Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild

A critical security flaw impacting Oracle E-Business Suite has come under active exploitation in the wild, according to Defused Cyber. The vulnerability, tracked as CVE-2026-46817 CVSS score: 9.8, refers to an improper privilege management and authentication flaw in Oracle Payments that could be...

CVE-2026-57339

Unauthenticated Broken Access Control in Business Directory = 6.4.23 versions...

CVE-2026-57328

Subscriber Cross Site Scripting XSS in Business Directory = 6.4.22 versions...

CVE-2026-57326

Unauthenticated Cross Site Scripting XSS in Business Directory = 6.4.22 versions...

EUVD-2026-40110

Unauthenticated Broken Access Control in Business Directory = 6.4.23 versions...

CVE-2026-57339

The CVE-2026-57339 entry concerns an Unauthenticated Broken Access Control flaw in the WordPress Business Directory plugin up to version 6.4.23 . The available data confirm the affected product and version range, with the underlying issue categorized as broken access control (no additional techni...

CVE-2026-57339 WordPress Business Directory plugin <= 6.4.23 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Business Directory = 6.4.23 versions...

EUVD-2026-40099

Subscriber Cross Site Scripting XSS in Business Directory = 6.4.22 versions...

CVE-2026-57328

CVE-2026-57328 is a Subscriber XSS vulnerability in the WordPress Business Directory plugin, affecting versions

CVE-2026-57328 WordPress Business Directory plugin <= 6.4.22 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in Business Directory = 6.4.22 versions...

EUVD-2026-40097

Unauthenticated Cross Site Scripting XSS in Business Directory = 6.4.22 versions...

CVE-2026-57326 WordPress Business Directory plugin <= 6.4.22 - Cross Site Scripting (XSS) vulnerability

Unauthenticated Cross Site Scripting XSS in Business Directory = 6.4.22 versions...

CVE-2026-57326

The CVE-2026-57326 entry concerns an Unauthenticated Cross Site Scripting (XSS) in the WordPress Business Directory plugin up to version 6.4.22 . The connected documents consistently describe the issue as an XSS vulnerability affecting that plugin version range. The vulnerability is reported with...

EUVD-2026-40095

A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a manipulation of the argument itemprice can lead to business logic errors. The attack may be performed from remote. The exploit has been published...

CVE-2026-13571 SourceCodester Simple Food Ordering System cart.php logic error

A flaw has been found in SourceCodester Simple Food Ordering System 1.0. The affected element is an unknown function of the file /cart.php. Executing a manipulation of the argument itemprice can lead to business logic errors. The attack may be performed from remote. The exploit has been published...

Security Bulletin: Multiple security vulnerabilities addressed with IBM Business Automation Workflow cumulative fixes June 2026

Summary In addition to updating many operating system level packages, the following security vulnerabilities are addressed with IBM Business Automation Workflow cumulative fixes. Vulnerability Details CVEID:CVE-2026-29063 DESCRIPTION: Immutable.js provides many Persistent Immutable data structure...

Dyn Business Panel Plugin <= 1.0.0 - Cross-Site Scripting

Dyn Business Panel WordPress plugin = 1.0.0 contains a reflected cross-site scripting caused by lack of sanitization and escaping of a parameter in output, letting attackers execute scripts in the context of high privilege users, exploit requires victim to click a malicious link. id: CVE-2024-130...

PHPJabbers Cleaning Business 1.0 - Cross-Site Scripting

The attacker can send to victim a link containing a malicious URL in an email or instant message can perform a wide variety of actions, such as stealing the victim's session token or login credentials. id: CVE-2023-4115 info: name: PHPJabbers Cleaning Business 1.0 - Cross-Site Scripting author:...

SAP Web Application Server 6.x/7.0 - Open Redirect

frameset.htm in the BSP runtime in SAP Web Application Server WAS 6.10 through 7.00 allows remote attackers to log users out and redirect them to arbitrary web sites via a close command in the sap-sessioncmd parameter and a URL in the sap-exiturl parameter. id: CVE-2005-3634 info: name: SAP Web...

Oracle Business Intelligence Publisher - XML External Entity Injection

Oracle Business Intelligence Publisher is vulnerable to an XML external entity injection attack. The supported versions affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. This easily exploitable vulnerability allows unauthenticated attackers with network access via HTTP to compromise BI Publishe...