Search Results (8422 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2026-35262 1 Oracle 1 Data Integrator 2026-06-18 8.3 High
Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Market Place). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Data Integrator. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Data Integrator accessible data as well as unauthorized access to critical data or complete access to all Oracle Data Integrator accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Data Integrator. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L).
CVE-2026-0081 1 Google 1 Android 2026-06-18 N/A
In NFC, there is a possible way to spoof an NFC event due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2026-38329 2026-06-18 9.8 Critical
Bludit CMS before version 3.18.4 allows Remote Code Execution (RCE) via the API Plugin. The POST /api/files/{key} endpoint in bl-plugins/api/plugin.php fails to perform authorization checks and lacks file extension validation. An attacker with a valid API token can upload a malicious PHP script and execute arbitrary code on the server.
CVE-2026-46976 1 Oracle 1 Public Sector Payroll 2026-06-17 7.2 High
Vulnerability in the Oracle Public Sector Payroll product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Public Sector Payroll. Successful attacks of this vulnerability can result in takeover of Oracle Public Sector Payroll. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
CVE-2026-0145 1 Google 1 Android 2026-06-17 3.3 Low
In keymint, there is a possible Permission Bypass due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2026-0158 1 Google 1 Android 2026-06-17 3.3 Low
In Camera, there is a possible unauthorized way to access photos due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2026-46802 1 Oracle 1 Webcenter Portal 2026-06-17 9.9 Critical
Vulnerability in the Oracle WebCenter Portal product of Oracle Fusion Middleware (component: Security Framework). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle WebCenter Portal. While the vulnerability is in Oracle WebCenter Portal, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle WebCenter Portal. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
CVE-2026-46772 1 Oracle 1 Application Development Framework 2026-06-17 4.7 Medium
Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Application Development Framework (ADF) executes to compromise Oracle Application Development Framework (ADF). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Application Development Framework (ADF) accessible data as well as unauthorized update, insert or delete access to some of Oracle Application Development Framework (ADF) accessible data. CVSS 3.1 Base Score 4.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:L/A:N).
CVE-2026-0133 1 Google 1 Android 2026-06-17 7.8 High
In smmu_attach_dev of arm-smmu-v3.c, there is a possible way to sign malicious Android Runtime bootclass artifacts due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-24709 2 Shareaholic, Wordpress 2 Shareaholic, Wordpress 2026-06-17 4.3 Medium
Missing Authorization vulnerability in Shareaholic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Shareaholic: from n/a through 9.7.11.
CVE-2024-32949 2 Prince, Wordpress 2 Integrate Google Drive, Wordpress 2026-06-17 8.3 High
Missing Authorization vulnerability in Prince Integrate Google Drive allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Integrate Google Drive: from n/a through 1.3.8.
CVE-2024-33909 2 Avirtum, Wordpress 2 Ipages Flipbook, Wordpress 2026-06-17 5.3 Medium
Missing Authorization vulnerability in Avirtum iPages Flipbook allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects iPages Flipbook: from n/a through 1.5.1.
CVE-2026-40723 2 Bricks, Wordpress 2 Bricks Builder, Wordpress 2026-06-17 4.3 Medium
Subscriber Broken Access Control in Bricks Builder <= 2.1.4 versions.
CVE-2026-24575 2 Wishlist Member, Wordpress 2 Wishlist Member X, Wordpress 2026-06-17 4.3 Medium
Subscriber Broken Access Control in WishList Member X <= 3.29.0 versions.
CVE-2026-24611 2 Wordpress, Wpmet 2 Wordpress, Metform Pro 2026-06-17 9.1 Critical
Unauthenticated Broken Access Control in MetForm Pro <= 3.9.1 versions.
CVE-2026-39595 2 Boldgrid, Wordpress 2 W3 Total Cache, Wordpress 2026-06-17 4.7 Medium
Author Broken Access Control in W3 Total Cache <= 2.9.1 versions.
CVE-2026-8383 2026-06-17 5.3 Medium
The LearnPress WordPress plugin before 4.3.7 does not gate the `edit` context on one of its REST endpoint behind the `edit_users` capability, allowing unauthenticated visitors to retrieve each returned user's roles, full capabilities map, extra capabilities, locale, and registration date via a crafted request
CVE-2026-39433 2026-06-17 6.5 Medium
Subscriber Arbitrary Content Deletion in WPAMS < 49.5.3 versions.
CVE-2026-54802 2026-06-17 7.5 High
Unauthenticated Broken Authentication in SMS Alert Order Notifications <= 3.9.3 versions.
CVE-2026-45436 2026-06-17 6.5 Medium
Subscriber Broken Access Control in WPBakery Page Builder <= 8.7.2 versions.