CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 5 days ago•6 views

CVE-2026-46837

Vulnerability in the Oracle Flow Manufacturing product of Oracle E-Business Suite component: Security. Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via SQL to compromise Oracle Flow Manufacturing...

8.8CVSS5.6AI score0.00091EPSS

NVD•added 2026/05/28 9:16 p.m.•13 views

CVE-2026-46837

8.8CVSS0.00091EPSS

NVD•added 2026/05/28 9:16 p.m.•10 views

CVE-2026-46823

Vulnerability in the Oracle Public Sector Financials International product of Oracle E-Business Suite component: Authorization. Supported versions that are affected are 12.2.6-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Orac...

7.7CVSS0.00038EPSS

ATTACKERKB•added 2026/05/28 8:17 p.m.•6 views

CVE-2026-46824

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite component: Work Provider Site Level Administration. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromi...

9.9CVSS5.8AI score0.00091EPSS

Exploits0Affected Software1

ATTACKERKB•added 2026/05/28 8:17 p.m.•7 views

CVE-2026-46823

7.7CVSS5.8AI score0.00038EPSS

ATTACKERKB•added 2026/05/28 8:17 p.m.•7 views

CVE-2026-46821

Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite component: Common Components. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

7.7CVSS5.8AI score0.00038EPSS

ATTACKERKB•added 2026/05/28 8:17 p.m.•6 views

CVE-2026-46817

Vulnerability in the Oracle Payments product of Oracle E-Business Suite component: File Transmission. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Payments. Successful...

9.8CVSS5.8AI score0.00114EPSS

CNNVD•added 2026/05/28 12:0 a.m.•7 views

Oracle Financials Common Modules 安全漏洞

Oracle Financials Common Modules is a suite of enterprise financial management shared functionality modules provided by Oracle, a company in the United States. Versions 12.2.3 to 12.2.15 of Oracle Financials Common Modules contain security vulnerabilities. These vulnerabilities stem from issues...

7.7CVSS5.8AI score0.00038EPSS

CNNVD•added 2026/05/28 12:0 a.m.•7 views

Oracle Universal Work Queue 安全漏洞

Oracle Universal Work Queue is a flexible work presentation and access tool developed by Oracle, a company in the United States. This software provides centralized viewing of work, access requests, and organization of work, thereby improving efficiency and productivity. Versions 12.2.3 to 12.2.15...

9.9CVSS5.9AI score0.00091EPSS

OSV•added 2026/05/22 1:21 p.m.•1 views

OESA-2026-2429 python-pillow security update

Pillow is the friendly PIL fork by Alex Clark and Contributors. PIL is the Python Imaging \ Library by Fredrik Lundh and Contributors. As of 2019, Pillow development is supported by Tidelift. of CVE-2022-22815,CVE-2022-22816 Security Fixes: Pillow is a Python imaging library. From version 10.3.0 ...

8.6CVSS6AI score0.0002EPSS

Exploits0References2

IBM Security Bulletins•added 2026/05/21 2:44 p.m.•6 views

Security Bulletin: IBM Guardium Data Protection is affected by Exposure of Sensitive Information vulnerability (CVE-2026-8405)

Summary IBM Guardium Data Protection has addressed this vulnerability in an update. Vulnerability Details CVEID:CVE-2026-8405 DESCRIPTION: IBM Guardium Data Protection's add-on feature of Guardium Data Protection named "Long Term Retention" LTR can expose sensitive credentials in debug mode...

6.5CVSS5.8AI score0.00032EPSS

Exploits0Affected Software1

OSV•added 2026/05/12 8:54 a.m.•4 views

BIT-PILLOW-2026-42309 Pillow: Heap buffer overflow with nested list coordinates

Pillow is a Python imaging library. From version 11.2.1 to before version 12.2.0, passing nested lists as coordinates to APIs that accept coordinates such as ImagePath.Path, ImageDraw.ImageDraw.polygon and ImageDraw.ImageDraw.line could cause a heap buffer overflow, as nested lists were recursive...

CVE•added 2026/05/09 4:9 a.m.•42 views

Exploits0References3

CVE-2026-42308

Pillow CVE-2026-42308 describes an integer overflow in font handling that occurs when a glyph advances by an excessively large amount. Affected is Pillow before version 12.2.0; the issue is resolved in 12.2.0. The CVSS vector indicates local, low complexity access with no privileges required and ...

CVE•added 2026/05/09 4:8 a.m.•17 views

CVE-2026-42309

CVE-2026-42309 affects the Pillow Python imaging library. From 11.2.1 up to 11.2.x before 12.2.0, passing nested lists as coordinates to APIs like ImagePath.Path, ImageDraw.ImageDraw.polygon, and ImageDraw.ImageDraw.line could cause a heap-based buffer overflow because nested coordinates were rec...

Github Security Blog•added 2026/05/04 8:20 p.m.•16 views

Pillow has an OOB Write with Invalid PSD Tile Extents (Integer Overflow)

Impact Processing a malicious PSD file could lead to memory corruption, potentially resulting in a crash or arbitrary code execution. Patches Patched version: 12.2.0 Pillow 12.1.1 addressed CVE-2026-25990 by adding checks for tile extents in PSD image decoding/encoding to prevent an out-of-bounds...

8.6CVSS6.9AI score0.0002EPSS

Exploits1References7Affected Software1

Positive Technologies•added 2026/05/04 12:0 a.m.•4 views

PT-2026-37199

Name of the Vulnerable Software and Affected Versions Pillow versions 4.2.0 through 12.1.x Description A flaw in the PdfParser allows an attacker to supply a malicious PDF that causes the process to hang indefinitely, consuming 100% CPU and making the application unresponsive. This occurs because...