CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2024-24709
Medium

Missing Authorization vulnerability in Shareaholic allows exploiting incorrectly configured access control security levels. This issue affects Shareaholic from n/a through 9.7.11.

CVE-2026-48776
Medium

Vulnerability in LangGraph Python SDK (versions up to 0.3.14) due to unsafe URL path construction from unsanitized caller-supplied identifiers. Identifiers with special URL characters can cause HTTP requests to target different resources, potentially leading to unauthorized access, modification, or deletion.

CVE-2026-46979
Medium

Vulnerability in Oracle PeopleSoft Enterprise CS Campus Community (component: Integration and Interfaces). Affects version 9.2.38. Allows a high-privileged attacker with network access via HTTPS to perform unauthorized creation, deletion, or modification of critical data and access all accessible data.

CVE-2026-46877
Medium

Vulnerability in the Oracle VM VirtualBox product (component: VMSVGA device) in version 7.2.8 allows a high privileged attacker to gain access to the system, potentially compromising Oracle VM VirtualBox. Attacks may significantly impact additional products, increasing the scope of the threat.

CVE-2026-46871
Medium

Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell for VS Code) allows a low privileged attacker with network access to compromise MySQL Shell. Successful attacks can lead to unauthorized access to critical data or complete access to all MySQL Shell accessible data.

CVE-2026-46869
Medium

A vulnerability in the MySQL Shell product of Oracle MySQL allows an unauthenticated attacker with network access to compromise MySQL Shell. Human interaction is required, increasing the risk of unauthorized access to critical data.

CVE-2026-46825
Medium

A vulnerability in the Oracle VM VirtualBox product (component: VMSVGA device) allows an easily exploitable attack by a high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox runs. Attacks may significantly impact additional products, leading to unauthorized access to critical data.

CVE-2026-46812
Medium

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware, affecting the Authentication Engine. It allows an unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager, requiring interaction from a person other than the attacker.

CVE-2026-46810
Medium

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: End User Self Service) allows an unauthenticated attacker with network access via IIOP to compromise Identity Manager. Successful attacks can lead to unauthorized access to data, including updates, inserts, or deletions.

CVE-2026-46790
Medium

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server) allows easy exploitation by an unauthenticated attacker with network access via HTTP. Successful attacks can lead to unauthorized access to a subset of Oracle WebCenter Content accessible data.

CVE-2026-46772
Medium

Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware, affecting versions 12.2.1.4.0 and 14.1.2.0.0. It allows a high privileged attacker with access to the infrastructure to compromise ADF, potentially leading to unauthorized access to critical data.

CVE-2026-46771
Medium

Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware, affecting versions 12.2.1.4.0 and 14.1.2.0.0. A high-privileged attacker with access to the infrastructure can compromise ADF, leading to unauthorized access to critical data.

CVE-2026-46770
Medium

Vulnerability in Oracle Application Development Framework (ADF) in Oracle Fusion Middleware allows unauthenticated attacker with network access via HTTP to compromise ADF. Successful attacks require human interaction and may significantly impact additional products.

CVE-2026-46768
Medium

A vulnerability in the Oracle VM VirtualBox product (component: VMSVGA device) allows an easily exploitable attack by a high privileged attacker with access to the infrastructure where Oracle VM VirtualBox runs. Attacks may lead to hangs or frequent crashes of Oracle VM VirtualBox.

CVE-2026-35291
Medium

Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console) allows a high privileged attacker with network access via HTTP to compromise WebLogic Server. Affected versions are 14.1.2.0.0 and 15.1.1.0.0.

CVE-2026-35261
Medium

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware, affecting the Authentication Engine. It allows an unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager.

CVE-2026-46448
Medium

A vulnerability in OpenStack Nova before version 33.0.2 allows bypassing Placement allocation during instance creation via the API. The server does not strip certain hint data, resulting in no Placement allocation for the instance.

CVE-2026-12425
Medium

A cross-site scripting (XSS) vulnerability has been found in PowerSchool Employee Access Center version 23.10. It involves improper neutralization of input during web page generation, allowing injection of JavaScript code after the login URL. The injected code is then executed via eval() in the context of the user's browser.

CVE-2026-12117
Medium

In Devolutions Server 2026.2.5, improper access control in the social login connection endpoint allows an authenticated vault member to enumerate social login entry metadata to which they are not authorized.

CVE-2026-12105
Medium

Improper access control in Devolutions Server 2026.2.5 and 2026.1.21 allows an authenticated user to access attachments via folder duplication with inherited permissions.

PreviousPage 109 of 553Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS