CVE-2026-35302

Vulnerability in the WebLogic Server product of Oracle Fusion Middleware component: Console. Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise WebLogic Server. Successfu...

CVE-2026-35299

Vulnerability in the WebLogic Server product of Oracle Fusion Middleware component: Console. Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise WebLogic Server. Successful...

CVE-2026-35258

Vulnerability in the WebLogic Server product of Oracle Fusion Middleware component: Console. Supported versions that are affected are 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise WebLogic Server. Successful...

PT-2026-49863

Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware WebLogic Server versions 14.1.2.0.0 Oracle Fusion Middleware WebLogic Server versions 15.1.1.0.0 Description An issue exists in the Console component of the WebLogic Server. A high privileged attacker with network acce...

PT-2026-49956

Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware WebLogic Server versions 14.1.2.0.0 Oracle Fusion Middleware WebLogic Server versions 15.1.1.0.0 Description A flaw in the Console component allows a low-privileged attacker with access to the infrastructure where the...

PT-2026-49873

Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware WebLogic Server versions 12.2.1.4.0 Oracle Fusion Middleware WebLogic Server versions 14.1.1.0.0 Description An issue exists in the Console component of the WebLogic Server. This flaw allows an unauthenticated attacker...

PT-2026-49870

Name of the Vulnerable Software and Affected Versions Oracle Fusion Middleware WebLogic Server versions 12.2.1.4.0 Oracle Fusion Middleware WebLogic Server versions 14.1.1.0.0 Description An issue exists in the Console component of the WebLogic Server. A low privileged attacker with network acces...

CISA Adds Three Known Exploited Vulnerabilities to Catalog

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities KEV Catalog, based on evidence of active exploitation. CVE-2026-8398link is external Daemon Tools Lite Embedded Malicious Code Vulnerability CVE-2026-45321link is external TanStack Unspecified Vulnerability...

PT-2026-38595

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions 3.19.1 through 3.19.5 GitHub Enterprise Server versions 3.20.0 through 3.20.1 Description A reflected HTML injection issue exists in the Management Console login page. The redirect to query parameter on the...

CVE-2023-54342 Eclipse Equinox OSGi 3.8-3.18 Console Remote Code Execution

Eclipse Equinox OSGi versions 3.8 through 3.18 contain a remote code execution vulnerability in the console interface that allows unauthenticated attackers to execute arbitrary code by exploiting the fork command functionality. Attackers can establish a telnet connection to the OSGi console,...

PT-2026-36998

Name of the Vulnerable Software and Affected Versions Eclipse Equinox OSGi versions 3.8 through 3.18 Description A remote code execution flaw exists in the console interface. Unauthenticated attackers can execute arbitrary code by exploiting the fork command functionality. This is achieved by...

CVE-2026-40212

OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting XSS vulnerability in the console because document.write is used unsafely, which is relevant in scenarios where administrators use the console web interface to view instance console logs...

CVE-2026-40212

OpenStack Skyline before 5.0.1, 6.0.0, and 7.0.0 has a DOM-based Cross-Site Scripting XSS vulnerability in the console because document.write is used unsafely, which is relevant in scenarios where administrators use the console web interface to view instance console logs...

PT-2026-31893

Name of the Vulnerable Software and Affected Versions OpenStack Skyline versions prior to 5.0.1, 6.0.0, and 7.0.0 Description OpenStack Skyline contains a DOM-based Cross-Site Scripting XSS issue in the console. This is due to the unsafe use of document.write. This is relevant when administrators...

OpenStack Skyline 安全漏洞

OpenStack Skyline is a web interface system for managing cloud platforms and visualizing resources under the OpenStack open-source framework. Versions of OpenStack Skyline prior to 5.0.1, 6.0.0, and 7.0.0 contain security vulnerabilities. These vulnerabilities stem from DOM-based cross-site...

CVE-2026-27822

RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.83, a Stored Cross-Site Scripting XSS vulnerability in the RustFS Console allows an attacker to execute arbitrary JavaScript in the context of the management console. By bypassing the PDF preview logic, an...

PT-2026-21848

Name of the Vulnerable Software and Affected Versions RustFS versions prior to 1.0.0-alpha.83 Description RustFS is a distributed object storage system built in Rust. A Stored Cross-Site Scripting XSS vulnerability exists in the RustFS Console, allowing an attacker to execute arbitrary JavaScript...

CVE-2026-23795

Improper Restriction of XML External Entity Reference vulnerability in Apache Syncope Console. An administrator with adequate entitlements to create or edit Keymaster parameters via Console can construct malicious XML text to launch an XXE attack, thereby causing sensitive data leakage occurs. Th...

CVE-2026-23795

Improper Restriction of XML External Entity Reference vulnerability in Apache Syncope Console. An administrator with adequate entitlements to create or edit Keymaster parameters via Console can construct malicious XML text to launch an XXE attack, thereby causing sensitive data leakage occurs. Th...

CVE-2026-23795

Improper Restriction of XML External Entity Reference vulnerability in Apache Syncope Console. An administrator with adequate entitlements to create or edit Keymaster parameters via Console can construct malicious XML text to launch an XXE attack, thereby causing sensitive data leakage occurs. Th...