36077 matches found
EUVD-2026-24451
Vulnerability in the Oracle Application Development Framework ADF product of Oracle Fusion Middleware component: ADF Faces. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where...
EUVD-2026-24385
Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Personalization. Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Application...
br.com.archbase:archbase-annotation-processor (>=2.0.0 <=2.1.17), br.com.archbase:archbase-app-framework (>=2.0.0 <=2.1.17) +1579 more potentially affected by CVE-2026-22751 via org.springframework.security:spring-security-core (>=6.5.0 <=6.5.1)
org.springframework.security:spring-security-core MAVEN version =6.5.0, =2.0.0, =2.0.0, =2.0.0, =2.0.1, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.1.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.1.17 and more Source cves: CVE-2026-22751 Source advisory: OSV:GHSA-X2WQ-9X2F-FHJ7...
CVE-2026-35243
Vulnerability in the Oracle Application Development Framework ADF product of Oracle Fusion Middleware component: ADF Faces. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where...
CVE-2026-34298
Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Personalization. Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Application...
EUVD-2026-24496
The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, The OIDC JWKS and Metadata Document caches used an inverted time comparison isBefore instead of isAfter, causing the cache to never return cached values. Every...
CVE-2026-40942
The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, The OIDC JWKS and Metadata Document caches used an inverted time comparison isBefore instead of isAfter, causing the cache to never return cached values. Every...
CVE-2026-40942 DSF: Inverted Time Comparison in OIDC JWKS and Token Cache
The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, The OIDC JWKS and Metadata Document caches used an inverted time comparison isBefore instead of isAfter, causing the cache to never return cached values. Every...
CVE-2026-40942
The DSF vulnerability CVE-2026-40942 affects the OIDC JWKS and Metadata Document caches (and the OIDC token cache for FHIR client connections) prior to version 2.1.0, where an inverted time comparison (isBefore vs isAfter) caused the cache to never return cached values and never invalidate, resul...
CVE-2026-40942 DSF: Inverted Time Comparison in OIDC JWKS and Token Cache
The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, The OIDC JWKS and Metadata Document caches used an inverted time comparison isBefore instead of isAfter, causing the cache to never return cached values. Every...
CVE-2026-40939
The CVE concerns the Data Sharing Framework (DSF). Before version 2.1.0, OIDC-authenticated sessions had no maximum inactivity timeout, allowing sessions to persist indefinitely after login and token expiry. The issue is fixed in v2.1.0. Affected components are DSF FHIR and BPE servers with OIDC ...
CVE-2026-40939 DSF: Missing Session Timeout for OIDC Sessions
The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, OIDC-authenticated sessions had no configured maximum inactivity timeout. Sessions persisted indefinitely after login, even after the OIDC access token expired. This...
CVE-2026-40939
The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, OIDC-authenticated sessions had no configured maximum inactivity timeout. Sessions persisted indefinitely after login, even after the OIDC access token expired. This...
CVE-2026-40939 DSF: Missing Session Timeout for OIDC Sessions
The Data Sharing Framework DSF implements a distributed process engine based on the BPMN 2.0 and FHIR R4 standards. Prior to 2.1.0, OIDC-authenticated sessions had no configured maximum inactivity timeout. Sessions persisted indefinitely after login, even after the OIDC access token expired. This...
CVE-2026-35243
Vulnerability in the Oracle Application Development Framework ADF product of Oracle Fusion Middleware component: ADF Faces. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where...
CVE-2026-34298
Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite component: Personalization. Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Application...
CVE-2026-40879
Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.19, when an attacker sends many small, valid JSON messages in one TCP frame, handleData recurses once per message; the buffer shrinks each call. maxBufferSize is never reached; call stack overflows instead. ...
CVE-2026-40869
Decidim is a participatory democracy framework. Starting in version 0.19.0 and prior to versions 0.30.5 and 0.31.1, a vulnerability allows any registered and authenticated user to accept or reject any amendments. The impact is on any users who have created proposals where the amendments feature i...
com.aegisql:conveyor-configurator (>=1.5.1 <=1.5.2), com.datastax.oss.quarkus:cassandra-quarkus-client (>=1.0.1 <=1.0.4) +2043 more potentially affected by CVE-2026-22013 via org.graalvm.sdk:graal-sdk (>=21.0.0 <=21.0.0.2)
org.graalvm.sdk:graal-sdk MAVEN version =21.0.0, =1.5.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.3, =1.0.1, =1.0.1, =1.0.1, =4.11.0, =1.2.0, =1.2.0, =1.4.0 and more Source cves: CVE-2026-22013 Source advisory: SNYK:JAVA-ORGGRAALVMSDK-...
CVE-2026-40879 Nest: DoS via Recursive handleData in JsonSocket (TCP Transport)
Nest is a framework for building scalable Node.js server-side applications. Prior to 11.1.19, when an attacker sends many small, valid JSON messages in one TCP frame, handleData recurses once per message; the buffer shrinks each call. maxBufferSize is never reached; call stack overflows instead. ...