CVE-2026-8494

The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in the admin URI Editor interface in all versions up to, and including, 2.5.3.3 due to insufficient output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-22335

Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate 6.7.7 versions...

CVE-2026-0092

In Package Manager, there is a possible device lock controller bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

ROOT-APP-NPM-CVE-2026-33916 CVE-2026-33916 in @rootio/handlebars - Patched by Root

Root has patched CVE-2026-33916 in the @rootio/handlebars package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2026-33937 CVE-2026-33937 in @rootio/handlebars - Patched by Root

Root has patched CVE-2026-33937 in the @rootio/handlebars package for Root:npm. Multiple fixed versions available...

CVE-2026-10839

CVE-2026-10839 describes an open redirect in the Password Manager authentication system. The vulnerability arises from manipulation of the X-Forwarded-Host header to alter generated URLs, potentially redirecting authenticated users to malicious sites after login. Impact is limited to confidential...

CVE-2026-10837

CVE-2026-10837 describes an open redirection vulnerability in a Password Manager caused by insufficient validation of the X-Forwarded-Host header. The issue allows an attacker to craft links that, when clicked by a victim, redirect to attacker-controlled domains, enabling phishing or deception wh...

CVE-2026-10836

The CVE-2026-10836 entry concerns a vulnerability in Password Manager where improper neutralization of HTTP headers allows an attacker to manipulate the Host header via crafted requests. This can lead to generation of manipulated links or responses and potentially cause limited information disclo...

CVE-2026-46956

Vulnerability in the Oracle Property Manager product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Property...

CVE-2026-46925

Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM component: Siebel Cloud Manager. Supported versions that are affected are 17.0-26.5. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the...

CVE-2026-46926

Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM component: Siebel Cloud Manager. Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Siebel CRM Cloud Applications...

CVE-2026-46920

Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM component: Siebel Cloud Manager. Supported versions that are affected are 17.0-26.5. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Cloud...

CVE-2026-46919

Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM component: Siebel Cloud Manager. Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Siebel CRM Cloud...

CVE-2026-46921

Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM component: Siebel Cloud Manager. Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel CRM Cloud...

CVE-2026-46875

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Deployment Library. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise...

CVE-2026-46866

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Agent Next Gen. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle...

CVE-2026-46864

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Agent Next Gen. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows low privileged attacker with network access via SSH to compromise Oracle...

CVE-2026-46867

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Extensibility Framework. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromis...

CVE-2026-46865

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Extensibility Framework. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where...

CVE-2026-46868

Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Extensibility Framework. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromis...