CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.01)
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware allows a high privileged attacker with network access via HTTP to compromise Oracle WebCenter Content. Attacks may also significantly impact additional products.
Vulnerability in the Identity Manager product of Oracle Fusion Middleware allows a low privileged attacker with network access to compromise Identity Manager. Affected versions are 12.2.1.4.0 and 14.1.2.1.0.
Vulnerability in the WebLogic Server product of Oracle affecting versions 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable by a low privileged attacker with network access via HTTP, potentially leading to takeover of the WebLogic Server.
FileBrowser Quantum versions prior to 1.3.2-stable, 1.4.0-beta, and 1.4.1-beta are vulnerable to Path Traversal. The issue occurs in publicPatchHandler, where user-controlled paths can be manipulated, allowing operations on files outside the shared directory.
The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability, an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by the underlying operating system.
In WC-Radio, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed.
Perry before version 0.5.1166 contains a JWT validation vulnerability that allows remote attackers to bypass token expiration. By exploiting the unconditional setting of validate_exp = false, attackers can use expired tokens to retain authenticated access indefinitely.
An authentication bypass security issue exists within FactoryTalk Historian Site Edition. By continually sending requests to the login endpoint, an attacker may obtain a valid authentication token.
Mitigation bypass in the DOM security component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.
A vulnerability involving a mitigation bypass in the DOM security component. It was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
A vulnerability allowing same-origin policy bypass in the Networking: Cookies component. It was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
A sandbox escape vulnerability in the Networking component of Firefox and Thunderbird due to incorrect boundary conditions. Fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
A sandbox escape vulnerability in the Security: Process Sandboxing component. This flaw was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.
A sandbox escape vulnerability exists in the DOM: Navigation component. This flaw was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
A sandbox escape vulnerability exists in the DOM: Workers component of Firefox and Thunderbird. The flaw was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.
A use-after-free vulnerability was found in the WebGPU component of Firefox and Thunderbird. The flaw was fixed in versions 152 of both applications.
CVE-2026-40750 vulnerability in themagnifico52 Kids Online Store allows unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server.
Versions of GEO my WordPress up to 4.5.5 are vulnerable to unauthenticated SQL Injection.
CVE-2026-49774 describes an improper control of code generation vulnerability that allows remote code inclusion in the RD Station application. This issue affects RD Station versions from n/a through 5.6.0.
CVE-2026-49772 describes an improper neutralization of special elements used in SQL commands, allowing for Blind SQL Injection attacks in The Events Calendar application.

