PT-2026-3701

Name of the Vulnerable Software and Affected Versions Oracle PeopleSoft versions 8.60 through 8.62 Description A flaw exists in the Integration Broker component of Oracle PeopleSoft Enterprise PeopleTools. An unauthenticated attacker with network access via HTTP can compromise the system...

Oracle Financial Services Applications security vulnerabilities

Oracle Financial Services Applications is a set of financial services software developed by Oracle Corporation in the United States. This product includes core banking, online banking, and property management functions. FLEXCUBE Investor Servicing is a comprehensive solution component that provid...

PT-2026-3684

Name of the Vulnerable Software and Affected Versions Oracle PeopleSoft versions 8.60 through 8.62 Description A flaw exists in the Push Notifications component of Oracle PeopleSoft Enterprise PeopleTools. A low-privileged attacker with network access via HTTP can compromise the system. Successfu...

PT-2026-3693

Name of the Vulnerable Software and Affected Versions Oracle E-Business Suite versions 12.2.3 through 12.2.15 Description An easily exploitable issue exists in the Oracle Scripting product of Oracle E-Business Suite component: Scripting Admin. An unauthenticated attacker with network access via...

PT-2026-3708

Name of the Vulnerable Software and Affected Versions Oracle PeopleSoft Enterprise HCM Human Resources version 9.2 Description A flaw exists in the PeopleSoft Enterprise HCM Human Resources component, specifically within Company Dir / Org Chart Viewer and Employee Snapshot. This issue allows a...

CVE-2026-23838 Tandoor Recipes module allows SQLite database to be externally accessible with the default settings

Tandoor Recipes is a recipe manager than can be installed with the Nix package manager. Starting in version 23.05 and prior to version 26.05, when using the default configuration of Tandoor Recipes, specifically using SQLite and default MEDIAROOT, the full database file may be externally...

CVE-2018-10519

CMS Made Simple CMSMS 2.2.7 contains a privilege escalation vulnerability from ordinary user to admin user by arranging for the effuid value within $COOKIE$this-loginkey to equal 1, because files in the tmp/ directory are accessible through HTTP requests. NOTE: this vulnerability exists because o...

CVE-2021-2159

Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft component: Frameworks. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CS...

CVE-2019-2579

Vulnerability in the Oracle WebCenter Sites component of Oracle Fusion Middleware subcomponent: Advanced UI. The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Sites...

CVE-2019-2843

Vulnerability in the Oracle FLEXCUBE Investor Servicing component of Oracle Financial Services Applications subcomponent: Infrastructure. Supported versions that are affected are 12.0.1, 12.0.3, 12.0.4, 12.1.0, 12.3.0, 12.4.0, 14.0.0 and 14.1.0. Easily exploitable vulnerability allows low...

CVE-2019-2605

Vulnerability in the Oracle Business Intelligence Enterprise Edition component of Oracle Fusion Middleware subcomponent: Web Catalog. Supported versions that are affected are 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Difficult to exploit vulnerability allows unauthenticated attacker with network...

CVE-2019-2650

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS - Web Services. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2019-2568

Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware subcomponent: WLS Core Components. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

CVE-2019-2907

Vulnerability in the Oracle Web Services product of Oracle Fusion Middleware component: SOAP with Attachments API for Java. The supported version that is affected is 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web...

CVE-2019-2770

Vulnerability in the Oracle Hyperion Planning component of Oracle Hyperion subcomponent: Smart View. The supported version that is affected is 11.1.2.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Planning. Successful...

CVE-2019-2600

Vulnerability in the Oracle Email Center component of Oracle E-Business Suite subcomponent: Message Display. Supported versions that are affected are 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, 12.2.5, 12.2.6, 12.2.7 and 12.2.8. Easily exploitable vulnerability allows unauthenticated attacker with...

CVE-2021-2257

Vulnerability in the Oracle Storage Cloud Software Appliance product of Oracle Storage Gateway component: Management Console. The supported version that is affected is Prior to 16.3.1.4.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise...

CVE-2021-2455

Vulnerability in the PeopleSoft Enterprise HCM Shared Components product of Oracle PeopleSoft component: Person Search. The supported version that is affected is 9.2. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise...

CVE-2021-2214

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Console. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows high privileged attacker with network access via HT...

CVE-2021-2191

Vulnerability in the Oracle Business Intelligence Enterprise Edition product of Oracle Fusion Middleware component: Analytics Actions. Supported versions that are affected are 5.5.0.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access...