4795 matches found
PT-2026-49957
Name of the Vulnerable Software and Affected Versions PeopleSoft Enterprise CS Student Financials version 9.2.38 Description An issue in the PeopleSoft Enterprise CS Student Financials product allows a low privileged attacker with network access via HTTP to compromise the system. Successful...
PT-2026-49947
Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.8 Description An issue exists in the VMSVGA device component of Oracle VM VirtualBox. A high-privileged attacker with logon access to the infrastructure where the software executes can compromise the system. Th...
PT-2026-49944
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Authentication Engine. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
PT-2026-49837
Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware WebLogic Server versions 14.1.2.0.0 Oracle Fusion Middleware WebLogic Server versions 15.1.1.0.0 Description An issue exists in the Console component of the WebLogic Server. A low privileged attacker with network acces...
PT-2026-49847
Name of the Vulnerable Software and Affected Versions PeopleSoft Enterprise PT PeopleTools versions 8.61 PeopleSoft Enterprise PT PeopleTools versions 8.62 Description An issue in the Weblogic component allows an unauthenticated attacker with network access via HTTP to compromise the system...
PT-2026-49941
Name of the Vulnerable Software and Affected Versions Oracle WebCenter Content version 14.1.2.0.0 Description An issue in the Content Server component of Oracle Fusion Middleware allows a low privileged attacker with network access via HTTP to compromise the system. The attack requires human...
PT-2026-49824
Name of the Vulnerable Software and Affected Versions Devolutions Server version 2026.2.5 Description Improper access control in the social login connection endpoint allows an authenticated vault member to enumerate social login entry metadata to which they are not authorized by using a crafted A...
The vulnerability of the CreateSaverWindow() function in the Wayland protocol implementation for X.Org XWaylan, as well as in the X Window System Server implementation, allows a intruder to gain unauthorized access to protected information.
The vulnerability of the CreateSaverWindow function in the Wayland protocol implementation for X.Org XWaylan, as well as in the X Window System X.Org Server implementation, is related to the possibility of using memory after it is freed. Exploiting this vulnerability could allow a malicious actor...
The vulnerability of the __glXDisp_ChangeDrawableAttributes() function in the Wayland protocol implementation for X.Org XWaylan, as well as in the X.Org Server implementation of the X Window System, allows a malicious actor to gain unauthorized access to protected information.
The vulnerability of the glXDispChangeDrawableAttributes function in the Wayland protocol implementation for X.Org XWaylan, as well as in the X.Org Server implementation of the X Window System, is related to reading data beyond the permitted range of memory. Exploiting this vulnerability could...
Security Bulletin: IBM Event Streams is affected by multiple vulnerabilities in Java SE (CVE-2026-21945, CVE-2026-21932, CVE-2026-21933).
Summary IBM Event Streams is affected by multiple vulnerabilities in Java SE. These vulnerabilities could allow a remote attacker to cause a denial of service condition, bypass security restrictions, or perform unauthorized operations on data processed by affected Java components. Vulnerability...
CVE-2026-53901
CVE-2026-53901 affects Cerebrate, before v1.37, where the generic CRUD add path allowed mass assignment of attacker-controlled identifiers. The add() handler attempted to strip an id from $params prior to __massageInput() normalization, but a supplied id could still be present in the normalized i...
CVE-2026-45550
Roxy-WI exposes an IDOR on PUT /smon/check in versions ≤ 8.2.6.4. The flaw gates only on roxywi_common.check_user_group_for_flask(), validating the caller has some group rather than that the target check_id belongs to it. Downstream update_smon, update_smonHttp, update_smonTcp, update_smonPing, a...
CVE-2026-26236
A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and later...
PT-2026-48371
Name of the Vulnerable Software and Affected Versions QuMagie versions prior to 2.9.0 Description A missing authorization issue allows remote attackers to access unauthorized data or perform unauthorized actions. Recommendations Update to version 2.9.0 or later...
QNAP qumagie 信息泄露漏洞
QNAP Systems QuMagie is a QTS photo management application developed by QNAP Systems. There is a security vulnerability in QNAP Systems QuMagie, which stems from lack of authorization. This vulnerability may allow remote attackers to access unauthorized data or perform unauthorized operations. Th...
HPESBNW05061 rev.1 - HPE Telco Suite, Multiple Vulnerabilities
Potential Security Impact: Remote: Access Restriction Bypass, Cross-Site Scripting XSS, Directory Traversal, Unauthorized Data Modification SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. HPE Telco Integrated Subscriber Data Management - Authentication Server Function AUSF 7.0.x,...
MAL-2026-5467 Malicious code in getd-handler-api (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 83398d27bb84d47296f796b4b2e6e9b5a0efc474add2e57592455e7d5d54eab5 On npm install, postinstall.js collects the installer's hostname, username, platform, current working directory, and CI-related environment variables...
Malicious code in ac_semantic-ui_ts (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f8b97f7d3e69494d0415e13aec8d9d51ce1f5912d8c1de45a1e563e2d1b01d3d package.json declares a postinstall hook that runs canary.js, which issues an HTTP GET to bare IP 157.230.17.236 on port 80 with query parameters...
CVE-2026-4058
The CVE-2026-4058 entry concerns the WordPress plugin “User Frontend: AI Powered Frontend Posting, User Directory, Profile, Membership & User Registration”. A missing capability check in user_subscription_cancel() across all versions up to 4.3.2 allows authenticated users with Subscriber-level ac...
EUVD-2026-35347
A missing authorization vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to access unauthorized data or perform unauthorized actions. We have already fixed the vulnerability in the following version: QuMagie 2.9.0 and later...