CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST - in English

CISA KEV catalog updated: (v2026.07.10)

CVE-2026-46772
Medium

Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware, affecting versions 12.2.1.4.0 and 14.1.2.0.0. It allows a high privileged attacker with access to the infrastructure to compromise ADF, potentially leading to unauthorized access to critical data.

CVE-2026-46771
Medium

Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware, affecting versions 12.2.1.4.0 and 14.1.2.0.0. A high-privileged attacker with access to the infrastructure can compromise ADF, leading to unauthorized access to critical data.

CVE-2026-46770
Medium

Vulnerability in Oracle Application Development Framework (ADF) in Oracle Fusion Middleware allows unauthenticated attacker with network access via HTTP to compromise ADF. Successful attacks require human interaction and may significantly impact additional products.

CVE-2026-46768
Medium

A vulnerability in the Oracle VM VirtualBox product (component: VMSVGA device) allows an easily exploitable attack by a high privileged attacker with access to the infrastructure where Oracle VM VirtualBox runs. Attacks may lead to hangs or frequent crashes of Oracle VM VirtualBox.

CVE-2026-35291
Medium

Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console) allows a high privileged attacker with network access via HTTP to compromise WebLogic Server. Affected versions are 14.1.2.0.0 and 15.1.1.0.0.

CVE-2026-35261
Medium

Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware, affecting the Authentication Engine. It allows an unauthenticated attacker with network access via HTTP to compromise Oracle Access Manager.

CVE-2026-46448
Medium

A vulnerability in OpenStack Nova before version 33.0.2 allows bypassing Placement allocation during instance creation via the API. The server does not strip certain hint data, resulting in no Placement allocation for the instance.

CVE-2026-12425
Medium

A cross-site scripting (XSS) vulnerability has been found in PowerSchool Employee Access Center version 23.10. It involves improper neutralization of input during web page generation, allowing injection of JavaScript code after the login URL. The injected code is then executed via eval() in the context of the user's browser.

CVE-2026-12117
Medium

In Devolutions Server 2026.2.5, improper access control in the social login connection endpoint allows an authenticated vault member to enumerate social login entry metadata to which they are not authorized.

CVE-2026-12105
Medium

Improper access control in Devolutions Server 2026.2.5 and 2026.1.21 allows an authenticated user to access attachments via folder duplication with inherited permissions.

CVE-2026-11890
Medium

Improper access control in PAM account discovery in Devolutions Server 2026.2.5 and 2026.1.21 allows an authenticated user to retrieve account discovery scan results.

CVE-2026-0165
Medium

In several functions of the RTCP packet decoder, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed.

CVE-2026-0157
Medium

In RtcpHeader::decodeRtcpHeader, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed.

CVE-2026-0155
Medium

In ImsMediaBitReader::ReadByteBuffer, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed.

CVE-2026-0144
Medium

In the writeAocCommand function of AocAudioCodec.cpp, there is a possible memory safety issue due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed.

CVE-2026-0141
Medium

In the decodeAppPacket function of RtcpAppPacket.cpp, there is a possible out-of-bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed.

CVE-2026-0140
Medium

In RtpPacket::decodePacket, there is a possible out-of-bounds read due to an integer overflow. This could lead to remote information disclosure with no additional execution privileges needed.

CVE-2026-0136
Medium

In Modem, there is a possible out of bounds read due to a missing bounds check. This could lead to remote denial of service with no additional execution privileges needed.

CVE-2026-0128
Medium

In the RtcpFbPacket::decodeRtcpFbPacket function, there is a possible out-of-bounds read due to an integer overflow. This could lead to remote information disclosure without the need for additional execution privileges. User interaction is required for exploitation.

CVE-2026-0127
Medium

In the NrmmMsgCodec::DecodeUPUTransparentContext function of cn_NrmmDecoder.cpp, there is a possible out-of-bounds read due to memory corruption. This could lead to remote denial of service causing a communication processor crash with no additional execution privileges needed.

PreviousPage 111 of 556Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS