17481 matches found
Arbitrary Code Injection
Overview Crawl4AI is a 🚀🤖 Crawl4AI: Open-source LLM Friendly Web Crawler & scraper Affected versions of this package are vulnerable to Arbitrary Code Injection via the browserconfig.extraargs parameter in API requests. An attacker can execute arbitrary commands as the container's runtime user by...
XML External Entity (XXE) Injection
Overview Affected versions of this package are vulnerable to XML External Entity XXE Injection through the saxonTransform function that uses unhardened net.sf.saxon.TransformerFactoryImpl method. An attacker can access sensitive local files or trigger arbitrary HTTPS requests from the host by...
EUVD-2026-37646
Use of Hard-coded Credentials vulnerability in Mitsubishi Electric Room Air Conditioners for Japan and outside Japan; Wireless LAN Adapters for Room Air Conditioners for Japan and outside Japan; Wireless LAN Adapters for Packaged Air Conditioners for Japan and outside Japan; Refrigerators for...
CVE-2026-46977
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: VMSVGA device. The supported version that is affected is 7.2.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...
CVE-2026-46979
Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft component: Integration and Interfaces. The supported version that is affected is 9.2.38. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise...
CVE-2026-46949
Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
CVE-2026-46914
Vulnerability in the Oracle Solaris product of Oracle Systems component: Filesystem. The supported version that is affected is 11.4. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris...
CVE-2026-46877
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: VMSVGA device. The supported version that is affected is 7.2.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise...
CVE-2026-46866
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Agent Next Gen. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle...
CVE-2026-46871
Vulnerability in the MySQL Shell product of Oracle MySQL component: Shell for VS Code. The supported version that is affected is 2026.2.0+9.6.1. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Shell. Successful attacks...
CVE-2026-46848
Vulnerability in the WebLogic Server product of Oracle Fusion Middleware component: Console. Supported versions that are affected are 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where WebLogic Server executes to...
CVE-2026-46806
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware component: Content Server. The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle WebCenter Content...
CVE-2026-46785
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware component: Content Server. The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebCenter Content...
CVE-2026-5667
Technical details (affected models, root cause specifics, versions, and fixes) are not publicly available in the provided documents. Monitor for updates as more information may be released.
CVE-2026-35327
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware component: Content Server. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle...
CVE-2026-35275
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Shared Folders. The supported version that is affected is 7.2.8. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromi...
CVE-2026-35258
Vulnerability in the WebLogic Server product of Oracle Fusion Middleware component: Console. Supported versions that are affected are 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise WebLogic Server. Successful...
Vulnerabilities in Oracle JD Edwards EnterpriseOne
Oracle has identified several vulnerabilities in Oracle JD Edwards EnterpriseOne, including the modules Tools, Accounts Payable, Human Resources Management, General Ledger, Order Promising, and Project Costing, specifically for versions 9.2.0.0 to 9.2.26.2. These vulnerabilities enable attackers ...
RockyLinux 8 : webkit2gtk3 (RLSA-2026:25918)
The remote RockyLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:25918 advisory. webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash CVE-2026-28946 webkitgtk: Processing maliciously crafted we...
CVE-2026-48294
Adobe Acrobat PDF Extension Chrome versions 26.5.2.2 and earlier are affected by a UXSS-class cross-origin data disclosure vulnerability. An attacker could exploit this vulnerability to gain access to data regarding the victim's session. Exploitation of this issue requires user interaction in tha...