CVE Vulnerability Catalog
Translated CVE descriptions from NVD NIST — in English
CISA KEV catalog updated: (v2026.07.07)
A vulnerability in the Oracle VM VirtualBox product (component: Shared Folders) allows a low privileged attacker to compromise Oracle VM VirtualBox. Attacks may significantly impact additional products, increasing the scope of the threat.
Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle, affecting versions 8.61 and 8.62. It allows an unauthenticated attacker with network access via HTTP to compromise the system.
Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle, affecting the Deployment Package component. Versions 8.61 and 8.62 are susceptible to easily exploitable attacks that can lead to system takeover by an unauthorized user.
Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle, affecting versions 8.61 and 8.62. It allows an unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools.
Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) allows easy exploitation by an unauthenticated attacker with network access via HTTP. An attacker can gain unauthorized access to critical data, potentially leading to its creation, deletion, or modification.
Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) allows a low privileged attacker with network access via HTTP to compromise Identity Manager. The impact on confidentiality, integrity, and availability is significant.
Vulnerability in the Identity Manager product of Oracle Fusion Middleware allows a low privileged attacker with network access via HTTP to compromise Identity Manager. Affected versions are 12.2.1.4.0 and 14.1.2.1.0.
Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Market Place) allows a low privileged attacker with network access via HTTP to compromise Oracle Data Integrator. Successful attacks can lead to unauthorized creation, deletion, or modification of data and partial denial of service.
Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console) allows an unauthenticated attacker with network access via HTTPS to compromise the WebLogic Server. Successful attacks require human interaction from a person other than the attacker.
Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console) allows a low privileged attacker with network access via HTTPS to compromise WebLogic Server. Attacks may significantly impact additional products.
Arc Search for Android has an address bar spoofing vulnerability that allows a remote attacker to display a trusted domain in the address bar while rendering attacker-controlled content.
The stable-diffusion.cpp library has a heap buffer overflow vulnerability in the GLOBAL opcode handler in the .ckpt parser, which can lead to memory corruption. This issue affects versions prior to master-584-0a7ae07 and is caused by missing validation when searching for newline-delimited fields.
The stable-diffusion.cpp library has a heap buffer overflow vulnerability in the BINUNICODE opcode handler in the .ckpt parser, which can lead to memory corruption. This issue affects versions prior to master-584-0a7ae07.
The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration, and execute some commands (e.g. system reboot).
In getssl version 2.49 and prior, the ACME challenge token was not strictly validated against RFC 8555, allowing a maliciously crafted token to influence local path/filename usage during validation.
In the modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed.
In the ParsePayloads function of AudioSdpParser.cpp, there is a possible memory corruption due to type confusion. This could lead to remote code execution with no additional execution privileges needed.
In RtpSession.cpp, in the numberOfReportBlocks function, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed.
In TextRtpPayloadDecoderNode::DecodeT140 of TextRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed.
In checkSsrcCollisionOnRcv of RtpSession.cpp, there is a possible memory safety issue due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

