CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware, affecting the Authentication Engine. It allows an unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager, requiring interaction from a person other than the attacker.
Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: End User Self Service) allows an unauthenticated attacker with network access via IIOP to compromise Identity Manager. Successful attacks can lead to unauthorized access to data, including updates, inserts, or deletions.
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server) allows easy exploitation by an unauthenticated attacker with network access via HTTP. Successful attacks can lead to unauthorized access to a subset of Oracle WebCenter Content accessible data.
Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware, affecting versions 12.2.1.4.0 and 14.1.2.0.0. It allows a high privileged attacker with access to the infrastructure to compromise ADF, potentially leading to unauthorized access to critical data.
Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware, affecting versions 12.2.1.4.0 and 14.1.2.0.0. A high-privileged attacker with access to the infrastructure can compromise ADF, leading to unauthorized access to critical data.
Vulnerability in Oracle Application Development Framework (ADF) in Oracle Fusion Middleware allows unauthenticated attacker with network access via HTTP to compromise ADF. Successful attacks require human interaction and may significantly impact additional products.
A vulnerability in the Oracle VM VirtualBox product (component: VMSVGA device) allows an easily exploitable attack by a high privileged attacker with access to the infrastructure where Oracle VM VirtualBox runs. Attacks may lead to hangs or frequent crashes of Oracle VM VirtualBox.
Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console) allows a high privileged attacker with network access via HTTP to compromise WebLogic Server. Affected versions are 14.1.2.0.0 and 15.1.1.0.0.
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware, affecting the Authentication Engine. It allows an unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager.
A vulnerability in OpenStack Nova before version 33.0.2 allows bypassing Placement allocation during instance creation via the API. The server does not strip certain hint data, resulting in no Placement allocation for the instance.
A cross-site scripting (XSS) vulnerability has been found in PowerSchool Employee Access Center version 23.10. It involves improper neutralization of input during web page generation, allowing injection of JavaScript code after the login URL. The injected code is then executed via eval() in the context of the user's browser.
In Devolutions Server 2026.2.5, improper access control in the social login connection endpoint allows an authenticated vault member to enumerate social login entry metadata to which they are not authorized.
Improper access control in Devolutions Server 2026.2.5 and 2026.1.21 allows an authenticated user to access attachments via folder duplication with inherited permissions.
Improper access control in PAM account discovery in Devolutions Server 2026.2.5 and 2026.1.21 allows an authenticated user to retrieve account discovery scan results.
In several functions of the RTCP packet decoder, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed.
In RtcpHeader::decodeRtcpHeader, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed.
In ImsMediaBitReader::ReadByteBuffer, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed.
In the writeAocCommand function of AocAudioCodec.cpp, there is a possible memory safety issue due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed.
In the decodeAppPacket function of RtcpAppPacket.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed.
In RtpPacket::decodePacket, there is a possible out-of-bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed.

