CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
In CarrierConfigLoader.java's overrideConfig, there is a possible way to bypass UID check due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed.
CVE-2025-31013 describes an improper neutralization of input during web page generation in Themify Folo, leading to a Reflected XSS vulnerability.
Versions of my flatonica <= 0.0.8 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious scripts in the user's context.
Missing Authorization in Prince Integrate Google Drive allows exploiting incorrectly configured access control security levels.
A 'Path Traversal' vulnerability in QuantumCloud Conversational Forms for ChatBot allows improper limitation of a pathname to a restricted directory.
Adobe Acrobat PDF Extension for Chrome versions 26.5.2.2 and earlier are affected by a UXSS-class cross-origin data disclosure vulnerability. An attacker could exploit this vulnerability to gain access to data regarding the victim's session.
Vulnerability in the Oracle Public Sector Payroll product of Oracle E-Business Suite, affecting the component: Internal Operations. Versions 12.2.3-12.2.15 are susceptible to easily exploitable attacks that can lead to system takeover.
Vulnerability in the Oracle VM VirtualBox product (component: Core) in version 7.2.8, which can be exploited by a high privileged attacker with access to the infrastructure where Oracle VM VirtualBox runs. This allows for takeover of Oracle VM VirtualBox.
Vulnerability in the Oracle Outsourced Mfg for Discrete Industries product of Oracle E-Business Suite, affecting the Internal Operations component. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Outsourced Mfg for Discrete Industries.
Vulnerability in the Oracle Outsourced Mfg for Discrete Industries product of Oracle E-Business Suite allows a low privileged attacker with network access via HTTP to take control of the system. Affects versions 12.2.3-12.2.15.
Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite, affecting the Internal Operations component. It allows a low privileged attacker with network access via HTTP to compromise Oracle HR Intelligence.
Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite allows a high privileged attacker with network access via HTTP to compromise Oracle HR Intelligence. Supported versions affected are 12.2.3-12.2.15.
Vulnerability in the Oracle Financials for EMEA product of Oracle E-Business Suite, affecting the Internal Operations component. Versions 12.2.3-12.2.15 are susceptible to easily exploitable attacks that can lead to takeover of Oracle Financials for EMEA.
Vulnerability in the Oracle Public Sector Financials (International) product of Oracle E-Business Suite, affecting the authorization component. Easily exploitable by a low privileged attacker with network access via HTTP, potentially leading to system takeover.
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite, affecting Work Provider Site Level Administration. It allows a low privileged attacker with network access via HTTP to compromise Oracle Universal Work Queue.
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite, affecting Work Provider Site Level Administration. Supported versions 12.2.3-12.2.15 are easily exploitable by a low privileged attacker with network access via HTTP.
Vulnerability in the Oracle Project Portfolio Analysis product of Oracle E-Business Suite allows a low privileged attacker with network access via HTTP to compromise Oracle Project Portfolio Analysis. Affected versions are 12.2.3-12.2.15.
Vulnerability in the Oracle Project Portfolio Analysis product of Oracle E-Business Suite allows a low privileged attacker with network access via HTTP to compromise Oracle Project Portfolio Analysis. Supported versions affected are 12.2.3-12.2.15.
Vulnerability in the Oracle Project Portfolio Analysis product of Oracle E-Business Suite allows a high privileged attacker with network access via HTTP to take over Oracle Project Portfolio Analysis. Affects versions 12.2.3-12.2.15.
Vulnerability in the Oracle Subledger Accounting product of Oracle E-Business Suite, affecting versions 12.2.3-12.2.15. It allows a low privileged attacker with network access via HTTP to compromise Oracle Subledger Accounting.

