7875 matches found
CVE-2026-12047
HTML injection in pgAdmin 4's cloud deployment module. The verifycredentials, deploy, regions, and update-server endpoints under /rds/, /azure/, /google/, and the top-level /cloud/ blueprint propagated AWS / Azure / Google SDK exception text — and the related file-resolution and database-commit...
CVE-2026-20181
A vulnerability in Cisco ISE and ISE-PIC could allow an authenticated, remote attacker to execute arbitrary commands on the underlying operating system of an affected device. To exploit this vulnerability, the attacker must have valid administrative credentials. This vulnerability is due to...
CVE-2026-20181
Cisco ISE/ISE-PIC in Cisco IOS XE is affected by CVE-2026-20181. The CVE entry describes authenticated remote command execution via crafted HTTP input with privilege escalation to root and potential DoS in single-node deployments. Connected PT-security material (PT-2026-34270) references a separa...
CVE-2026-46875
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager component: Deployment Library. Supported versions that are affected are 13.5 and 24.1. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise...
CVE-2026-35289
Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft component: Deployment Package. Supported versions that are affected are 8.61 and 8.62. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise PeopleSoft...
CVE-2026-35288
Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft component: Deployment Package. Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where PeopleSoft Enterpri...
CVE-2026-35272
Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft component: Deployment Package. Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with logon to the infrastructure where PeopleSoft Enterpri...
CVE-2026-35274
Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle PeopleSoft component: Deployment Package. Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft...
LobeHub: Unauthenticated SSRF in `/webapi/proxy`
Unauthenticated SSRF in /webapi/proxy allows anyone to proxy requests and inject cookies on lobehub.com Summary The /webapi/proxy endpoint on app.lobehub.com accepts a URL in the POST body and fetches it server-side without any authentication. This is the same proxy code that was vulnerable in...
Vulnerabilities found in Check Point Remote and Mobile Access VPN-products
Check Point has identified vulnerabilities in Remote and Mobile Access VPN products, specifically those implemented using the IKEv1 key exchange protocol. Two vulnerabilities have been identified in Check Point Security Gateways and Remote Access VPN environments that utilize the outdated IKEv1...
PT-2026-49861
Name of the Vulnerable Software and Affected Versions Oracle PeopleSoft PeopleSoft Enterprise PT PeopleTools versions 8.61 through 8.62 Description An issue exists in the Deployment Package component of PeopleSoft Enterprise PT PeopleTools. A high-privileged attacker with access to the...
PT-2026-49983
Name of the Vulnerable Software and Affected Versions Oracle Enterprise Manager Base Platform version 13.5 Oracle Enterprise Manager Base Platform version 24.1 Description An issue exists in the Deployment Library component of the Oracle Enterprise Manager Base Platform. A high privileged attacke...
PT-2026-49862
Name of the Vulnerable Software and Affected Versions PeopleSoft Enterprise PT PeopleTools versions 8.61 PeopleSoft Enterprise PT PeopleTools versions 8.62 Description An issue exists in the Deployment Package component of PeopleSoft Enterprise PT PeopleTools. This flaw allows an unauthenticated...
PT-2026-49849
Name of the Vulnerable Software and Affected Versions Oracle PeopleSoft PeopleSoft Enterprise PT PeopleTools versions 8.61 through 8.62 Description A flaw in the Deployment Package component allows an unauthenticated attacker with network access via HTTP to compromise the system. Successful...
PT-2026-49995
Name of the Vulnerable Software and Affected Versions Oracle Siebel CRM Siebel CRM Deployment versions 17.0 through 26.5 Description An issue exists in the Database Upgrade component of the Siebel CRM Deployment product. A low privileged attacker with access to the infrastructure where the softwa...
MAL-2026-5819 Malicious code in mozautomation (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 26d0e7dfb965969f23786d4bde7d70e597b83df522434aea471171d48442cd12 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...
What Changed in OWASP Top 10 2025 and Recommendations for Each Category
Key Takeaways 1. The 2025 list introduces two new categories – Software Supply Chain Failures A03 and Mishandling of Exceptional Conditions A10 - reflecting attacks already happening in production. 2. Security Misconfiguration jumping from 5 to 2 signals that continuous deployment without...
CVE-2026-50633
A flaw was found in Apache CXF's JCA integration module. This Java Naming and Directory Interface JNDI Injection vulnerability allows for arbitrary code execution. A remote attacker could exploit this by manipulating the Java EE Connector Architecture JCA deployment descriptor ra.xml or runtime...
VulnPilot
VulnPilot VulnPilot is an automation framework for vulnerabil...
Exploit for CVE-2026-41490
CVE-2026-41490 — SQL Injection in Dagster database I/O manager...