CVE-2026-34308

...

CVE-2026-34305

...

CVE-2026-34302

...

CVE-2026-34298

CVE-2026-34298 affects Oracle Applications Framework within Oracle E-Business Suite, Personalization component. Affected: E-Business Suite versions 12.2.9–12.2.15. The vulnerability arises in the Personalization feature, enabling a high-privilege attacker with network access via HTTP to perform u...

CVE-2026-34296

...

CVE-2026-34297

...

CVE-2026-34282

...

CVE-2026-34281

CVE-2026-34281 concerns Oracle Solaris 11.4, specifically a vulnerability in the Kernel component. Affects the kernel on Oracle Solaris 11.4; exploitation requires low privileges and local logon. Successful exploitation can lead to a hang or frequently repeatable crash (complete DoS) of Oracle So...

CVE-2026-34267

...

CVE-2026-22016

...

CVE-2026-22010

...

CVE-2026-22007

...

CVE-2026-22003

CVE-2026-22003 affects Oracle Java SE (Hotspot) and Oracle GraalVM Enterprise Edition. Affected: Oracle Java SE 8u481 and 8u481-b50; GraalVM EE 21.3.17. The vulnerability allows a low-privilege, locally authenticated attacker to compromise the runtime and may lead to unauthorized data modificatio...

CVE-2026-21998

Oracle MySQL Server (Server: Optimizer) is affected. Affected versions: 8.0.0–8.0.45, 8.4.0–8.4.8, and 9.0.0–9.6.0. The vulnerability allows a high-privileged attacker with network access via multiple protocols to cause a hang or crash (DoS). CVSS 3.1 base score is 4.9 (Availability impact). Expl...

CVE-2026-21997

...

CVE-2026-40907

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the endpoint plugin/Live/view/Liverestreams/list.json.php contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user with streaming permission to retrieve other users' live restream...

CVE-2026-40907

Summary: WWBN AVideo 29.0 and earlier contains an Insecure Direct Object Reference (IDOR) in the endpoint plugin/Live/view/Live_restreams/list.json.php. This allows any authenticated user with streaming permission to view other users’ live restream configurations, exposing third‑party platform st...

CVE-2026-40907 WWBN AVideo has IDOR in Live Restreams list.json.php that Exposes Other Users' Stream Keys and OAuth Tokens

WWBN AVideo is an open source video platform. In versions 29.0 and prior, the endpoint plugin/Live/view/Liverestreams/list.json.php contains an Insecure Direct Object Reference IDOR vulnerability that allows any authenticated user with streaming permission to retrieve other users' live restream...

CVE-2026-40865

Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document viewer allows any authenticated user to access other employees’ uploaded documents by changing the document ID in the request. This exposes sensitive HR...

CVE-2026-40866

Horilla is a free and open source Human Resource Management System HRMS. In 1.5.0, an insecure direct object reference in the employee document upload endpoint allows any authenticated user to overwrite or replace or corrupt another employee’s document by changing the document ID in the upload...