CVE-2026-34296

Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain component: Product Quality Management. The supported version that is affected is 6.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

CVE-2026-41935

Vvveb before 1.0.8.3 contains an uncontrolled recursion vulnerability in the admin controller dispatch cycle where Base::init repeatedly invokes permission on error handlers, causing infinite recursion until PHP memory limits are exhausted. Attackers can send sustained requests to forbidden admin...

CVE-2026-46826

Vulnerability in the Oracle Payroll product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Payroll. Successful...

EUVD-2026-34183

Active IQ Config Advisor version 6.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations...

CVE-2026-22055

Active IQ OneCollect version 2.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations...

CVE-2026-22054

Active IQ Config Advisor version 6.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations...

CVE-2026-22054

Active IQ Config Advisor version 6.7.3 contains hard-coded credentials that could allow an authenticated attacker with low privileges to perform unauthorized AutoSupport operations...

CVE-2026-46824

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Site Level Administration. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromi...

EUVD-2026-33046

Vulnerability in the Oracle Public Sector Financials International product of Oracle E-Business Suite component: Authorization. Supported versions that are affected are 12.2.6-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Orac...

CVE-2026-46822

Vulnerability in the Oracle iAssets product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iAssets. While the...

PT-2026-44517

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite Oracle Financials Common Modules versions 12.2.3 through 12.2.15 Description An issue in the Common Components component of Oracle Financials Common Modules allows a low privileged attacker with network access via HTTP ...

CVE-2026-40845

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the devicesconfiguration view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

CVE-2026-40849

The CVE-2026-40849 entry describes an unauthenticated SQL Injection in the user_alarmprofile view that can be exploited by a low-privileged remote attacker due to improper neutralization of special elements in a SQL SELECT command. This leads to a total loss of confidentiality. Documented impact ...

CVE-2026-40845 Authenticated SQLi in devices_configuration view

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the devicesconfiguration view due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

MB Connect Line mbCONNECT24和MB Connect Line mymbCONNECT24 SQL注入漏洞

MB Connect Line mbCONNECT24 and MB Connect Line mymb CONNECT24 are products of the German company MB Connect Line. MB Connect Line mbCONNECT24 is a remote service portal. This product supports features such as remote access, data recording, and alerts. MB Connect Line mymbCONNECT24 is an internal...

CVE-2025-32751

Dell PowerFlex Manager, versions =4.6.2, contains an Insecure Storage of Sensitive Information vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to unauthorized access to sensitive information...

CVE-2026-7836

A flaw was found in Netatalk. A remote attacker with low privileges could exploit a bug in the hextoint macro related to uppercase characters. This vulnerability could lead to a low impact on data integrity...

CVE-2025-0044

An out-of-bounds read in power management firmware by a malicious local attacker with low privileges could potentially lead to a partial loss of confidentiality and availability...

Authorization Bypass

github.com/juju/juju is vulnerable to Authorization Bypass. The vulnerability is due to insufficient authorization checks in the Controller facade CloudSpec API method, which allows a low-privileged authenticated attacker to access sensitive cloud credentials...

EUVD-2026-29781

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may ...