8276 matches found
CVE-2026-35308
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware component: Centralized Third Party Jars. Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via...
CVE-2026-35304
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracl...
CVE-2026-35294
Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware component: Mainframe Connectors. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...
CVE-2026-35295
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware component: WebCenter Sites. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...
CVE-2026-35286
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware component: Content Server. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
CVE-2026-35282
Vulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware component: Client Bundle. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via T3, IIOP to compromise...
CVE-2026-35268
Vulnerability in the Identity Manager product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via T3, IIOP to compromise Identity Manager. While the...
CVE-2026-35269
Vulnerability in the Identity Manager product of Oracle Fusion Middleware component: REST WebServices. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager...
CVE-2026-35265
Vulnerability in the Identity Manager product of Oracle Fusion Middleware component: Security. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager. Successfu...
CVE-2026-35262
Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware component: Market Place. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Data...
CVE-2026-35259
Vulnerability in the WebLogic Server product of Oracle Fusion Middleware component: Console. Supported versions that are affected are 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise WebLogic Server. Successful...
CVE-2026-35267
Vulnerability in the Identity Manager product of Oracle Fusion Middleware component: REST WebServices. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Identity Manager...
CVE-2026-35261
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware component: Authentication Engine. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle...
CVE-2026-35263
Vulnerability in the WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise WebLogic Server. While the...
Vulnerabilities in Oracle Fusion Middleware products
Oracle has identified several vulnerabilities in various products within the Oracle Fusion Middleware suite, including WebLogic Server, WebCenter Content, WebCenter Sites, WebCenter Portal, WebCenter Enterprise Capture, Identity Manager, Identity Manager Connector, Access Manager, Coherence,...
CVE-2026-46838
Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware component: Security Framework. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle...
GHSA-GR75-JV2W-4656 LangChain: Path traversal and sandbox escape in LangChain file-search middleware and loaders
Summary Several LangChain components that resolve filesystem paths or expand search patterns do not consistently confine the resolved path to the intended root directory. Affected behaviors include: a file-search agent middleware that validates a starting directory but not the search pattern or t...
Symlink Attack
Overview langchain is a Building applications with LLMs through composability Affected versions of this package are vulnerable to Symlink Attack via the file-search middleware and loaders that resolve filesystem paths and search patterns without confining the resolved path to the intended root...
Malicious code in middleware-jwt (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 32bc5304d92b1d80c7332d9177259c85486b3d272834f3a585a51aa44b7dac4c The package was found to contain malicious code or consuming dependency that contains malicious code Source: ghsa-malware...
hono: Path traversal in `serve-static` on Windows via encoded backslash (`%5C`)
Summary On Windows hosts, an encoded backslash %5C in the request path decodes to , which the Windows path resolver treats as a separator. serve-static then resolves a single URL segment such as admin\secret.txt into a nested file under the root and serves it, letting an attacker read static file...