80 matches found
EUVD-2026-41272
The Perfmatters plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.6.4 via the 's' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information...
CVE-2026-46872
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Install. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise Oracle...
Vulnerabilities in Oracle VM VirtualBox
Oracle has identified several vulnerabilities in Oracle VM VirtualBox version 7.2.8. These vulnerabilities are located in various components of Oracle VM VirtualBox 7.2.8, including the Shared Folders and the VMSVGA device. An attacker with low to high privileges and access to the underlying...
EUVD-2026-36702
A flaw was found in Ansible Lightspeed. This vulnerability, related to insufficient session expiration, allows a remote attacker to maintain persistent access to the Ansible Lightspeed instance. If an attacker exfiltrates a valid OAuth Open Authorization access token before a user logs out, they...
mysql: Information Schema unspecified vulnerability (CPU Apr 2026)
Oracle CPU describes the issue as following: Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Information Schema. Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with...
CVE-2026-41522 Iris has an Improper Authorization issue
Iris is a web collaborative platform that helps incident responders share technical details during investigations. Prior to version 2.4.28, DFIR-IRIS exposes an optional GraphQL endpoint at /graphql that does not enforce the same authorization checks as the REST API. Any authenticated user can...
BIT-JRE-2026-21925
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: RMI. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the madvise IOCTL in the drm xe driver not verifying the patindex boundary. This could lead to...
PT-2026-38246
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.4.22 Description A time-of-check/time-of-use TOCTOU race condition exists in the OpenShell filesystem bridge. This issue allows attackers to use symlink swaps during filesystem operations to bypass sandbox...
PT-2026-34796
In versions 8.4.0, 8.3.2, 8.2.2, 8.1.3, 8.0.4, 7.13.6, 7.12.7, 7.11.7, and 7.10.10, the endpoints /api/apps/logs and /api/apps/:id/logs have a typo in the required permission check, allowing authenticated users without the proper permissions to read apps-engine logs...
Oracle VM VirtualBox Core Component Memory Corruption Vulnerability
Oracle VM VirtualBox is a desktop virtualization software developed by Oracle to run multiple operating systems on a single host. A memory corruption vulnerability exists in Oracle VM VirtualBox. The vulnerability stems from a failure of the Core component to properly handle memory operations and...
Oracle VM VirtualBox 安全漏洞
Oracle VM VirtualBox is a desktop virtualization software developed by Oracle to run multiple operating systems on a single host. A memory corruption vulnerability exists in Oracle VM VirtualBox. The vulnerability stems from a failure of the Core component to properly handle memory operations and...
Ghost SQL注入漏洞
Ghost is a hosting service developed by the Ghost open-source project. Versions of Ghost from 3.24.0 to 6.19.0 have SQL injection vulnerabilities. These vulnerabilities stem from unvalidated code, which may allow unauthorized attackers to execute arbitrary reads from the database...
CVE-2026-21971
Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft component: Purchasing. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM...
Oracle Utilities Applications security vulnerabilities
Oracle Utilities Applications is a technology platform for the utilities industry developed by Oracle, a company in the United States. Vulnerabilities exist in versions 4.4.0.3.0.0, 4.5.0.0.0, 4.5.0.1.1, 4.5.0.1.3, 4.5.0.2.0, 25.4, and 25.10 of the Oracle Utilities Application Framework. These...
Oracle PeopleSoft security vulnerabilities
Oracle PeopleSoft is a corporate human capital management solution developed by Oracle Corporation in the United States. This product offers functions such as human capital management, financial management, and supplier relationship management. PeopleSoft Enterprise HCM Human Resources is one of...
EUVD-2026-2803
This vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the URL path. Users with minimal permissions could gain unauthorized read access to GET endpoints in Alertmanager and Prometheus datasources. The issue primarily...
EUVD-2025-1934
Malicious code in bioql PyPI...
CVE-2025-54249
Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a Server-Side Request Forgery SSRF vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to manipulate server-side requests and bypass security controls...
Claude Code 操作系统命令注入漏洞
Claude Code is an open source proxy coding tool from Anthropic. An operating system command injection vulnerability exists in versions of Claude Code prior to 1.0.4, which stems from an overly broad list of allowed security commands that could lead to unacknowledged file reads and network transfe...