CVE-2026-47740

Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, Multiple Filament actions on the admin Order detail and Order shipments table were callable by an authenticated low-privilege user without the permission required to mutate orders. The order detail actions cancel, mark paid, mark...

CVE-2026-9808

An authorization bypass vulnerability exists in the Mautic 7 API v2 endpoints utilizing API Platform. Under certain conditions, roles configured with owner-scope restrictions such as viewown or editown are not properly enforced. This allows low-privilege authenticated API users to bypass...

Mautic 安全漏洞

Mautic is an open-source marketing automation software developed by Mautic. This software can monitor and manage websites, send emails, and manage customer resources. Version 7 of Mautic has a security vulnerability, which stems from an API v2 endpoint authorization bypass. This vulnerability cou...

EUVD-2026-33016

Vulnerability in the Oracle Flow Manufacturing product of Oracle E-Business Suite component: Security. Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via SQL to compromise Oracle Flow Manufacturing...

Oracle REST Data Services 安全漏洞

Oracle REST Data Services is a middleware tool provided by Oracle Corporation in the United States, which exposes features of the Oracle database to applications through RESTful APIs. Versions 24.2.0 to 26.1.0 of Oracle REST Data Services contain security vulnerabilities. These vulnerabilities st...

CVE-2026-8381

A broken access control vulnerability exists in the TeamViewer DEX Platform On‑Premises prior version 9.2. Certain backend API endpoints do not correctly enforce authorization checks, allowing an authenticated user with low privileges to perform actions and access resources intended only for...

TeamViewer DEX Platform On-Premises 安全漏洞

The TeamViewer DEX Platform On-Premises is a locally deployed digital employee experience management platform by the German company TeamViewer. Prior to version 9.2 of the TeamViewer DEX Platform On-Premises, there were security vulnerabilities. These vulnerabilities stemmed from incorrect...

CVE-2026-34930

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different process protection mechanism. Please note: an attacker must first obtain the ability to execute...

SAP NetWeaver AS ABAP Code Injection (3735359)

The version of SAP NetWeaver AS ABAP detected on the remote host is affected by a code injection vulnerability as referenced in SAP Security Note 3735359: - A code injection vulnerability exists in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform. An authenticated attacker with low...

EUVD-2026-27854

A vulnerability in the web-based management interface of Cisco IoT Field Network Director could allow an authenticated, remote attacker with low privileges to access files and execute commands on a remote router. This vulnerability is due to insufficient input validation of user-supplied data. An...

Moxa EDR-8010 Series和Moxa EDR-G9010 Series 安全漏洞

The Moxa EDR-8010 Series and Moxa EDR-G9010 Series are a series of security routers produced by Moxa Corporation from Taiwan, China. Both models have security vulnerabilities. These vulnerabilities stem from improper ownership management, allowing users with low privileges to access configuration...

Squidex 代码问题漏洞

Squidex is an open-source content management system developed by Squidex. Versions of Squidex prior to 7.23.0 had code vulnerabilities. These vulnerabilities stemmed from a lack of server-side request forgery protection in the Jint HTTP client. This could allow authenticated users with low...

CVE-2026-29647

In OpenXiangShan NEMU, insufficient Smstateen permission enforcement allows lower-privileged code to access IMSIC state via stopei/vstopei CSRs even when mstateen0.IMSIC is cleared, potentially enabling cross-context information leakage or disruption of interrupt handling...

PT-2026-34146

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications component: User Interface. Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows low privileged attacker...

Oracle PeopleSoft Enterprise HCM Shared Components 安全漏洞

Oracle PeopleSoft Enterprise HCM Shared Components is a set of common component modules for human resources systems developed by Oracle Corporation. Version 9.2 of Oracle PeopleSoft Enterprise HCM Shared Components contains a security vulnerability. This vulnerability stems from issues with the...

Oracle Financial Services Analytical Applications Infrastructure 安全漏洞

Oracle Financial Services Analytical Applications Infrastructure is a financial data analysis and modeling platform developed by Oracle Corporation. There is a security vulnerability in Oracle Financial Services Analytical Applications Infrastructure, which stems from issues with the Platform...

Oracle MySQL Server 安全漏洞

Oracle MySQL Server is a relational database management system developed by Oracle Corporation. There is a security vulnerability in Oracle MySQL Server, which stems from issues with the Server: Group Replication Plugin component. This vulnerability may allow attackers with low privileges to acce...

PT-2026-34124

Vulnerability in the PeopleSoft Enterprise FIN Contracts product of Oracle PeopleSoft component: Contracts. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Contracts...

Oracle Agile Product Lifecycle Management for Process 安全漏洞

Oracle Agile Product Lifecycle Management for Process is a product lifecycle management system designed for the process industry by Oracle Corporation. Version 6.2.4 of Oracle Agile Product Lifecycle Management for Process contains a security vulnerability. This vulnerability stems from issues wi...

NEMU 安全漏洞

NEMU is an open-source teaching system simulator developed by XiangShan. NEMU has a security vulnerability, which stems from insufficient Smstateen permissions. This vulnerability may allow low-privilege code access to IMSIC state, potentially leading to cross-context information leaks or...