4742 matches found
CVE-2026-34289
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware component: Core. The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager...
CVE-2026-34294
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware component: Microsoft Active Directory. The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows low privileged attacker with network access via LDAP to compromise Orac...
CVE-2026-9234
The JTL-Connector for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.4.1. This is due to missing capability checks and nonce verification on the adminpostsettingssavewoo-jtl-connector action handled by JtlConnectorAdmin::save and on the...
CVE-2026-20136
A vulnerability in the CLI of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, local attacker with administrative privileges to perform a command injection attack on the underlying operating system and elevate privileges to root. Th...
CVE-2026-4353
The CI HUB Connector plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'id' attribute of the cihubmetadata shortcode in all versions up to, and including, 1.2.106 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers...
CVE-2026-22576
A storing passwords in a recoverable format vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.4, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR PaaS 7.4 all versions, FortiSOAR PaaS 7.3 all versions, FortiSOAR on-premise 7.6.0 through 7.6.4, FortiSOAR on-premise 7.5.0 through 7.5.2,...
CVE-2026-34287
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware component: Core. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager...
CVE-2026-34286
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware component: Core. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager...
CVE-2026-34290
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware component: Core. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via TCP to compromise Oracle Identity Manager...
CVE-2026-34285
Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware component: Core. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager...
CVE-2026-46819
Vulnerability in the Oracle Internet Procurement Connector product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
BIT-ACTIVEMQ-2026-49270 Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All: Durable Subscription Disclosure via Crafted BrokerInfo (OpenWire)
Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache ActiveMQ All. Brokers that are configured with a network connector with syncDurableSubs set to true, are vulnerable to an unauthenticated attacker who can receive a list of all...
Oracle E-Business Suite (May 2026 CSPU)
The versions of Oracle E-Business Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the May 2026 CSPU advisory. - Vulnerability in the Oracle iAssets product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected...
Apache ActiveMQ 5.14.x < 5.19.7 / 6.x < 6.2.6 Information Disclosure
The version of Apache ActiveMQ running on the remote host is 5.14.x prior to 5.19.7 or 6.x prior to 6.2.6. It is, therefore, affected by an information disclosure vulnerability: - Exposure of Sensitive Information Through Metadata vulnerability in Apache ActiveMQ Broker, Apache ActiveMQ, Apache...
Kibana 9.3.x < 9.3.3 SSRF (ESA-2026-40)
The version of Kibana installed on the remote host is 9.3.x prior to 9.3.3. It is, therefore, affected by a vulnerability as referenced in the ESA-2026-40 advisory. - Server-Side Request Forgery CWE-918 in Kibana can allow an authenticated user with connector management privileges to bypass the...
ROOT-APP-PYPI-CVE-2025-5279 CVE-2025-5279 in rootio-redshift-connector - Patched by Root
Root has patched CVE-2025-5279 in the rootio-redshift-connector package for Root:PyPI. Multiple fixed versions available...
CVE-2026-46245
CVE-2026-46245 affects the AMDGPU display driver in the Linux kernel. The vulnerability arises in amdgpu_dm_hpd_init() where a NULL dc_link could be dereferenced while setting up HPD interrupts, despite an earlier check for polling decisions. The provided patch assigns dc_link early and skips con...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the improper order of IRQ requests and extcon processing in the power supply pm8916lbc module. Th...
CVE-2026-9234
The JTL-Connector for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.4.1. This is due to missing capability checks and nonce verification on the adminpostsettingssavewoo-jtl-connector action handled by JtlConnectorAdmin::save and on the...
CVE-2026-9234
The CVE-2026-9234 entry identifies a vulnerability in the WordPress plugin JTL-Connector for WooCommerce (versions up to and including 2.4.1). The issue is Missing Authorization on three actions: admin_post_settings_save_woo-jtl-connector, and the AJAX actions wp_ajax_downloadJTLLogs and wp_ajax_...