CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.07)

CVE-2026-35275
High

A vulnerability in the Oracle VM VirtualBox product (component: Shared Folders) allows a low privileged attacker to compromise Oracle VM VirtualBox. Attacks may significantly impact additional products, increasing the scope of the threat.

CVE-2026-35274
High

Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle, affecting versions 8.61 and 8.62. It allows an unauthenticated attacker with network access via HTTP to compromise the system.

CVE-2026-35272
High

Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle, affecting the Deployment Package component. Versions 8.61 and 8.62 are susceptible to easily exploitable attacks that can lead to system takeover by an unauthorized user.

CVE-2026-35271
High

Vulnerability in the PeopleSoft Enterprise PT PeopleTools product of Oracle, affecting versions 8.61 and 8.62. It allows an unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PT PeopleTools.

CVE-2026-35269
High

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) allows easy exploitation by an unauthenticated attacker with network access via HTTP. An attacker can gain unauthorized access to critical data, potentially leading to its creation, deletion, or modification.

CVE-2026-35267
High

Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices) allows a low privileged attacker with network access via HTTP to compromise Identity Manager. The impact on confidentiality, integrity, and availability is significant.

CVE-2026-35265
High

Vulnerability in the Identity Manager product of Oracle Fusion Middleware allows a low privileged attacker with network access via HTTP to compromise Identity Manager. Affected versions are 12.2.1.4.0 and 14.1.2.1.0.

CVE-2026-35262
High

Vulnerability in the Oracle Data Integrator product of Oracle Fusion Middleware (component: Market Place) allows a low privileged attacker with network access via HTTP to compromise Oracle Data Integrator. Successful attacks can lead to unauthorized creation, deletion, or modification of data and partial denial of service.

CVE-2026-35259
High

Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console) allows an unauthenticated attacker with network access via HTTPS to compromise the WebLogic Server. Successful attacks require human interaction from a person other than the attacker.

CVE-2026-35258
High

Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console) allows a low privileged attacker with network access via HTTPS to compromise WebLogic Server. Attacks may significantly impact additional products.

CVE-2026-12348
High

Arc Search for Android has an address bar spoofing vulnerability that allows a remote attacker to display a trusted domain in the address bar while rendering attacker-controlled content.

CVE-2026-47750
High

The stable-diffusion.cpp library has a heap buffer overflow vulnerability in the GLOBAL opcode handler in the .ckpt parser, which can lead to memory corruption. This issue affects versions prior to master-584-0a7ae07 and is caused by missing validation when searching for newline-delimited fields.

CVE-2026-47747
High

The stable-diffusion.cpp library has a heap buffer overflow vulnerability in the BINUNICODE opcode handler in the .ckpt parser, which can lead to memory corruption. This issue affects versions prior to master-584-0a7ae07.

CVE-2026-22312
High

The device has a webserver that exposes a REST API authenticated with a constant token. The unauthenticated API can be used by an attacker to get access to system settings, modify the configuration, and execute some commands (e.g. system reboot).

CVE-2026-10303
HighEPSS 50%

In getssl version 2.49 and prior, the ACME challenge token was not strictly validated against RFC 8555, allowing a maliciously crafted token to influence local path/filename usage during validation.

CVE-2026-0164
High

In the modem, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed.

CVE-2026-0162
High

In the ParsePayloads function of AudioSdpParser.cpp, there is a possible memory corruption due to type confusion. This could lead to remote code execution with no additional execution privileges needed.

CVE-2026-0161
High

In RtpSession.cpp, in the numberOfReportBlocks function, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed.

CVE-2026-0160
High

In TextRtpPayloadDecoderNode::DecodeT140 of TextRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed.

CVE-2026-0156
High

In checkSsrcCollisionOnRcv of RtpSession.cpp, there is a possible memory safety issue due to a missing null check. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation.

PreviousPage 125 of 3359Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS