PT-2026-29363

Name of the Vulnerable Software and Affected Versions AVideo versions 26.0 and prior Description AVideo is an open source video platform. The installation script, install/deleteSystemdPrivate.php, contains a PHP operator precedence bug in its command-line interface CLI-only access guard. The guar...

CVE-2025-60949

Census CSWeb 8.0.1 allows "app/config" to be reachable via HTTP in some deployments. A remote, unauthenticated attacker could send requests to configuration files and obtain leaked secrets. Fixed in 8.1.0 alpha...

PT-2026-27212

Name of the Vulnerable Software and Affected Versions Census CSWeb versions prior to 8.1.0 alpha Description The software allows the app/config directory to be accessed via HTTP in certain setups. An unauthenticated remote attacker can request configuration files and potentially obtain sensitive...

Census CSWeb multiple vulnerabilities

RISK EVALUATION Census CSWeb allows a remote, authenticated attacker to perform actions such as path traversal, arbitrary file upload and stored XSS. An unauthenticated attacker could also send requests to configuration files in some deployments. 2. RECOMMENDED PRACTICES Update to 8.1.0 alpha...

Oracle E-Business Suite 12.2.3–12.2.14 – Remote Code Execution

Oracle Concurrent Processing 12.2.3-12.2.14 contains a remote code execution caused by unauthenticated network access via HTTP, letting unauthenticated attackers fully compromise the system, exploit requires network access via HTTP. id: CVE-2025-61882 info: name: Oracle E-Business Suite...

Oracle Access Manager (January 2026 CPU)

The 12.2.1.4.0 and 14.1.2.1.0 versions of Access Manager installed on the remote host are affected by multiple vulnerabilities as referenced in the January 2026 CPU advisory. - Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Webserver Plugin Intel C++...

CVE-2026-21943

Vulnerability in the Oracle Scripting product of Oracle E-Business Suite component: Scripting Admin. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful...

CVE-2026-21944

Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain component: Product Quality Management. The supported version that is affected is 6.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

CVE-2026-21960

Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite component: Java utils. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications DBA...

CVE-2026-21971

Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft component: Purchasing. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM...

CVE-2026-21959

Vulnerability in the Oracle Workflow product of Oracle E-Business Suite component: Workflow Loader. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Workflow. Successful...

CVE-2026-21946

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are 9.2.0.0-9.2.26.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...

EUVD-2026-3542

Vulnerability in the Oracle Life Sciences Central Designer product of Oracle Health Sciences Applications component: Platform. The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Life...

EUVD-2026-3541

Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft component: Purchasing. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM...

EUVD-2026-3552

Vulnerability in the Oracle Applications DBA product of Oracle E-Business Suite component: Java utils. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications DBA...

EUVD-2026-3565

Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain component: Product Quality Management. The supported version that is affected is 6.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

EUVD-2026-3534

Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications component: Relationship Pricing. Supported versions that are affected are 14.0.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

EUVD-2026-3578

Vulnerability in the Oracle APEX Sample Applications product of Oracle APEX component: Brookstrut Sample App. Supported versions that are affected are 23.2.0, 23.2.1, 24.1.0, 24.2.0 and 24.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

CVE-2026-21969

Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain component: Supplier Portal. The supported version that is affected is 6.2.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2026-21951

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Integration Broker. Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...