Oracle Identity Manager Connector 安全漏洞

Oracle Identity Manager Connector is an identity management integration component developed by Oracle, a US-based company. Version 12.2.1.4.0 of Oracle Identity Manager Connector contains a security vulnerability. This vulnerability stems from issues with the Core component, which may allow...

PT-2026-34013

An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permissions validation...

PT-2026-34133

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Security. Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools...

Oracle HTTP Server 安全漏洞

Oracle HTTP Server is a web server component of Oracle’s Fusion Middleware, developed by Oracle Corporation in the United States. Versions 12.2.1.4.0 and 14.1.2.0.0.0 of Oracle HTTP Server contain security vulnerabilities. These vulnerabilities stem from issues with Core components, which may all...

CVE-2026-31014

Dovestones Softwares AD Self Update 4.0.0.5 is vulnerable to Cross Site Request Forgery CSRF. The affected endpoint processes state-changing requests without requiring a CSRF token or equivalent protection. The endpoint accepts application/x-www-form-urlencoded requests, and an originally...

Oracle Life Sciences Empirica Signal 安全漏洞

Oracle Life Sciences Empirica Signal is a drug safety signal detection platform developed by Oracle Corporation. Versions 9.2.1 to 9.2.3 of Oracle Life Sciences Empirica Signal contain security vulnerabilities. These vulnerabilities stem from issues with the Common Core component, allowing...

PT-2026-34111

Name of the Vulnerable Software and Affected Versions Oracle Identity Manager Connector version 12.2.1.4.0 Description An issue in the Core component of Oracle Fusion Middleware allows an unauthenticated attacker with network access via HTTPS to compromise the system. This can lead to unauthorize...

PT-2026-34101

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Fluid Core. Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise...

PT-2026-34108

Vulnerability in the Oracle Business Process Management Suite product of Oracle Fusion Middleware component: Human workflow 11g+. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

Oracle Configurator 安全漏洞

Oracle Configurator is a product service provided by Oracle Corporation in the United States. It enables proactive collection of customer needs and management for Oracle products. This service is part of systems such as the Oracle Ordering System and the Oracle Customer Management System. Version...

Oracle Identity Manager Connector 安全漏洞

Oracle Identity Manager Connector is an identity management integration component developed by Oracle, a US-based company. Version 12.2.1.4.0 of Oracle Identity Manager Connector contains a security vulnerability. This vulnerability stems from issues with the Microsoft Active Directory components...

PT-2026-34093

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Portal. Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools...

Oracle VM VirtualBox 安全漏洞

Oracle VM VirtualBox is a virtual machine management software developed by Oracle Corporation. Version 7.2.6 of Oracle VM VirtualBox contains a security vulnerability. This vulnerability stems from issues with the Core component, which may allow attackers with high privileges to log in and execut...

PT-2026-34107

Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware component: Identity Console. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...

PT-2026-34137

Name of the Vulnerable Software and Affected Versions Oracle Financial Services Analytical Applications Infrastructure versions 8.0.7.9, 8.0.8.7 and 8.1.2.5 Description An issue in the Platform component allows a low privileged attacker with network access via HTTP to compromise the system...

Oracle User Management 安全漏洞

Oracle User Management is a user management system developed by Oracle, a company in the United States. There are security vulnerabilities in versions 12.2.7 to 12.2.15 of Oracle User Management. These vulnerabilities stem from issues with the Workflow and Business Events component. They may allo...

PT-2026-34090

Vulnerability in the PeopleSoft Enterprise HCM Absence Management product of Oracle PeopleSoft component: Absence Management. The supported version that is affected is 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft...

Zeon Academy Pro SQL注入漏洞

Zeon Academy Pro is an online learning and training management platform developed by the Indian company Zeon. Zeon Academy Pro has a SQL injection vulnerability. This vulnerability stems from the parameter “phonenumber” in the file /private/continue-upload.php, which allows attackers to retrieve,...

Oracle Financial Services Analytical Applications Infrastructure 安全漏洞

Oracle Financial Services Analytical Applications Infrastructure is a financial data analysis and modeling platform developed by Oracle Corporation. Versions 8.0.7.9, 8.0.8.7, and 8.1.2.5 of Oracle Financial Services Analytical Applications Infrastructure contain security vulnerabilities. These...

CVE-2026-4666

The wpForo Forum plugin for WordPress is vulnerable to unauthorized modification of data due to the use of extract$args, EXTROVERWRITE on user-controlled input in the edit method of classes/Posts.php in all versions up to, and including, 2.4.16. The postedit action handler in Actions.php passes...