CVE-2026-34298

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Personalization. Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Application...

ROS-20260605-73-0056

The vulnerabilities of Mozilla Firefox, Firefox ESR, and the email client Thunderbird are related to insufficient validation of input data. Exploiting these vulnerabilities can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECTION24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymb CONNECTION24 is an...

CVE-2026-44053

A flaw was found in Netatalk. Weak cryptography in the dhcast128 User Authentication Module UAM allows a remote attacker to potentially compromise the confidentiality and integrity of data. This vulnerability could enable unauthorized access to sensitive information or allow for the manipulation ...

Astra Linux - уязвимость в openjdk-11

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition, and Oracle GraalVM for JDK products of Oracle Java SE component: Hotspot. The supported versions affected by this vulnerability are Oracle Java SE: 8u371-perf, 11.0.19, 17.0.7, 20.0.1; Oracle GraalVM Enterprise Edition:...

Astra Linux - уязвимость в openjdk-11

A vulnerability exists in Oracle Java SE, Oracle GraalVM for JDK, and Oracle GraalVM Enterprise Edition products of Oracle Java SE component: Hotspot. The versions affected include Oracle Java SE: 8u411, 8u411-perf, 11.0.23, 17.0.11, 21.0.3, 22.0.1; Oracle GraalVM for JDK: 17.0.11, 21.0.3, 22.0.1...

OpenSSH: OpenSSH: Information disclosure due to unintended cryptographic algorithm usage

A flaw was found in OpenSSH. This vulnerability allows the system to use unintended Elliptic Curve Digital Signature Algorithm ECDSA algorithms. This occurs because the configuration for accepted public key algorithms is misinterpreted, leading to the use of weaker cryptographic methods than...

EUVD-2026-29365

SAP Financial Consolidation allows an authenticated attacker to disconnect other users by terminating their sessions temporarily preventing access. However, the application itself cannot be compromised resulting in a low impact on availability. There is no impact on confidentiality and integrity ...

SAP NetWeaver Application Server ABAP 跨站脚本漏洞

SAP NetWeaver Application Server ABAP is a platform used by SAP, a German company, for the operation and development of applications written in the ABAP language. SAP NetWeaver Application Server ABAP has a cross-site scripting vulnerability. This vulnerability stems from reflective cross-site...

Astra Linux – Vulnerability in imagemagick

A flaw was discovered in ImageMagick in versions prior to 7.0.11. There is a potential for a cipher leak when calculating signatures using TransformSignature. The greatest threat of this vulnerability is related to data confidentiality...

Astra Linux - уязвимость в linux

A flaw was discovered in the Linux kernel. A memory use-after-free vulnerability was identified in the perf subsystem, allowing a local attacker with permission to monitor perf events, thereby corrupting memory and potentially escalating privileges. The most significant threat of this vulnerabili...

Astra Linux - уязвимость в linux

A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The...

EUVD-2026-24373

Vulnerability in the Oracle Identity Manager Connector product of Oracle Fusion Middleware component: Core. The supported version that is affected is 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Identity Manager...

CVE-2026-35241

Vulnerability in the PeopleSoft Enterprise CS Student Records product of Oracle PeopleSoft component: Research Tracking. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise ...

openjdk: Improve JMX connections (Oracle CPU 2026-01)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: RMI. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and...

CVE-2025-42891

Due to a missing authorization check in SAP Enterprise Search for ABAP, an attacker with high privileges may read and export the contents of database tables into an ABAP report. This could lead to a high impact on data confidentiality and a low impact on data integrity. There is no impact on...

EUVD-2025-202313

An issue was discovered in the PCI Express PCIe Integrity and Data Encryption IDE specification, where insufficient guidance on re-keying and stream flushing during device rebinding may allow stale write transactions from a previous security context to be processed in a new one. This can lead to...

GHSA-F556-49JC-4RVC Ansible does not collect garbage after playbook run

A flaw was found in Ansible Base when using the awsssm connection plugin as its garbage collector is not happening after the playbook run is completed. Files would remain in the bucket exposing the data. This issue directly affects data confidentiality...

Vulnerabilities fixed in Oracle PeopleSoft

Oracle has fixed vulnerabilities in Oracle PeopleSoft Specifically for versions 8.60, 8.61, 8.62 and 9.2. The vulnerabilities in Oracle PeopleSoft allow attackers to gain unauthorized access to sensitive data and can lead to data manipulation. This includes vulnerabilities that allow both low- an...

EUVD-2025-31101

Malicious code in bioql PyPI...