CVE-2026-1389

CVE-2026-1389 affects the WordPress plugin Document Embedder (

CVE-2026-1389

The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.4. This is due to the plugin not verifying that a user has permission to access the requested resource in the...

PT-2026-5079

The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.4. This is due to the plugin not verifying that a user has permission to access the requested resource in the 'bplde sa...

CVE-2026-21721

The dashboard permissions API does not verify the target dashboard scope and only checks the dashboards.permissions: action. As a result, a user who has permission management rights on one dashboard can read and modify permissions on other dashboards. This is an organization‑internal privilege...

CVE-2026-21946

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are 9.2.0.0-9.2.26.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...

CVE-2026-21971

Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft component: Purchasing. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM...

CVE-2026-21943

Vulnerability in the Oracle Scripting product of Oracle E-Business Suite component: Scripting Admin. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful...

CVE-2026-21938

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Portal. Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise...

CVE-2026-21934

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Push Notifications. Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft...

CVE-2026-21946

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are 9.2.0.0-9.2.26.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards...

PT-2026-3727

Name of the Vulnerable Software and Affected Versions Oracle Life Sciences Central Coding version 7.0.1.0 Description An easily exploitable issue exists in the Oracle Life Sciences Central Coding product, specifically within the Platform component. An unauthenticated attacker with network access...

PT-2026-3708

Name of the Vulnerable Software and Affected Versions Oracle PeopleSoft Enterprise HCM Human Resources version 9.2 Description A flaw exists in the PeopleSoft Enterprise HCM Human Resources component, specifically within Company Dir / Org Chart Viewer and Employee Snapshot. This issue allows a...

CVE-2026-1019

Police Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality...

CVE-2026-1019

Police Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality...

CVE-2026-1019

Police Statistics Database System developed by Gotac has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to read, modify, and delete database contents by using a specific functionality...

MiracleLinux 7 : gvfs-1.36.2-3.el7 (AXSA:2019-4036:01)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2019-4036:01 advisory. gvfs: Incorrect authorization in admin backend allows privileged users to read and modify arbitrary files without prompting for password CVE-2019-3827 Tenabl...

CVE-2021-2375

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime. Supported versions that are affected are 9.2.5.3 and prior. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne...

CVE-2021-2106

Vulnerability in the Oracle Customer Interaction History product of Oracle E-Business Suite component: Outcome-Result. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

CVE-2025-62842

An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read or modify files or directories. We have already fixed the vulnerability in the following version:...

CVE-2025-62842

An external control of file name or path vulnerability has been reported to affect HBS 3 Hybrid Backup Sync. If an attacker gains local network access, they can then exploit the vulnerability to read or modify files or directories. We have already fixed the vulnerability in the following version:...