CVE-2026-47907

Dreamweaver Desktop (Windows/macOS) version 21.7 and earlier is affected by an Improper Access Control vulnerability that permits arbitrary file system read outside the intended scope. The root cause is an access-control weakness that allows an attacker to access sensitive files and directories i...

CVE-2026-46841

Vulnerability in Oracle REST Data Services component: General. Supported versions that are affected are 24.2.0-26.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle REST Data Services. Successful attacks of this vulnerability c...

Important: Red Hat Security Advisory: kernel security update

An update for kernel is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

CVE-2019-2898

Vulnerability in the BI Publisher formerly XML Publisher product of Oracle Fusion Middleware component: BI Publisher Security. Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HT...

OpenJDK: Incorrect access checks in XMLEntityManager (JAXP, 8270498)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JAXP. Supported versions that are affected are Oracle Java SE: 7u321, 8u311, 11.0.13, 17.0.1; Oracle GraalVM Enterprise Edition: 20.3.4 and 21.3.0. Easily exploitable vulnerability allows...

CVE-2021-22870 Path traversal in GitHub Enterprise Server hosted Pages leads to unauthorized file read access

A path traversal vulnerability was identified in GitHub Pages builds on GitHub Enterprise Server that could allow an attacker to read system files. To exploit this vulnerability, an attacker would need permission to create and build a GitHub Pages site on the GitHub Enterprise Server instance. Th...

UBUNTU-CVE-2020-28053

HashiCorp Consul and Consul Enterprise 1.2.0 up to 1.8.5 allowed operators with operator:read ACL permissions to read the Connect CA private key configuration. Fixed in 1.6.10, 1.7.10, and 1.8.6...

mysql: Server: Information Schema unspecified vulnerability (CPU Jul 2020)

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Information Schema. Supported versions that are affected are 5.6.48 and prior, 5.7.30 and prior and 8.0.20 and prior. Easily exploitable vulnerability allows low privileged attacker with network access via multiple...

CVE-2019-13415

Search Guard versions before 24.3 had an issue when Cross Cluster Search CCS was enabled, authenticated users can gain read access to data they are not authorized to see...

Siemens XHQ Elevation of Privilege Vulnerability

XHQ Production Operations Intelligence is Siemens Energy's flagship solution, widely deployed by the world's largest oil & gas and chemical companies. An elevation of privilege vulnerability exists in Siemens XHQ 4 and XHQ 5. It allows an authenticated remote user with low privileges to gain read...