CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-12440
Critical

A 'use after free' vulnerability in DigitalCredentials in Google Chrome on Windows prior to version 149.0.7827.155 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

CVE-2026-10094
Critical

A Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOLIDWORKS Desktop Release 2024 through SOLIDWORKS Desktop Release 2026 could allow an attacker to write arbitrary files on the server.

CVE-2026-0092
Critical

In Package Manager, there is a possible device lock controller bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed.

CVE-2025-69179
Critical

There is an unauthenticated privilege escalation vulnerability in Support Ticket Management System versions <= 1.9.

CVE-2025-69129
Critical

The WordPress & WooCommerce Scraper plugin versions <= 1.0.7 allows unauthenticated arbitrary file uploads.

CVE-2025-69122
Critical

Versions of SeaFood Company up to 1.4 are vulnerable to unauthenticated PHP object injection.

CVE-2025-69108
Critical

There is a vulnerability in Hot Coffee versions up to 1.7 that allows unauthenticated PHP object injection.

CVE-2025-60218
Critical

In PT Luxa Addons versions up to 1.2.2, there is a vulnerability that allows subscribers to upload arbitrary files.

CVE-2025-60205
Critical

There is an unauthenticated PHP Object Injection vulnerability in ThemeREX Addons versions <= 2.36.1.1.

CVE-2024-52488
Critical

In Grip versions up to 1.0.9, there is a vulnerability that allows subscribers to upload arbitrary files.

CVE-2026-46978
Critical

Vulnerability in Oracle Solaris (component: Remote Administration Daemon) version 11.4. An unauthenticated attacker with network access via HTTPS can fully compromise the system, leading to unauthorized creation, deletion, or modification of all data and complete access to it. The attack scope may extend beyond Solaris (scope change).

CVE-2026-46964
Critical

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite allows a low privileged attacker with network access via HTTP to compromise Oracle Universal Work Queue. Attacks may significantly impact additional products.

CVE-2026-46963
Critical

A vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite allows a low privileged attacker with network access via HTTP to compromise Oracle Universal Work Queue. Attacks may significantly impact additional products, changing the scope of the threat.

CVE-2026-46949
Critical

Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite allows unauthenticated attackers with network access via HTTP to compromise the system. Versions 12.2.3-12.2.15 are susceptible to easily exploitable attacks.

CVE-2026-46946
Critical

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite allows a high privileged attacker with network access via HTTP to compromise Oracle iSupport. Attacks may significantly impact additional products, increasing the scope of the threat.

CVE-2026-46945
Critical

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite allows a high privileged attacker with network access via HTTP to compromise Oracle iSupport. Attacks may significantly impact additional products, changing the scope of the threat.

CVE-2026-46944
Critical

Vulnerability in the Oracle iSupport product of Oracle E-Business Suite, affecting versions 12.2.3-12.2.15. Easily exploitable by a high privileged attacker with network access via HTTP, potentially leading to takeover of Oracle iSupport.

CVE-2026-46933
Critical

A vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite allows a low privileged attacker with network access via HTTP to compromise Oracle Applications Manager. Attacks may significantly impact additional products.

CVE-2026-46930
Critical

Vulnerability in the Oracle In-Memory Cost Management for Discrete Industries product of Oracle E-Business Suite allows unauthenticated attackers with network access via HTTPS to compromise the system. Attackers can gain unauthorized access to critical data and have the ability to create, delete, or modify it.

CVE-2026-46919
Critical

Vulnerability in the Siebel CRM Cloud Applications product of Oracle (component: Siebel Cloud Manager) allows an unauthenticated attacker with network access via HTTP to compromise the application. Affects versions 17.0 to 26.5.

PreviousPage 28 of 554Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS