CVE-2026-10789

A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current...

CVE-2026-10789 MCP Extension Code Injection Vulnerability in Autodesk Fusion Desktop

A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current...

EUVD-2026-38328

A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current...

CVE-2026-10789

Summary: CVE-2026-10789 is a code-injection vulnerability in the MCP extension for Autodesk Fusion Desktop. A malicious webpage visited by a user with Fusion Desktop running and MCP enabled can trigger arbitrary code execution with the current user’s privileges. The CVSS 3.1 score is 9.6 (CRITICA...

CVE-2026-10789

A maliciously crafted webpage, when visited by a user with Autodesk Fusion Desktop running and the MCP extension enabled, can trigger a vulnerability in the MCP extension that could allow arbitrary code execution. A successful exploit may allow code to execute with the privileges of the current...

Oracle Fusion Middleware WebCenter Sites - Cross-Site Scripting

The Oracle WebCenter Sites component of Oracle Fusion Middleware is susceptible to multiple instances of cross-site scripting that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebCenter Sites. Impacted versions that are affected are 11.1.1.8.0, 12.2.1.2....

Oracle Business Intelligence - Path Traversal

Oracle Business Intelligence versions 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0 are vulnerable to path traversal in the BI Publisher formerly XML Publisher component of Oracle Fusion Middleware subcomponent: BI Publisher Security. id: CVE-2019-2588 info: name: Oracle Business Intelligence - Path...

Oracle WebLogic Server - Remote Code Execution

The Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS - Web Services is susceptible to a remote code execution vulnerability that is easily exploitable and could allow unauthenticated attackers with network access via HTTP to compromise the server. Supported versions...

PHP-Fusion 9.03.50 - Remote Code Execution

PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user not admin to send a crafted request to the server and perform remote command execution. id: CVE-2020-24949 info: name: PHP-Fusion 9.03.50 - Remote Code Execution author: geeknik severity: high description: PHP-Fusion 9.03.50...

Oracle Fusion Middleware Weblogic Server - Remote OS Command Execution

The Oracle WebLogic Server component of Oracle Fusion Middleware Web Services versions 10.3.6.0, 12.1.3.0, 12.2.1.0, 12.2.1.1 and 12.2.1.2 is susceptible to a difficult to exploit vulnerability that could allow unauthenticated attackers with network access via HTTP to compromise Oracle WebLogic...

CVE-2026-8713

The Avada Fusion Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the maybedeletefiles function in all versions up to, and including, 3.15.3. This makes it possible for unauthenticated attackers to delete arbitrary files on the...

CVE-2026-8713

The CVE-2026-8713 vulnerability affects Avada (Fusion) Builder for WordPress up to version 3.15.3, where the maybe_delete_files() path handling allows path traversal to delete files (e.g., wp-config.php) via a form entry value. An unauthenticated attacker can submit a crafted payload through the ...

Oracle Coherence (June 2026 CPU)

The 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0 versions of Coherence installed on the remote host are affected by multiple vulnerabilities as referenced in the June 2026 CPU advisory. - Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware component: Core. Supported...

WordPress Avada (Fusion) Builder plugin <= 3.15.3 - Unauthenticated Arbitrary File Deletion via Form Entry Value vulnerability

Unauthenticated Arbitrary File Deletion via Form Entry Value vulnerability discovered by daroo in WordPress Plugin Fusion Builder versions = 3.15.3...

EUVD-2026-37715

Contributor Arbitrary File Deletion in Fusion Builder = 3.15.4 versions...

CVE-2026-54193

Contributor Arbitrary File Deletion in Fusion Builder = 3.15.4 versions...

CVE-2026-54194

Contributor PHP Object Injection in Fusion Builder = 3.15.4 versions...

CVE-2026-54193 WordPress Fusion Builder plugin <= 3.15.4 - Arbitrary File Deletion vulnerability

Contributor Arbitrary File Deletion in Fusion Builder = 3.15.4 versions...

CVE-2026-46847

Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware component: Runtime Tools. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle WebCent...

CVE-2026-46848

Vulnerability in the WebLogic Server product of Oracle Fusion Middleware component: Console. Supported versions that are affected are 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where WebLogic Server executes to...