CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2025-48617
High

In CarrierConfigLoader.java's overrideConfig, there is a possible way to bypass UID check due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed.

CVE-2025-31013
High

CVE-2025-31013 describes an improper neutralization of input during web page generation in Themify Folo, leading to a Reflected XSS vulnerability.

CVE-2024-49269
High

Versions of my flatonica <= 0.0.8 are vulnerable to unauthenticated Cross Site Scripting (XSS). An attacker can exploit this vulnerability to inject malicious scripts in the user's context.

CVE-2024-32949
High

Missing Authorization in Prince Integrate Google Drive allows exploiting incorrectly configured access control security levels.

CVE-2024-32729
High

A 'Path Traversal' vulnerability in QuantumCloud Conversational Forms for ChatBot allows improper limitation of a pathname to a restricted directory.

CVE-2026-48294
High

Adobe Acrobat PDF Extension for Chrome versions 26.5.2.2 and earlier are affected by a UXSS-class cross-origin data disclosure vulnerability. An attacker could exploit this vulnerability to gain access to data regarding the victim's session.

CVE-2026-46976
High

Vulnerability in the Oracle Public Sector Payroll product of Oracle E-Business Suite, affecting the component: Internal Operations. Versions 12.2.3-12.2.15 are susceptible to easily exploitable attacks that can lead to system takeover.

CVE-2026-46974
High

Vulnerability in the Oracle VM VirtualBox product (component: Core) in version 7.2.8, which can be exploited by a high privileged attacker with access to the infrastructure where Oracle VM VirtualBox runs. This allows for takeover of Oracle VM VirtualBox.

CVE-2026-46973
High

Vulnerability in the Oracle Outsourced Mfg for Discrete Industries product of Oracle E-Business Suite, affecting the Internal Operations component. Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Outsourced Mfg for Discrete Industries.

CVE-2026-46972
High

Vulnerability in the Oracle Outsourced Mfg for Discrete Industries product of Oracle E-Business Suite allows a low privileged attacker with network access via HTTP to take control of the system. Affects versions 12.2.3-12.2.15.

CVE-2026-46971
High

Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite, affecting the Internal Operations component. It allows a low privileged attacker with network access via HTTP to compromise Oracle HR Intelligence.

CVE-2026-46970
High

Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite allows a high privileged attacker with network access via HTTP to compromise Oracle HR Intelligence. Supported versions affected are 12.2.3-12.2.15.

CVE-2026-46969
High

Vulnerability in the Oracle Financials for EMEA product of Oracle E-Business Suite, affecting the Internal Operations component. Versions 12.2.3-12.2.15 are susceptible to easily exploitable attacks that can lead to takeover of Oracle Financials for EMEA.

CVE-2026-46967
High

Vulnerability in the Oracle Public Sector Financials (International) product of Oracle E-Business Suite, affecting the authorization component. Easily exploitable by a low privileged attacker with network access via HTTP, potentially leading to system takeover.

CVE-2026-46966
High

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite, affecting Work Provider Site Level Administration. It allows a low privileged attacker with network access via HTTP to compromise Oracle Universal Work Queue.

CVE-2026-46965
High

Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite, affecting Work Provider Site Level Administration. Supported versions 12.2.3-12.2.15 are easily exploitable by a low privileged attacker with network access via HTTP.

CVE-2026-46962
High

Vulnerability in the Oracle Project Portfolio Analysis product of Oracle E-Business Suite allows a low privileged attacker with network access via HTTP to compromise Oracle Project Portfolio Analysis. Affected versions are 12.2.3-12.2.15.

CVE-2026-46961
High

Vulnerability in the Oracle Project Portfolio Analysis product of Oracle E-Business Suite allows a low privileged attacker with network access via HTTP to compromise Oracle Project Portfolio Analysis. Supported versions affected are 12.2.3-12.2.15.

CVE-2026-46960
High

Vulnerability in the Oracle Project Portfolio Analysis product of Oracle E-Business Suite allows a high privileged attacker with network access via HTTP to take over Oracle Project Portfolio Analysis. Affects versions 12.2.3-12.2.15.

CVE-2026-46959
High

Vulnerability in the Oracle Subledger Accounting product of Oracle E-Business Suite, affecting versions 12.2.3-12.2.15. It allows a low privileged attacker with network access via HTTP to compromise Oracle Subledger Accounting.

PreviousPage 120 of 3359Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS