Local privilege escalation potential in the Linux kernel's net/sched traffic-control subsystem arises from a partial copy-on-write (COW) miss in the pedit action (tcf_pedit_act), where skb_ensure_writable() is sized using tcfp_off_max_hint before the per-key loop and fails to account for the runtime header offset added by typed keys, leaving part of the write region un-COW'd and causing page cache corruption. A local low-privileged attacker able to install tc pedit rules (CAP_NET_ADMIN, obtainable in user namespaces on many distros) can corrupt shared page-cache memory, with CVSS 7.8 reflecting high confidentiality, integrity, and availability impact. Publicly available exploit code exists, though EPSS is low at 0.14% (4th percentile) and the issue is not on CISA KEV.
Cross-tenant credential takeover in n8n Enterprise allows any authenticated user to hijack OAuth credentials belonging to other tenants when the Dynamic Credentials feature is enabled. Three EE endpoints failed to enforce per-resource ownership checks, letting attackers enumerate credentials across private workflows, overwrite stored OAuth tokens with attacker-controlled tokens, or revoke victim tokens entirely. No public exploit identified at time of analysis, but the issue has a high CVSS 4.0 score of 8.9 and a vendor advisory confirms the flaw.
Command injection in Turck TBEN-LL-SE-M2, TBEN-L4-SE-M2, and TBEN-L5-SE-M2 Managed Ethernet Switches allows an authenticated low-privileged remote attacker to achieve full system compromise by injecting shell metacharacters into a name parameter. The flaw, reported by CERT@VDE, carries a CVSS 8.8 rating with no public exploit identified at time of analysis and is not currently listed in CISA KEV.
Remote code execution in the Premmerce Dev Tools WordPress plugin (versions ≤ 2.0) allows authenticated users with Subscriber-level access or higher to write arbitrary PHP files into wp-content/plugins/ by injecting payloads into the premmerce_plugin_namespace POST parameter. The flaw stems from a missing authorization check in generatePluginHandler combined with unsanitized string substitution in createFromStub, enabling attackers to escape the namespace context with a semicolon and execute arbitrary PHP on the host. No public exploit identified at time of analysis, but the low privilege barrier and the high-impact CVSS 8.8 score make this a serious risk on sites with open registration.
Command injection in openSUSE/SUSE wicked DHCP client before 0.6.79 allows attackers operating a rogue DHCP server on the victim's local network segment to execute arbitrary commands by embedding single-quoted shell metacharacters in DHCP option strings, which are written unsanitized to /run/wicked/leaseinfo.* files and later consumed by netconfig. The CVSS 8.8 (AV:A) rating reflects adjacent-network exposure without authentication. No public exploit identified at time of analysis.
Account takeover of Oracle Process Manufacturing Product Development (versions 12.2.3-12.2.15) is achievable by a low-privileged remote attacker over HTTP via the Quality Management Specs component. The flaw scores CVSS 8.8 with full confidentiality, integrity, and availability impact, and Oracle classifies it as easily exploitable; no public exploit identified at time of analysis and it is not listed in CISA KEV.
Authenticated takeover of Oracle Enterprise Manager Base Platform 13.5 and 24.1 is possible via the Agent Next Gen component, where a low-privileged attacker with SSH network access can fully compromise confidentiality, integrity, and availability. Oracle rates this 8.8 and describes it as easily exploitable, but no public exploit identified at time of analysis and the flaw is not listed in CISA KEV. The single source is Oracle's June 2026 Critical Patch Update advisory, which is the authoritative reference for affected versions and fixes.
Account takeover in Oracle WebCenter Content: Imaging (Fusion Middleware) allows a low-privileged authenticated attacker with HTTP network access to fully compromise the Imaging component on versions 12.2.1.4.0 and 14.1.2.0.0. Oracle rates the flaw CVSS 8.8 with high impact across confidentiality, integrity, and availability, and describes it as 'easily exploitable.' No public exploit identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.
Privilege escalation to full product takeover in Oracle WebCenter Content (Content Server component) versions 12.2.1.4.0 and 14.1.2.0.0 allows low-privileged attackers with HTTP network access to fully compromise the system. The CVSS 3.1 base score of 8.8 reflects high impact across confidentiality, integrity, and availability with low attack complexity. No public exploit identified at time of analysis and the CVE is not listed in CISA KEV.
Account takeover in Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 (Content Server component) allows a low-privileged authenticated attacker with HTTP network access to fully compromise the product, impacting confidentiality, integrity, and availability. Oracle rates this 8.8 (CVSS 3.1) and describes it as 'easily exploitable.' No public exploit identified at time of analysis, and it is not listed in CISA KEV.
Account takeover in Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged authenticated attacker to fully compromise the Content Server over HTTP. Oracle's June 2026 Critical Patch Update rates this 8.8 with complete confidentiality, integrity, and availability impact, and no public exploit identified at time of analysis.
Account takeover in Oracle WebCenter Sites 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged remote attacker with HTTP access to fully compromise the product. The flaw is rated CVSS 8.8 with high impact across confidentiality, integrity, and availability, and Oracle classifies it as easily exploitable; no public exploit identified at time of analysis.
Account takeover in Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged attacker with HTTP network access to fully compromise the Content Server component. Oracle rates the flaw 8.8 with high impact across confidentiality, integrity and availability, and characterizes it as easily exploitable. No public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the vendor's 'takeover' wording and low complexity make this a priority patch.
Account takeover in Oracle WebCenter Content 12.2.1.4.0 and 14.1.2.0.0 (Content Server component) lets a low-privileged remote attacker fully compromise the platform over HTTP without user interaction. Oracle's own CVSS 3.1 score of 8.8 reflects high impact across confidentiality, integrity, and availability, and there is no public exploit identified at time of analysis. Disclosed via the Oracle Critical Security Patch Update advisory (cspujun2026), making this a vendor-confirmed flaw rather than third-party speculation.
Authenticated remote code execution in Oracle WebLogic Server 12.2.1.4.0 and 14.1.2.0.0 allows a low-privileged attacker with HTTP access to fully take over the server, per Oracle's June 2026 Critical Patch Update. The CVSS 3.1 base score of 8.8 reflects full confidentiality, integrity, and availability impact with low attack complexity. No public exploit identified at time of analysis and the issue is not currently listed in CISA KEV.
Authenticated remote takeover in Oracle WebLogic Server 12.2.1.4.0 and 14.1.1.0.0 via the Console component allows a low-privileged attacker with HTTP network access to fully compromise the server. Oracle rates the flaw CVSS 8.8 with high impact on confidentiality, integrity, and availability, and no public exploit identified at time of analysis. The advisory was published in Oracle's June 2026 Critical Patch Update, making this a priority patching item for enterprise middleware operators.
Authenticated takeover of Oracle WebLogic Server 12.2.1.4.0 and 14.1.1.0.0 is achievable through the administrative Console component, where a low-privileged HTTP-authenticated attacker can fully compromise confidentiality, integrity, and availability of the server. Oracle reports the issue as easily exploitable and rates it CVSS 8.8, though no public exploit identified at time of analysis and the vulnerability is not currently listed in CISA KEV. The flaw poses a significant risk to enterprise Java EE deployments where the WebLogic Console is reachable by any authenticated user.
Account takeover in Oracle Identity Manager (Fusion Middleware) versions 12.2.1.4.0 and 14.1.2.1.0 allows a low-privileged remote attacker to fully compromise the Identity Manager instance via its REST WebServices component over HTTP. Oracle rates the flaw CVSS 8.8 with high impact to confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Because Identity Manager governs enterprise identity lifecycle and provisioning, successful exploitation has cascading impact across downstream applications it manages.
Account takeover in Oracle Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0 allows a low-privileged remote attacker with HTTP access to fully compromise the Identity Manager component of Oracle Fusion Middleware. With a CVSS 3.1 base score of 8.8 and high impact across confidentiality, integrity, and availability, successful exploitation results in takeover of the identity governance platform itself. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Dell OpenManage Integration with Microsoft Windows Admin Center contains a Remote Code Execution vulnerability in the gateway plugin. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.
Account takeover in Oracle Outsourced Mfg for Discrete Industries (component: Internal Operations) within Oracle E-Business Suite versions 12.2.3 through 12.2.15 allows a low-privileged remote attacker to fully compromise the module over HTTP. With CVSS 3.1 base score 8.8 and high impact on confidentiality, integrity, and availability, this is a high-priority patching item, though no public exploit identified at time of analysis and it is not currently listed in CISA KEV.
Full takeover of Oracle Outsourced Mfg for Discrete Industries (component: Internal Operations) is achievable by a low-privileged authenticated attacker over HTTP, per Oracle's June 2026 Critical Patch Update advisory. The CVSS 3.1 base score of 8.8 reflects high impact across confidentiality, integrity, and availability with low attack complexity, though no public exploit identified at time of analysis. Affected versions span 12.2.3 through 12.2.15 of Oracle E-Business Suite.
Authorization flaw in Oracle Public Sector Financials (International) versions 12.2.3 through 12.2.15 enables low-privileged authenticated attackers with HTTP network access to fully take over the affected component. Oracle's Critical Patch Update describes the issue as easily exploitable with high impact to confidentiality, integrity, and availability (CVSS 8.8). No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.
Account takeover in Oracle Universal Work Queue (Oracle E-Business Suite 12.2.3 through 12.2.15) allows a low-privileged attacker with HTTP network access to fully compromise the Work Provider Site Level Administration component. Oracle rates this as easily exploitable with full confidentiality, integrity, and availability impact (CVSS 3.1 base 8.8), though no public exploit identified at time of analysis and it is not currently listed in CISA KEV.
Authenticated takeover of Oracle Project Portfolio Analysis (E-Business Suite versions 12.2.3 through 12.2.15) is possible over HTTP, allowing a low-privileged attacker to fully compromise the application's confidentiality, integrity, and availability. Oracle rates this as easily exploitable with a CVSS 3.1 base score of 8.8, though no public exploit identified at time of analysis. The flaw resides in the Internal Operations component and was disclosed in Oracle's June 2026 Critical Patch Update.
Account takeover in Oracle Project Portfolio Analysis (E-Business Suite component Internal Operations) versions 12.2.3 through 12.2.15 allows a low-privileged authenticated attacker to fully compromise the module over HTTP. Oracle's June 2026 Critical Patch Update rates the issue 8.8 with high confidentiality, integrity, and availability impacts, and the CVSS vector flags it as easily exploitable; no public exploit identified at time of analysis and the issue is not on CISA KEV.
Account takeover in the Oracle Quality module of Oracle E-Business Suite 12.2.3 through 12.2.15 allows a low-privileged attacker with HTTP network access to fully compromise the Quality component, impacting confidentiality, integrity, and availability (CVSS 3.1 8.8). The flaw resides in the Internal Operations component and is rated easily exploitable by Oracle's own advisory, though no public exploit identified at time of analysis and the issue is not yet listed in CISA KEV.
Account takeover of the Oracle Quality module in Oracle E-Business Suite versions 12.2.3 through 12.2.15 allows a low-privileged authenticated attacker to fully compromise the component over HTTP. Per the vendor's June 2026 Critical Patch Update advisory the issue is rated CVSS 8.8 with high impact on confidentiality, integrity, and availability, and no public exploit identified at time of analysis. Risk is elevated for internet- or intranet-exposed EBS deployments because exploitation is rated 'easily exploitable' and only requires a valid low-privilege session.
Account takeover in Oracle Advanced Outbound Telephony (E-Business Suite component, versions 12.2.3 through 12.2.15) allows a low-privileged remote attacker with HTTP access to fully compromise the product's confidentiality, integrity, and availability. Oracle has published a fix in the June 2026 Critical Patch Update, and the CVSS 3.1 base score of 8.8 reflects an easily exploitable network-borne flaw, though no public exploit identified at time of analysis and EPSS data was not provided.
Account takeover in Oracle Advanced Outbound Telephony (E-Business Suite versions 12.2.3 through 12.2.15) allows a low-privileged remote attacker to fully compromise the component over HTTP. The Internal Operations component is exposed to authenticated users with network reach, and successful exploitation yields high impact across confidentiality, integrity, and availability. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Takeover of Oracle Process Manufacturing Process Planning (versions 12.2.3 through 12.2.15) is achievable by a low-privileged remote attacker over HTTP through the Internal Operations component of Oracle E-Business Suite. The flaw carries a CVSS 3.1 base score of 8.8 with full confidentiality, integrity, and availability impact, and Oracle has classified it as easily exploitable. There is no public exploit identified at time of analysis, but the low complexity and minimal authentication threshold make it a high-priority patching target for any EBS deployment.
Remote takeover of Oracle Cost Management (component: Cost Planning) within Oracle E-Business Suite versions 12.2.3 through 12.2.15 is achievable by a low-privileged attacker over HTTP, yielding full compromise of confidentiality, integrity, and availability (CVSS 8.8). The advisory was published in Oracle's June 2026 Critical Patch Update and no public exploit identified at time of analysis. Because the EBS Cost Management module is commonly reachable from internal corporate networks by any authenticated EBS user, the low privilege requirement (PR:L) makes this a credible insider/post-foothold escalation path rather than an unauthenticated internet risk.
Account takeover of Oracle iSetup (component of Oracle E-Business Suite 12.2.3 through 12.2.15) is achievable by a low-privileged authenticated attacker reaching the General Ledger Update Transform / Reports component over HTTP. The flaw is rated CVSS 8.8 with full confidentiality, integrity, and availability impact, and no public exploit has been identified at time of analysis. Oracle published the fix in the June 2026 Critical Patch Update.
Account takeover in Oracle Enterprise Asset Management (Oracle E-Business Suite 12.2.6 through 12.2.15) allows a low-privileged remote attacker to fully compromise the Internal Operations component over HTTP. The flaw carries a CVSS 3.1 base score of 8.8 with high confidentiality, integrity, and availability impacts, and no public exploit identified at time of analysis. Because EBS instances frequently underpin manufacturing and asset-management workflows for large enterprises, successful exploitation could pivot from a foothold account into a full module takeover.
Account takeover in Oracle Cost Management (E-Business Suite, versions 12.2.3 through 12.2.15) allows a low-privileged remote attacker to fully compromise the Cost Planning component over HTTP. The flaw yields high confidentiality, integrity, and availability impact with no user interaction required, and is addressed in Oracle's June 2026 Critical Patch Update. No public exploit identified at time of analysis, but the low-complexity, network-accessible nature warrants priority patching by EBS operators.
Full product takeover of Oracle Spares Management (a module of Oracle E-Business Suite) is achievable by a low-privileged remote attacker over HTTPS, affecting supported versions 12.2.3 through 12.2.15. Oracle rates this 8.8 CVSS with high impact across confidentiality, integrity, and availability, and the vector indicates easy exploitation with no user interaction. There is no public exploit identified at time of analysis, and the CVE is not on CISA KEV.
Account takeover in Oracle Siebel CRM Cloud Applications versions 17.0 through 26.5 allows a low-privileged remote attacker to fully compromise the Siebel Cloud Manager component over HTTP. Oracle rates the flaw 8.8 with full CIA impact, and no public exploit identified at time of analysis, but the low attack complexity and low privilege requirement make this a high-priority patch for any internet-exposed Siebel deployment.
Authenticated takeover of Oracle JD Edwards EnterpriseOne Tools 9.2.0.0 through 9.2.26.2 is possible via the Business Logic Infrastructure Security component, where a low-privileged attacker with HTTP network access can fully compromise confidentiality, integrity, and availability of the application. Oracle rates the issue 8.8 with vector AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, and no public exploit identified at time of analysis. The flaw is described as easily exploitable, making it a high-priority patch target for enterprises running affected Tools releases.
Authenticated takeover of Oracle Siebel Apps - Marketing (versions 17.0 through 26.5) allows a low-privileged attacker with HTTP network access to fully compromise confidentiality, integrity, and availability of the Marketing component. Oracle rates this 8.8 CVSS 3.1 with low attack complexity and no user interaction, making it an easy-win post-authentication vulnerability against any reachable Siebel Marketing instance. No public exploit identified at time of analysis, and the issue is not on the CISA KEV list.
Account takeover of the Siebel CRM Integration component (EAI) in Oracle Siebel CRM versions 17.0 through 26.5 allows a low-privileged remote attacker with HTTP network access to fully compromise the integration component, impacting confidentiality, integrity, and availability. Oracle rates this 'easily exploitable' with CVSS 3.1 score 8.8, but no public exploit identified at time of analysis and the vulnerability is not listed in CISA KEV.
Full takeover of Oracle WebLogic Server 14.1.2.0.0 and 15.1.1.0.0 is achievable by remote unauthenticated attackers via the Console component over HTTPS, provided a victim performs an action such as clicking a malicious link. The flaw carries a CVSS 3.1 base score of 8.8 with high impact across confidentiality, integrity, and availability, but exploitation hinges on user interaction. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.
Unauthenticated browser hijacking in n8n's @n8n/mcp-browser package (versions <2.25.7 and 2.26.0-2.26.1) allows any network-reachable attacker or malicious website to invoke browser-control tools against a victim's real browser profile when HTTP transport is enabled. No public exploit identified at time of analysis, but the missing-authentication flaw (CWE-306) requires only that the operator started the MCP endpoint with --transport http and has the n8n AI Browser Bridge extension active.
Privilege escalation in the WebRender graphics component of Mozilla Firefox enables remote attackers to elevate privileges within the browser sandbox when a victim loads malicious web content. Mozilla has patched the issue in Firefox 152, Firefox ESR 140.12, and Firefox ESR 115.37, and no public exploit has been identified at time of analysis.
Remote code execution in Zyxel GS1900 series managed switches (including GS1900-48HPv2, GS1900-8, GS1900-8HP, GS1900-10HP, GS1900-16, GS1900-24/24E/24EP/24HPv2, and GS1900-48) up to firmware 2.90(ABTQ.1)C0 allows a LAN-adjacent unauthenticated attacker to execute OS commands via a crafted HTTP request to the CGI handler. The flaw is a stack-based buffer overflow (CWE-121) carrying CVSS 8.8 and exposes the switch management plane to anyone on the same Layer-2 segment. No public exploit identified at time of analysis, but the vendor disclosed the issue concurrently with the advisory dated 2026-06-16.
Authenticated SQL injection in the WP Review Slider Pro WordPress plugin through version 12.6.8 lets Subscriber-level users append arbitrary SQL via the wpfb_find_reviews AJAX action, enabling extraction of sensitive database contents including user credentials and secrets. The flaw is reachable by any logged-in WordPress account, which on sites with open registration effectively lowers the bar to near-unauthenticated. No public exploit identified at time of analysis and the issue is not listed in CISA KEV.
SQL injection in the WP Review Slider Pro WordPress plugin (versions ≤12.6.8) allows authenticated attackers with Subscriber-level access to inject arbitrary SQL via the 'stypes' and 'slocations' JSON parameters of the wppro_get_overall_chart_data AJAX action. Because the vulnerable handler echoes the executed SQL back in its JSON response, attackers gain a built-in oracle that turns blind injection into a near-trivial database extraction primitive. No public exploit identified at time of analysis, but the very low privilege barrier on a default WordPress install makes any exposed site a realistic target.
Cross-tenant data access in Langflow versions prior to 1.9.0 allows any authenticated user to read, modify, rename, or permanently delete other users' messages, sessions, build artifacts, and LLM transaction logs via seven unprotected `/api/v1/monitor` endpoints. The flaw stems from missing ownership checks (IDOR/BOLA) where `flow_id` or resource UUIDs are accepted verbatim without verifying the requester owns them. No public exploit identified at time of analysis beyond the detailed PoC in the vendor advisory, and the issue is not listed in CISA KEV.
Remote code execution in the Android Modem component (per the Pixel 2026-06-01 security bulletin) is possible via an out-of-bounds write triggered without user interaction. Authenticated remote attackers (PR:L per CVSS) can corrupt memory to execute arbitrary code at the same privilege level as the Modem process. No public exploit identified at time of analysis, EPSS is low at 0.23% (13th percentile), and the issue is not listed in CISA KEV.
In ParsePayloads of AudioSdpParser.cpp, there is a possible memory corruption due to type confusion. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
In numberOfReportBlocks of RtpSession.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.