CVE-2026-46820

Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite component: Common Components. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle...

PT-2026-44062

Name of the Vulnerable Software and Affected Versions Budibase versions prior to 3.39.0 Description An issue exists in the open-source low-code platform where the webhook schema-building endpoint is registered under builderRoutes, but the generic authorization middleware fails to enforce...

CVE-2026-8428 CSRF token is not validated in the core CMS update controller for Concrete CMS 9.5.0 and below

Concrete CMS 9.5.0 and below emits a CSRF token in the localavailableupdate.php view $token-output'doupdate' but the corresponding doupdate method in concrete/controllers/singlepage/dashboard/system/update/update.php never calls $this-token-validate'doupdate'. The form is rendered as a POST form,...

CVE-2026-6400 Child Height Predictor by Ostheimer <= 1.3 - Cross-Site Request Forgery to Settings Update via Plugin Settings Form

The Child Height Predictor by Ostheimer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.3. This is due to missing nonce verification in the options function, which handles plugin settings updates. The form template does not include a...

GHSA-JGJ3-R8HR-9PJW Open WebUI's Improper Authorization in Standard Channels Allows Message Updates with Read Permission

Vulnerability Description In standard channels i.e., channels whose channel.type is neither group nor dm, the endpoint POST /api/v1/channels/channelid/messages/messageid/update can be accessed with read permission only. When accesscontrol is set to None, the authorization check hasaccess...,...

BIT-JRE-2026-21925

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: RMI. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 and...

PT-2026-38816

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 8u401-perf, 11.0.22, 17.0.10, 21.0.2, 22; Oracle GraalVM for JDK: 17.0.10, 21.0.2 and 22; Oracle...

CVE-2026-25775

CVE-2026-25775 concerns SenseLive X3050, where the remote management service allows firmware retrieval and updates without authentication or authorization. The service accepts firmware-related requests from any reachable host and does not verify user privileges, the integrity of uploaded images, ...

WordPress plugin Inquiry Cart 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

Oracle Workflow 安全漏洞

Oracle Workflow is a business process automation engine developed by Oracle, a US-based company. Versions 12.2.3 to 12.2.15 of Oracle Workflow contain security vulnerabilities. These vulnerabilities stem from issues with the Workflow Loader component. Vulnerable attackers could exploit these...

CVE-2026-6388

A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates ...

CVE-2026-6388 Argocd-image-updater: argocd image updater: cross-namespace privilege escalation via insufficient namespace validation

A flaw was found in ArgoCD Image Updater. This vulnerability allows an attacker, with permissions to create or modify an ImageUpdater resource in a multi-tenant environment, to bypass namespace boundaries. By exploiting insufficient validation, the attacker can trigger unauthorized image updates ...

EUVD-2026-22150

Due to missing authorization checks in the SAP S/4HANA backend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...

CVE-2026-27678

Due to missing authorization checks in the SAP S/4HANA backend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...

CVE-2026-27678 Missing Authorization check in SAP S/4HANA Backend OData Service (Manage Reference Structures)

Due to missing authorization checks in the SAP S/4HANA backend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...

CVE-2026-27678

CVE-2026-27678 affects SAP S/4HANA backend OData Service (Manage Reference Structures); missing authorization checks allow updating and deleting child entities via exposed OData. Impact: integrity high; no confidentiality/availability impact. See SAP notes and security patch day for mitigations.

CVE-2026-27677

Due to missing authorization checks in the SAP S/4HANA OData Service Manage Reference Equipment, an attacker could update and delete child entities via OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and availability are not...

CVE-2026-27676 Missing Authorization check in SAP S/4HANA OData Service (Manage Technical Object Structures)

Due to missing authorization checks in the SAP S/4HANA OData Service Manage Technical Object Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability results in a low impact on integrity, while confidentiality and...

PT-2026-32558

Due to missing authorization checks in the SAP S/4HANA backend OData Service Manage Reference Structures, an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and...

SAP S/4HANA OData Service 安全漏洞

The SAP S/4HANA OData Service is an enterprise system data interface and service integration component provided by SAP, a German company. There is a security vulnerability in the SAP S/4HANA OData Service Manage Reference Equipment, which stems from the lack of authorization checks. This...