CVE-2026-35232

Vulnerability in Oracle Fusion Middleware component: Dynamic Monitoring Service. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Fusion Middleware. Successful...

CVE-2026-34324

Vulnerability in the Oracle Life Sciences InForm product of Oracle Life Science Applications component: App Server. Supported versions that are affected are 7.0.1.0 and 7.0.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life...

CVE-2026-34298

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Personalization. Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Application...

Oracle Identity Manager Connector 安全漏洞

Oracle Identity Manager Connector is an identity management integration component developed by Oracle, a US-based company. Version 12.2.1.4.0 of Oracle Identity Manager Connector contains a security vulnerability. This vulnerability stems from issues with the Core component, which may allow...

PT-2026-34075

Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft component: Employee Snapshot. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise...

Oracle PeopleSoft Enterprise PeopleTools 安全漏洞

Oracle PeopleSoft Enterprise PeopleTools is a technology provided by Oracle Corporation in the United States, designed to keep PeopleSoft applications in sync with user needs and expectations. There were security vulnerabilities in the versions of Oracle PeopleSoft Enterprise PeopleTools 8.61 to...

Oracle Financial Services Analytical Applications Infrastructure 安全漏洞

Oracle Financial Services Analytical Applications Infrastructure is a financial data analysis and modeling platform developed by Oracle Corporation. There is a security vulnerability in Oracle Financial Services Analytical Applications Infrastructure, which stems from issues with the Platform...

Oracle Identity Manager Connector 安全漏洞

Oracle Identity Manager Connector is an identity management integration component developed by Oracle, a US-based company. Version 12.2.1.4.0 of Oracle Identity Manager Connector contains a security vulnerability. This vulnerability stems from issues with the Core component, which may allow...

Oracle Business Process Management Suite 安全漏洞

Oracle Business Process Management Suite is a business process management platform provided by Oracle, a company in the United States. Versions 12.2.1.4.0 and 14.1.2.0.0.0 of the Oracle Business Process Management Suite contain security vulnerabilities. These vulnerabilities stem from issues with...

EUVD-2026-23798

EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2026-5964 Digiwin｜EasyFlow .NET - SQL Injection

EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

CVE-2026-5963 Digiwin｜EasyFlow .NET - SQL Injection

EasyFlow .NET developed by Digiwin has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents...

AVEVA Pipeline Simulation

RISK EVALUATION Successful exploitation of this vulnerability could allow an unauthenticated attacker to modify simulation parameters, training configuration and training records. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...

CVE-2026-27681

Due to insufficient authorization checks in SAP Business Planning and Consolidation and SAP Business Warehouse, an authenticated user can execute crafted SQL statements to read, modify, and delete database data. This leads to a high impact on the confidentiality, integrity, and availability of th...

EUVD-2026-22140

Due to an Insecure session management vulnerability in SAP Business Objects Business Intelligence Platform, an unauthenticated attacker could obtain valid session tokens and reuse them to gain unauthorized access to a victim�s session. If the application continues to accept previously issued toke...

CVE-2026-38532

A Broken Object-Level Authorization BOLA in the /Contact/Persons/PersonController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily read, modify, and permanently delete any contact owned by other users via supplying a crafted GET request...

CVE-2026-5300

Unauthenticated functionality in CoolerControl/coolercontrold 4.0.0 allows unauthenticated attackers to view and modify potentially sensitive data via HTTP requests...

CVE-2026-5300 Missing Authentication for Critical Function in coolercontrold

Unauthenticated functionality in CoolerControl/coolercontrold 4.0.0 allows unauthenticated attackers to view and modify potentially sensitive data via HTTP requests...

CoolerControl 访问控制错误漏洞

CoolerControl is an open-source control software for cooling devices developed by CoolerControl. Versions of CoolerControl prior to 4.0.0 contained a access control vulnerability. This vulnerability stemmed from unvalidated functions, which could allow unauthenticated attackers to view and modify...

CVE-2026-39334

ChurchCRM contains a blind SQL injection in SettingsIndividual.php affecting 7.0.5, exploitable by authenticated users with low privileges via the type array parameter. The issue allows extraction and modification of database content and is fixed in 7.1.0. The available documents provide the affe...