CVE Vulnerability Catalog

Translated CVE descriptions from NVD NIST — in English

CISA KEV catalog updated: (v2026.07.01)

CVE-2026-35270
Critical

Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware allows a high privileged attacker with network access via HTTP to compromise Oracle WebCenter Content. Attacks may also significantly impact additional products.

CVE-2026-35268
Critical

Vulnerability in the Identity Manager product of Oracle Fusion Middleware allows a low privileged attacker with network access to compromise Identity Manager. Affected versions are 12.2.1.4.0 and 14.1.2.1.0.

CVE-2026-35263
Critical

Vulnerability in the WebLogic Server product of Oracle affecting versions 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable by a low privileged attacker with network access via HTTP, potentially leading to takeover of the WebLogic Server.

CVE-2026-48777
Critical

FileBrowser Quantum versions prior to 1.3.2-stable, 1.4.0-beta, and 1.4.1-beta are vulnerable to Path Traversal. The issue occurs in publicPatchHandler, where user-controlled paths can be manipulated, allowing operations on files outside the shared directory.

CVE-2026-22313
CriticalEPSS 56%

The device has a webserver that exposes a REST API authenticated with a token on the management network. By exploiting an OS command injection vulnerability, an authenticated attacker can send arbitrary commands to the device that are executed with administrative permissions by the underlying operating system.

CVE-2026-0126
Critical

In WC-Radio, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed.

CVE-2026-53776
Critical

Perry before version 0.5.1166 contains a JWT validation vulnerability that allows remote attackers to bypass token expiration. By exploiting the unconditional setting of validate_exp = false, attackers can use expired tokens to retain authenticated access indefinitely.

CVE-2025-13036
Critical

An authentication bypass security issue exists within FactoryTalk Historian Site Edition. By continually sending requests to the login endpoint, an attacker may obtain a valid authentication token.

CVE-2026-12316
Critical

Mitigation bypass in the DOM security component. This vulnerability was fixed in Firefox 152 and Thunderbird 152.

CVE-2026-12315
Critical

A vulnerability involving a mitigation bypass in the DOM security component. It was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

CVE-2026-12304
Critical

A vulnerability allowing same-origin policy bypass in the Networking: Cookies component. It was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

CVE-2026-12297
Critical

A sandbox escape vulnerability in the Networking component of Firefox and Thunderbird due to incorrect boundary conditions. Fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

CVE-2026-12296
Critical

A sandbox escape vulnerability in the Security: Process Sandboxing component. This flaw was fixed in Firefox 152, Firefox ESR 140.12, Thunderbird 152, and Thunderbird 140.12.

CVE-2026-12295
Critical

A sandbox escape vulnerability exists in the DOM: Navigation component. This flaw was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

CVE-2026-12294
Critical

A sandbox escape vulnerability exists in the DOM: Workers component of Firefox and Thunderbird. The flaw was fixed in Firefox 152, Firefox ESR 140.12, Firefox ESR 115.37, Thunderbird 152, and Thunderbird 140.12.

CVE-2026-12293
Critical

A use-after-free vulnerability was found in the WebGPU component of Firefox and Thunderbird. The flaw was fixed in versions 152 of both applications.

CVE-2026-40750
Critical

CVE-2026-40750 vulnerability in themagnifico52 Kids Online Store allows unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server.

CVE-2026-52715
Critical

Versions of GEO my WordPress up to 4.5.5 are vulnerable to unauthenticated SQL Injection.

CVE-2026-49774
Critical

CVE-2026-49774 describes an improper control of code generation vulnerability that allows remote code inclusion in the RD Station application. This issue affects RD Station versions from n/a through 5.6.0.

CVE-2026-49772
Critical

CVE-2026-49772 describes an improper neutralization of special elements used in SQL commands, allowing for Blind SQL Injection attacks in The Events Calendar application.

PreviousPage 36 of 556Next

Vulnerability data from NVD (NIST) · CISA KEV · EPSS