Oracle Payments 安全漏洞

Oracle Payments is a corporate payment processing and fund management platform owned by Oracle Corporation in the United States. Vulnerabilities exist in versions 12.2.3 to 12.2.15 of Oracle Payments, stemming from issues with the File Transmission component. These vulnerabilities could allow...

PT-2026-44708

Improper handling of symbolic links in the installer of My Image Garden for macOS Version 3.6.8 or earlier may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of files for which they would not normally have...

Atlassian Confluence 8.9.0 < 9.2.20 / 9.3.1 < 10.2.11 (CONFSERVER-103712)

The version of Atlassian Confluence Server running on the remote host is affected by a vulnerability as referenced in the CONFSERVER-103712 advisory. - This injection vulnerability allows an unauthenticated attacker to modify the actions taken by a system call which has no impact to...

Oracle REST Data Services 安全漏洞

Oracle REST Data Services is a middleware tool provided by Oracle Corporation in the United States, which exposes features of the Oracle database to applications through RESTful APIs. Versions 24.2.0 to 26.1.0 of Oracle REST Data Services have security vulnerabilities. These vulnerabilities stem...

Oracle Internet Procurement Connector 安全漏洞

The Oracle Internet Procurement Connector is a corporate procurement system integration and data exchange component developed by Oracle, a company in the United States. Versions 12.2.3 to 12.2.15 of the Oracle Internet Procurement Connector contain security vulnerabilities. These vulnerabilities...

Oracle Financials Common Modules 安全漏洞

Oracle Financials Common Modules is a suite of enterprise financial management shared functionality modules provided by Oracle, a company in the United States. Versions 12.2.3 to 12.2.15 of Oracle Financials Common Modules contain security vulnerabilities. These vulnerabilities stem from issues...

PT-2026-44383

phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in API v4.0 where the default empty api.apiClientToken allows unauthenticated users to create and modify FAQ entries. Attackers can send an empty x-pmf-token header to bypass token validation and inject malicious content via PO...

PT-2026-44516

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite Oracle Financials Common Modules versions 12.2.3 through 12.2.15 Description An issue in the Common Components of the Oracle Financials Common Modules allows a low privileged attacker with network access via HTTP to...

PT-2026-44523

Vulnerability in the Oracle Payroll product of Oracle E-Business Suite component: Internal Operations. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Payroll. Successful...

PT-2026-44208

The 3D Viewer – 3D Model Viewer – Augmented Reality – Virtual Try On plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 2.0.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

CVE-2026-45083 Goobi viewer: Unauthenticated Solr Streaming Expression Proxy

The Goobi viewer is a web application that allows digitised material to be displayed in a web browser. From 4.8.0 to before 26.04.1, the Goobi viewer REST endpoint POST /api/v1/index/stream accepted an arbitrary Solr streaming expression from unauthenticated network clients and forwarded it to th...

WordPress Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin <= 1.6.11.8 - Missing Authorization to Unauthenticated Arbitrary Modification vulnerability

Missing Authorization to Unauthenticated Arbitrary Modification vulnerability discovered by winrace in WordPress Plugin Simply Schedule Appointments versions = 1.6.11.8...

WordPress Visualizer: Tables and Charts Manager for WordPress plugin <= 3.11.14 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Chart Creation and Modification vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Chart Creation and Modification vulnerability discovered by davidfdzmorilla in WordPress Plugin Visualizer versions = 3.11.14...

CVE-2026-45942

In the Linux kernel, the following vulnerability has been resolved: ext4: fix e4b bitmap inconsistency reports A bitmap inconsistency issue was observed during stress tests under mixed huge-page workloads. Ext4 reported multiple e4b bitmap check failures like: ext4mbcomplexscangroup:2508: group...

CVE-2026-2340 Samba: vfs_worm does not block directory modification

A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

CVE-2026-2340

A flaw was found in Samba’s vfsworm module. The module is intended to provide write-once, read-many WORM protections by preventing modification of files after a configurable grace period. Due to insufficient validation during rename operations, an authenticated user with write access to a share...

CVE-2026-49002

Access control failure means that an application does not effectively check user access permissions, so that unauthorized users can access system data beyond their permissions, such as viewing and modifying configuration information...

CVE-2026-40824

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view userid parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table...

CVE-2026-40825

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the accountstatus view devices parameter due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical table...

EUVD-2026-32159

A high privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the admin.mbnetj.php files UpdateParam function due to improper neutralization of special elements in a SQL UPDATE command allowing for reading the whole database and changing values in a non critical...