CVE-2026-35294

Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware component: Mainframe Connectors. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

CVE-2026-35269

Vulnerability in the Identity Manager product of Oracle Fusion Middleware component: REST WebServices. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager...

CVE-2026-35268

Vulnerability in the Identity Manager product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via T3, IIOP to compromise Identity Manager. While the...

CVE-2026-35261

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Authentication Engine. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

CVE-2026-35265

Vulnerability in the Identity Manager product of Oracle Fusion Middleware component: Security. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager. Successfu...

CVE-2026-35267

Vulnerability in the Identity Manager product of Oracle Fusion Middleware component: REST WebServices. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager...

ROOT-APP-NPM-CVE-2022-25883 CVE-2022-25883 in @rootio/semver - Patched by Root

Root has patched CVE-2022-25883 in the @rootio/semver package for Root:npm. Multiple fixed versions available...

CVE-2026-22335

The CVE CVE-2026-22335 affects WordPress: WooCommerce Frontend Manager – Ultimate (wc-frontend-manager-ultimate) versions below 6.7.7. It is a SQL Injection vulnerability exploitable by an authenticated subscriber, with a CVSS base score of 8.5 per Patchstack (high impact: confidentiality) and 6....

CVE-2026-22335 WordPress WooCommerce Frontend Manager – Ultimate plugin < 6.7.7 - SQL Injection vulnerability

Subscriber SQL Injection in WooCommerce Frontend Manager – Ultimate 6.7.7 versions...

Vulnerabilities in Oracle Fusion Middleware products

Oracle has identified several vulnerabilities in various products within the Oracle Fusion Middleware suite, including WebLogic Server, WebCenter Content, WebCenter Sites, WebCenter Portal, WebCenter Enterprise Capture, Identity Manager, Identity Manager Connector, Access Manager, Coherence,...

Vulnerabilities are managed in Oracle Enterprise Manager

Oracle has identified several vulnerabilities in Oracle Enterprise Manager versions 13.5 and 24.1. The vulnerabilities in Oracle Enterprise Manager Base Platform versions 13.5 and 24.1 allow an attacker with low or no privileges, and access via HTTP or HTTPS, to gain complete control over the...

ROOT-APP-NPM-CVE-2026-2391 CVE-2026-2391 in @rootio/qs - Patched by Root

Root has patched CVE-2026-2391 in the @rootio/qs package for Root:npm. Multiple fixed versions available...

CVE-2026-0063

In setAllowedCarriers of PhoneInterfaceManager.java, there is a possible way to disable carrier restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0063

In setAllowedCarriers of PhoneInterfaceManager.java, there is a possible way to disable carrier restrictions due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

ROOT-APP-NPM-CVE-2022-24772 CVE-2022-24772 in @rootio/node-forge - Patched by Root

Root has patched CVE-2022-24772 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

ROOT-APP-NPM-CVE-2025-12816 CVE-2025-12816 in @rootio/node-forge - Patched by Root

Root has patched CVE-2025-12816 in the @rootio/node-forge package for Root:npm. Multiple fixed versions available...

CVE-2026-0092

The CVE-2026-0092 entry is tied to the Android Package Manager and describes a device lock controller bypass caused by a missing permission check. The underlying issue enables local escalation of privilege with no extra execution privileges and requires no user interaction. The impact is describe...

CVE-2026-0092

In Package Manager, there is a possible device lock controller bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-8494 Permalink Manager Lite <= 2.5.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Title

The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in the admin URI Editor interface in all versions up to, and including, 2.5.3.3 due to insufficient output escaping. This makes it possible for authenticated attackers, with...

CVE-2026-8494

The Permalink Manager Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via post titles in the admin URI Editor interface in all versions up to, and including, 2.5.3.3 due to insufficient output escaping. This makes it possible for authenticated attackers, with...