with no public exploit identified at time of analysis. Given the CVSS 9.1 rating and network-reachable attack vector, any user browsing a malicious page is potentially exposed.
Same-origin policy bypass in the Networking: Cookies component. This vulnerability was fixed in Firefox 152 and Firefox ESR 140.12.
Remote takeover of Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 is possible through the Content Server component, allowing an unauthenticated network attacker to fully compromise the product with cascading impact to other Oracle Fusion Middleware components due to a scope change. Oracle assigned a CVSS 3.1 base score of 9.0 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H), and no public exploit identified at time of analysis. The high attack complexity tempers the otherwise critical rating, but a successful exploit yields complete takeover.
Privileged remote tampering in Oracle Enterprise Manager Base Platform 13.5 and 24.1 (Install component) allows an authenticated, high-privileged attacker over HTTPS to modify or destroy critical data, read a subset of data, and trigger a complete denial of service, with scope change extending impact to additional products. Oracle rates the issue CVSS 3.1 9.0 and there is no public exploit identified at time of analysis, but the scope-change behavior and broad impact warrant prompt patching during the next Oracle CPU window.
Path manipulation in the LangGraph Python SDK (langgraph-sdk) version 0.3.14 and earlier lets caller-supplied identifier values containing URL-special characters redirect an HTTP request to a different resource — or resource type — than the SDK call intended. When applications forward untrusted, unvalidated identifiers into SDK methods and rely on upstream URL-prefix authorization, an attacker can reach, modify, or delete resources outside their authorization scope. There is no public exploit identified at time of analysis and EPSS is low (0.22%), but CVSS is rated 9.1 due to high confidentiality and integrity impact.
Path traversal in Apache Airflow SFTP provider (apache-airflow-providers-sftp before 5.8.1) allows a malicious or compromised remote SFTP server to write files outside the configured local destination directory on the Airflow worker host. The root cause is that SFTPHook.retrieve_directory does not sanitize server-supplied directory-entry names before constructing local file paths, enabling traversal sequences to escape the intended destination. No exploit code has been publicly identified at time of analysis, but the attack requires no Airflow credentials - any deployment that downloads directories from an untrusted SFTP server is in scope.