CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
A 'use after free' vulnerability in DigitalCredentials in Google Chrome on Windows prior to version 149.0.7827.155 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.
A Path Traversal vulnerability affecting SOLIDWORKS Visualize from SOLIDWORKS Desktop Release 2024 through SOLIDWORKS Desktop Release 2026 could allow an attacker to write arbitrary files on the server.
In Package Manager, there is a possible device lock controller bypass due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed.
There is an unauthenticated privilege escalation vulnerability in Support Ticket Management System versions <= 1.9.
The WordPress & WooCommerce Scraper plugin versions <= 1.0.7 allows unauthenticated arbitrary file uploads.
Versions of SeaFood Company up to 1.4 are vulnerable to unauthenticated PHP object injection.
There is a vulnerability in Hot Coffee versions up to 1.7 that allows unauthenticated PHP object injection.
In PT Luxa Addons versions up to 1.2.2, there is a vulnerability that allows subscribers to upload arbitrary files.
There is an unauthenticated PHP Object Injection vulnerability in ThemeREX Addons versions <= 2.36.1.1.
In Grip versions up to 1.0.9, there is a vulnerability that allows subscribers to upload arbitrary files.
Vulnerability in Oracle Solaris (component: Remote Administration Daemon) version 11.4. An unauthenticated attacker with network access via HTTPS can fully compromise the system, leading to unauthorized creation, deletion, or modification of all data and complete access to it. The attack scope may extend beyond Solaris (scope change).
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite allows a low privileged attacker with network access via HTTP to compromise Oracle Universal Work Queue. Attacks may significantly impact additional products.
A vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite allows a low privileged attacker with network access via HTTP to compromise Oracle Universal Work Queue. Attacks may significantly impact additional products, changing the scope of the threat.
Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite allows unauthenticated attackers with network access via HTTP to compromise the system. Versions 12.2.3-12.2.15 are susceptible to easily exploitable attacks.
Vulnerability in the Oracle iSupport product of Oracle E-Business Suite allows a high privileged attacker with network access via HTTP to compromise Oracle iSupport. Attacks may significantly impact additional products, increasing the scope of the threat.
Vulnerability in the Oracle iSupport product of Oracle E-Business Suite allows a high privileged attacker with network access via HTTP to compromise Oracle iSupport. Attacks may significantly impact additional products, changing the scope of the threat.
Vulnerability in the Oracle iSupport product of Oracle E-Business Suite, affecting versions 12.2.3-12.2.15. Easily exploitable by a high privileged attacker with network access via HTTP, potentially leading to takeover of Oracle iSupport.
A vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite allows a low privileged attacker with network access via HTTP to compromise Oracle Applications Manager. Attacks may significantly impact additional products.
Vulnerability in the Oracle In-Memory Cost Management for Discrete Industries product of Oracle E-Business Suite allows unauthenticated attackers with network access via HTTPS to compromise the system. Attackers can gain unauthorized access to critical data and have the ability to create, delete, or modify it.
Vulnerability in the Siebel CRM Cloud Applications product of Oracle (component: Siebel Cloud Manager) allows an unauthenticated attacker with network access via HTTP to compromise the application. Affects versions 17.0 to 26.5.

