PT-2026-3674

Name of the Vulnerable Software and Affected Versions Oracle Utilities Application Framework versions 4.4.0.3.0 through 4.5.0.2.0 Oracle Utilities Application Framework versions 25.4 and 25.10 Description A flaw exists within the Oracle Utilities Application Framework component of Oracle Utilitie...

Oracle PeopleSoft security vulnerabilities

Oracle PeopleSoft is a corporate human capital management solution developed by Oracle Corporation in the United States. This product offers functions such as human capital management, financial management, and supplier relationship management. PeopleSoft Enterprise PeopleTools is a tool and...

PT-2026-3673

Name of the Vulnerable Software and Affected Versions Oracle Life Sciences Central Designer version 7.0.1.0 Description An easily exploitable issue affects Oracle Life Sciences Central Designer, allowing an unauthenticated attacker with network access via HTTP to compromise the system. Successful...

Oracle E-Business Suite security vulnerabilities

Oracle E-Business Suite is a comprehensive, integrated global business management software developed by Oracle Corporation in the United States. This software offers features such as customer relationship management, service management, and financial management. Vulnerabilities exist in versions...

Oracle Virtualization security vulnerabilities

Oracle Virtualization is a virtualization solution developed by Oracle, a company in the United States. This product is used for unified management of the entire hardware and software system, from applications to disks, enabling virtualization from desktops to data centers. VM VirtualBox is one o...

PT-2026-3718

Name of the Vulnerable Software and Affected Versions Oracle PeopleSoft Enterprise SCM Purchasing version 9.2 Description An easily exploitable issue exists in the Purchasing component of Oracle PeopleSoft Enterprise SCM Purchasing. A low-privileged attacker with network access via HTTP can...

PT-2026-3701

Name of the Vulnerable Software and Affected Versions Oracle PeopleSoft versions 8.60 through 8.62 Description A flaw exists in the Integration Broker component of Oracle PeopleSoft Enterprise PeopleTools. An unauthenticated attacker with network access via HTTP can compromise the system...

PT-2026-3675

Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u471, 8u471-b50, 8u471-perf Oracle Java SE version 11.0.29 Oracle Java SE version 17.0.17 Oracle Java SE version 21.0.9 Oracle Java SE version 25.0.1 Oracle GraalVM for JDK versions 17.0.17 and 21.0.9 Oracle GraalVM...

Oracle Financial Services Applications security vulnerabilities

Oracle Financial Services Applications is a set of financial services software developed by Oracle Corporation in the United States. This product includes core banking, online banking, and property management functions. FLEXCUBE Investor Servicing is a comprehensive solution component that provid...

PT-2026-3709

Name of the Vulnerable Software and Affected Versions Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in for Apache HTTP Server, and Oracle Weblogic Server Proxy Plug-in for IIS versions 12.2.1.4.0, 14.1.1.0.0, and 14.1.2.0.0 are affected. Description An easily exploitable vulnerability...

PT-2026-3693

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite versions 12.2.3 through 12.2.15 Description An easily exploitable issue exists in the Oracle Scripting product of Oracle E-Business Suite component: Scripting Admin. An unauthenticated attacker with network access via...

Oracle Hyperion security vulnerabilities

Oracle Hyperion is a financial modeling application developed by Oracle Corporation in the United States. This software provides functions such as financial settlement and report generation. A security vulnerability exists in the Oracle Planning and Budgeting Cloud Service version 25.04.07 of...

CVE-2025-15466 Image Photo Gallery Final Tiles Grid <= 3.6.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Gallery Management

The Image Photo Gallery Final Tiles Grid plugin for WordPress is vulnerable to unauthorized access and modification of data due to missing capability checks on multiple AJAX actions in all versions up to, and including, 3.6.9. This makes it possible for authenticated attackers, with...

CVE-2025-15534

A flaw was found in raylib. A local user could exploit an integer overflow vulnerability in the LoadFontData function. This flaw may lead to information disclosure, data modification, or denial of service, impacting the availability, integrity, and confidentiality of the application. Mitigation...

WordPress Float Payment Gateway plugin unauthorized data modification vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. An unauthorized data modification vulnerability exists in the WordPress Float Payment Gateway plugin that stems from mishandling of errors and can be exploited by an attacker to...

WordPress Aplazo Payment Gateway plugin missing privileges vulnerability

WordPress Aplazo Payment Gateway plugin is a payment gateway plugin for WooCommerce stores that allows customers to choose "buy now, pay later" payment method at the time of purchase. A lack of privileges vulnerability exists in WordPress Aplazo Payment Gateway plugin, which can be exploited by a...

WordPress Responsive Accordion Slider plugin unauthorized data modification vulnerability

WordPress Responsive Accordion Slider plugin is a WordPress plugin that combines the functionality of folding panels Accordion and rotating images Slider. The WordPress Responsive Accordion Slider plugin suffers from an unauthorized data modification vulnerability that stems from a lack of...

Injection

Overview Affected versions of this package are vulnerable to Injection via the REST Authenticate Endpoint in the Y9PlatformUtil.java file. An attacker can access, modify, or disrupt sensitive data by sending specially crafted requests to the affected endpoint. Remediation There is no fixed versio...

CVE-2025-14450

The Wallet System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'changewalletfundrequeststatuscallback' function in all versions up to, and including, 2.7.2. This makes it possible for authenticated attackers, with...

PT-2026-3346

The Phrase TMS Integration for WordPress plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp ajax delete log' AJAX endpoint in all versions up to, and including, 4.7.5. This makes it possible for authenticated attackers, with...