CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST - in English
CISA KEV catalog updated: (v2026.07.10)
Missing Authorization vulnerability in Shareaholic allows exploiting incorrectly configured access control security levels. This issue affects Shareaholic from n/a through 9.7.11.
Vulnerability in LangGraph Python SDK (versions up to 0.3.14) due to unsafe URL path construction from unsanitized caller-supplied identifiers. Identifiers with special URL characters can cause HTTP requests to target different resources, potentially leading to unauthorized access, modification, or deletion.
Vulnerability in Oracle PeopleSoft Enterprise CS Campus Community (component: Integration and Interfaces). Affects version 9.2.38. Allows a high-privileged attacker with network access via HTTPS to perform unauthorized creation, deletion, or modification of critical data and access all accessible data.
Vulnerability in the Oracle VM VirtualBox product (component: VMSVGA device) in version 7.2.8 allows a high privileged attacker to gain access to the system, potentially compromising Oracle VM VirtualBox. Attacks may significantly impact additional products, increasing the scope of the threat.
Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell for VS Code) allows a low privileged attacker with network access to compromise MySQL Shell. Successful attacks can lead to unauthorized access to critical data or complete access to all MySQL Shell accessible data.
A vulnerability in the MySQL Shell product of Oracle MySQL allows an unauthenticated attacker with network access to compromise MySQL Shell. Human interaction is required, increasing the risk of unauthorized access to critical data.
A vulnerability in the Oracle VM VirtualBox product (component: VMSVGA device) allows an easily exploitable attack by a high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox runs. Attacks may significantly impact additional products, leading to unauthorized access to critical data.
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware, affecting the Authentication Engine. It allows an unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager, requiring interaction from a person other than the attacker.
Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: End User Self Service) allows an unauthenticated attacker with network access via IIOP to compromise Identity Manager. Successful attacks can lead to unauthorized access to data, including updates, inserts, or deletions.
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server) allows easy exploitation by an unauthenticated attacker with network access via HTTP. Successful attacks can lead to unauthorized access to a subset of Oracle WebCenter Content accessible data.
Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware, affecting versions 12.2.1.4.0 and 14.1.2.0.0. It allows a high privileged attacker with access to the infrastructure to compromise ADF, potentially leading to unauthorized access to critical data.
Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware, affecting versions 12.2.1.4.0 and 14.1.2.0.0. A high-privileged attacker with access to the infrastructure can compromise ADF, leading to unauthorized access to critical data.
Vulnerability in Oracle Application Development Framework (ADF) in Oracle Fusion Middleware allows unauthenticated attacker with network access via HTTP to compromise ADF. Successful attacks require human interaction and may significantly impact additional products.
A vulnerability in the Oracle VM VirtualBox product (component: VMSVGA device) allows an easily exploitable attack by a high privileged attacker with access to the infrastructure where Oracle VM VirtualBox runs. Attacks may lead to hangs or frequent crashes of Oracle VM VirtualBox.
Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console) allows a high privileged attacker with network access via HTTP to compromise WebLogic Server. Affected versions are 14.1.2.0.0 and 15.1.1.0.0.
Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware, affecting the Authentication Engine. It allows an unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager.
A vulnerability in OpenStack Nova before version 33.0.2 allows bypassing Placement allocation during instance creation via the API. The server does not strip certain hint data, resulting in no Placement allocation for the instance.
A cross-site scripting (XSS) vulnerability has been found in PowerSchool Employee Access Center version 23.10. It involves improper neutralization of input during web page generation, allowing injection of JavaScript code after the login URL. The injected code is then executed via eval() in the context of the user's browser.
In Devolutions Server 2026.2.5, improper access control in the social login connection endpoint allows an authenticated vault member to enumerate social login entry metadata to which they are not authorized.
Improper access control in Devolutions Server 2026.2.5 and 2026.1.21 allows an authenticated user to access attachments via folder duplication with inherited permissions.

