CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-46812
Medium

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware, affecting the Authentication Engine. It allows an unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager, requiring interaction from a person other than the attacker.

CVE-2026-46810
Medium

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: End User Self Service) allows an unauthenticated attacker with network access via IIOP to compromise Identity Manager. Successful attacks can lead to unauthorized access to data, including updates, inserts, or deletions.

CVE-2026-46790
Medium

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server) allows easy exploitation by an unauthenticated attacker with network access via HTTP. Successful attacks can lead to unauthorized access to a subset of Oracle WebCenter Content accessible data.

CVE-2026-46772
Medium

Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware, affecting versions 12.2.1.4.0 and 14.1.2.0.0. It allows a high privileged attacker with access to the infrastructure to compromise ADF, potentially leading to unauthorized access to critical data.

CVE-2026-46771
Medium

Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware, affecting versions 12.2.1.4.0 and 14.1.2.0.0. A high-privileged attacker with access to the infrastructure can compromise ADF, leading to unauthorized access to critical data.

CVE-2026-46770
Medium

Vulnerability in Oracle Application Development Framework (ADF) in Oracle Fusion Middleware allows unauthenticated attacker with network access via HTTP to compromise ADF. Successful attacks require human interaction and may significantly impact additional products.

CVE-2026-46768
Medium

A vulnerability in the Oracle VM VirtualBox product (component: VMSVGA device) allows an easily exploitable attack by a high privileged attacker with access to the infrastructure where Oracle VM VirtualBox runs. Attacks may lead to hangs or frequent crashes of Oracle VM VirtualBox.

CVE-2026-35291
Medium

Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console) allows a high privileged attacker with network access via HTTP to compromise WebLogic Server. Affected versions are 14.1.2.0.0 and 15.1.1.0.0.

CVE-2026-35261
Medium

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware, affecting the Authentication Engine. It allows an unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager.

CVE-2026-46448
Medium

A vulnerability in OpenStack Nova before version 33.0.2 allows bypassing Placement allocation during instance creation via the API. The server does not strip certain hint data, resulting in no Placement allocation for the instance.

CVE-2026-12425
Medium

A cross-site scripting (XSS) vulnerability has been found in PowerSchool Employee Access Center version 23.10. It involves improper neutralization of input during web page generation, allowing injection of JavaScript code after the login URL. The injected code is then executed via eval() in the context of the user's browser.

CVE-2026-12117
Medium

In Devolutions Server 2026.2.5, improper access control in the social login connection endpoint allows an authenticated vault member to enumerate social login entry metadata to which they are not authorized.

CVE-2026-12105
Medium

Improper access control in Devolutions Server 2026.2.5 and 2026.1.21 allows an authenticated user to access attachments via folder duplication with inherited permissions.

CVE-2026-11890
Medium

Improper access control in PAM account discovery in Devolutions Server 2026.2.5 and 2026.1.21 allows an authenticated user to retrieve account discovery scan results.

CVE-2026-0165
Medium

In several functions of the RTCP packet decoder, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed.

CVE-2026-0157
Medium

In RtcpHeader::decodeRtcpHeader, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed.

CVE-2026-0155
Medium

In ImsMediaBitReader::ReadByteBuffer, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed.

CVE-2026-0144
Medium

In the writeAocCommand function of AocAudioCodec.cpp, there is a possible memory safety issue due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed.

CVE-2026-0141
Medium

In the decodeAppPacket function of RtcpAppPacket.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed.

CVE-2026-0140
Medium

In RtpPacket::decodePacket, there is a possible out-of-bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed.

PreviousPage 95 of 514Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS