Published threat advisories for June 17, 2026

A vulnerability in the OpenHuman desktop agent allows bypassing its command allowlist to execute arbitrary OS commands with user privileges. This can occur when the agent processes malicious content, leading to potential remote code execution, data exfiltration, and system compromise. Confirmation of the agent's presen

NVD published: June 17, 2026

A critical SQL injection vulnerability exists in the StylemixThemes Motors plugin, allowing unauthenticated attackers to potentially extract sensitive database information or cause service disruptions. Since the plugin is designed for public-facing automotive dealership and classified listing websites, it is likely acc

NVD published: June 17, 2026

A vulnerability in the Python StateMachine library allows remote code execution when processing malicious SCXML documents. Attackers can exploit this by supplying crafted documents that cause arbitrary code to run within the application's process. The reachability of this vulnerability depends on how the library is imp

NVD published: June 17, 2026

A critical vulnerability exists in NGINX Open Source's HTTP/3 QUIC module, potentially allowing unauthenticated remote attackers to cause a denial-of-service or execute code. This occurs through a specially crafted HTTP/3 session that triggers a use-after-free condition, leading to a worker process restart or, under sp

NVD published: June 17, 2026

A heap-based buffer overflow in NGINX proxy modules may allow an attacker to cause a service restart or execute code under specific, complex conditions. This vulnerability affects NGINX when using certain proxy configurations for HTTP/2 or gRPC traffic with large client headers. Understanding the relevance and exposure

NVD published: June 17, 2026

A critical SQL injection vulnerability in the Cargo Shipping Location for WooCommerce plugin allows attackers to access sensitive database information. The vulnerability is reachable via the network and can be exploited by unauthenticated attackers, potentially leading to unauthorized data exposure on e-commerce sites.

NVD published: June 17, 2026

A critical SQL injection vulnerability in the GIFT4U WordPress plugin allows attackers to inject malicious SQL commands. If reachable, this could lead to unauthorized access to or manipulation of sensitive data. Confirming the use of this plugin and assessing potential data exposure is crucial.

NVD published: June 17, 2026

A SQL injection vulnerability exists in WP Travel Gutenberg Blocks, allowing attackers to potentially access and modify sensitive database information. This issue is relevant to public-facing WordPress sites using the plugin, as it could lead to unauthorized data exposure or tampering without requiring special access o

NVD published: June 17, 2026

An unauthenticated PHP Object Injection vulnerability exists in the Moderno web theme. This flaw allows remote attackers to execute arbitrary code, potentially leading to a full system compromise if the theme is reachable. Understanding the presence and reachability of this theme is important for assessing risk.

NVD published: June 17, 2026

An unauthenticated PHP Object Injection vulnerability exists in Plumbing software, potentially allowing remote attackers to inject malicious PHP objects. This could lead to arbitrary code execution and a complete compromise of the affected server. It is important to confirm if Plumbing software is in use and assess its

NVD published: June 17, 2026

A critical PHP object injection vulnerability exists in the Reisen theme, allowing unauthenticated attackers to potentially execute code. This affects external-facing web applications, posing a significant risk of system compromise if reachable. Readers should confirm relevance and understand potential exposure.

NVD published: June 17, 2026

A deserialization vulnerability in the EMV Creatify WordPress theme allows for object injection. If reachable, an attacker could exploit this by sending specially crafted data, potentially leading to the execution of malicious code or system compromise. Readers should care because this is a critical flaw in an internet

NVD published: June 17, 2026

A deserialization vulnerability in The Hospital WordPress theme allows object injection, potentially enabling attackers to compromise system integrity. This issue affects the theme's handling of untrusted data, making it a target for malicious code injection if reachable.

NVD published: June 17, 2026

A deserialization of untrusted data vulnerability in The Barber Shop theme allows object injection, potentially enabling unauthorized code execution on affected systems. This critical issue requires immediate attention due to its network-accessible nature and potential to compromise system integrity and availability.

NVD published: June 17, 2026

A deserialization flaw in the Themeton Lagom WordPress theme allows attackers to inject malicious objects. If reachable, this could enable arbitrary code execution, potentially impacting system integrity and availability. Readers should care because this critical vulnerability can be exploited remotely without authenti

NVD published: June 17, 2026

An unauthenticated SQL injection vulnerability exists in the Advanced Ads – Tracking WordPress plugin, potentially allowing attackers to access or modify database information. This issue requires attention to understand its relevance and potential impact on your systems.

NVD published: June 17, 2026

An unauthenticated SQL injection vulnerability exists in a WordPress membership plugin that could allow attackers to access or manipulate sensitive database information. The concern is whether this plugin is used in your environment, as it could expose member and access control data.

NVD published: June 17, 2026

A critical vulnerability exists in a WooCommerce registration form plugin, allowing unauthenticated attackers to gain elevated privileges. This issue impacts public-facing websites and could lead to unauthorized administrative access if the plugin is in use and reachable.

NVD published: June 17, 2026

An unauthenticated PHP Object Injection vulnerability exists in the WP Activity Log plugin, potentially allowing attackers to compromise affected websites by injecting and executing arbitrary PHP objects. This could lead to unauthorized control, data manipulation, or service disruption.

NVD published: June 17, 2026

A critical privilege escalation vulnerability affects SMS Alert Order Notifications, potentially allowing unauthorized users to gain higher system privileges without authentication. This issue presents a significant security risk if the affected software is accessible over the network. Confirming the presence and usage

NVD published: June 17, 2026

A PHP Object Injection vulnerability in Fusion Builder can allow attackers to execute arbitrary code remotely, potentially compromising affected systems. The issue does not require authentication or user interaction for exploitation. It is uncertain if this component is in use or exposed in your environment.

NVD published: June 17, 2026

A critical unauthenticated SQL injection vulnerability exists in the JetEngine WordPress plugin. Attackers can exploit this flaw remotely to inject malicious SQL commands, potentially leading to unauthorized access and manipulation of sensitive database information. This poses a risk to data integrity and confidentiali

NVD published: June 17, 2026

An unauthenticated SQL injection vulnerability exists in JobSearch, allowing attackers to execute arbitrary SQL commands on the database. This could lead to unauthorized access to or modification of sensitive data if the affected component is reachable online. Understanding if this software is in use and its exposure i

NVD published: June 17, 2026

A critical vulnerability exists in JetEngine that could allow unauthenticated attackers to inject PHP code over the network. If reachable, this could lead to arbitrary code execution on the server, impacting website data and integrity. Confirming if JetEngine is in use and exposed is essential to assess and address pot

NVD published: June 17, 2026

This critical vulnerability allows unauthenticated users to upload arbitrary files using SigmaForms Pro's AI-generated forms, potentially leading to severe security breaches. If this technology is relevant and reachable in our environment, it could impact website integrity and service availability by enabling the execu

NVD published: June 17, 2026

A path traversal vulnerability in the SFTP provider allows a malicious or compromised SFTP server to write files outside the designated local directory. This could affect any deployment downloading directories from untrusted SFTP servers, as no Airflow account is required to exploit it.

NVD published: June 17, 2026

A critical authentication vulnerability exists in the wpForo Forum plugin, allowing unauthenticated access to forum data and functions. This could lead to unauthorized control and compromise of user information. Assess plugin usage and network exposure.

NVD published: June 17, 2026

A critical unauthenticated PHP Object Injection vulnerability exists in Thrive Apprentice, a WordPress plugin, enabling attackers to potentially compromise systems without authentication. This vulnerability is reachable via the network and could lead to severe data compromise if exploited. Action is needed to determine

NVD published: June 17, 2026

An unauthenticated SQL injection vulnerability exists in JetEngine, potentially allowing attackers to access or manipulate sensitive database information. This issue is classified as external and likely reachable from the internet, posing a risk to data integrity and confidentiality. Confirming the presence and reachab

NVD published: June 17, 2026

A critical SQL injection vulnerability exists in the wpDataTables WordPress plugin, allowing unauthenticated attackers to potentially access sensitive database information. This issue is network-exposed and does not require user interaction for exploitation. The primary concern is confirming the plugin's presence and r

NVD published: June 17, 2026

An unauthenticated SQL injection vulnerability exists in the JetSearch plugin, potentially allowing attackers to access or modify sensitive database information. This could impact data confidentiality and integrity if the plugin is publicly reachable.

NVD published: June 17, 2026

An unauthenticated SQL injection vulnerability exists in the JetEngine plugin, potentially allowing attackers to access or manipulate data without authentication. This could lead to unauthorized data exposure or system compromise if the plugin is exposed to the network.

NVD published: June 17, 2026

A critical PHP object injection vulnerability exists in JetEngine, a WordPress plugin. If reachable, an unauthenticated attacker could inject and execute arbitrary PHP code, potentially compromising system data and integrity. This vulnerability could allow remote code execution and impact website security.

NVD published: June 17, 2026

A critical vulnerability exists in LoginPress Pro that allows unauthenticated attackers to escalate their privileges. This means an attacker could gain higher access levels without needing to log in, potentially impacting user authentication processes. It is important to determine if this plugin is used and accessible

NVD published: June 17, 2026

An unauthenticated SQL injection vulnerability exists in a widely used website filtering plugin, potentially allowing attackers to access or manipulate database information without logging in. This could impact data integrity and security on affected sites, necessitating confirmation of its presence and assessment of p

NVD published: June 17, 2026

The Backpropagate library's web UI, intended for fine-tuning large language models, can expose training controls without authentication when accessible over a network. An attacker could leverage this to upload datasets, manipulate models, and trigger denial-of-service conditions, impacting data and system availability.

NVD published: June 17, 2026

A vulnerability in Postiz, an AI social media scheduling tool, allows an authenticated user to forge administrative credentials. This can lead to unauthorized full access to the application, including user data and the ability to post from impersonated social media channels. The issue is related to the handling of sign

NVD published: June 17, 2026

A vulnerability in the Traccar Client mobile app allows a crafted link to secretly hijack GPS tracking parameters and redirect telemetry to an attacker-controlled server. This happens when a user taps a malicious deep link, silently reconfiguring the app without confirmation, leading to continuous, real-time location t

NVD published: June 17, 2026

Streambert's subtitle extraction logic contains a Zip Slip vulnerability that allows attackers to write arbitrary files to the host filesystem if a malicious archive is processed. This could lead to system compromise.

NVD published: June 17, 2026

An unauthenticated PHP Object Injection vulnerability has been identified in AI Lab, a critical issue that could allow an attacker to inject malicious objects. If reachable, this vulnerability may lead to unauthorized control, sensitive information disclosure, data modification, or service disruption. Confirming the pr

NVD published: June 17, 2026

A critical contributor remote code execution vulnerability exists in the Blocksy Companion Pro plugin, allowing for arbitrary code execution on the server. This affects websites built with the plugin, which are commonly exposed to the internet, potentially impacting data integrity and availability. Readers should care

NVD published: June 17, 2026

A critical arbitrary file upload vulnerability exists in Charity Zone themes, allowing low-privileged users to upload arbitrary files. If reachable, this could lead to code execution and unauthorized access to sensitive information. This impacts web applications using the affected theme.

NVD published: June 17, 2026

A critical arbitrary file upload vulnerability exists in the Kids Gift Shop theme, allowing authenticated subscribers to upload malicious files to the server. If reachable, this could lead to system compromise. Website owners should verify its presence and address it if in use.

NVD published: June 17, 2026

A critical arbitrary file upload vulnerability exists in the Ecommerce Zone theme, potentially allowing authenticated subscribers to upload malicious files. If reachable, this could lead to system compromise and unauthorized code execution. Further assessment is needed to understand the specific business impact and rel

NVD published: June 17, 2026

A critical arbitrary file upload vulnerability exists in the Restaurant Zone theme. If reachable, an attacker with low-privileged access could upload malicious files, potentially leading to unauthorized code execution and system compromise. Confirming the use and exposure of this theme is crucial.

NVD published: June 17, 2026

An unauthenticated PHP Object Injection vulnerability exists in WooCommerce Product Filters, potentially allowing attackers to execute arbitrary code. This could impact website data and functionality. Confirming relevance and exposure is advised for affected e-commerce platforms.

NVD published: June 17, 2026

A critical SQL injection vulnerability exists in the Blocksy Companion Pro plugin that allows unauthenticated attackers to execute arbitrary SQL commands. If reachable, this could lead to unauthorized access to sensitive database information or service disruption. This issue is relevant because it affects a widely used

NVD published: June 17, 2026

An unauthenticated PHP Object Injection vulnerability exists in the Elementra WordPress theme. Attackers can exploit this by sending crafted data, potentially leading to arbitrary code execution and severe system compromise. Confirming the presence and exposure of this theme within your environment is crucial.

NVD published: June 17, 2026

An unauthenticated SQL injection vulnerability exists in the ListingPro plugin, potentially allowing attackers to access or modify sensitive data. This external threat requires immediate assessment to understand its presence and criticality within your environment.

NVD published: June 17, 2026

An incorrect authorization flaw exists in Apache DolphinScheduler's experimental `/v2` interface. This vulnerability, if reachable, could allow unauthenticated users to gain unauthorized access and potentially modify data. This impacts workflow orchestration platforms and warrants attention to assess exposure and plan

NVD published: June 17, 2026

A critical vulnerability exists in Apache DolphinScheduler due to a missing authorization check in its DataSource API. This allows unauthenticated users to disclose sensitive data source metadata, potentially impacting system integrity and confidentiality.

NVD published: June 17, 2026

A permissions bypass in telecommunication functions allows unauthorized phone calls and local privilege escalation without user interaction, posing a risk if reachable or relevant within the environment. The exact telecommunication functions impacted are not specified, leading to uncertainty regarding the scope and bus

NVD published: June 17, 2026

A critical vulnerability exists in Android's MmsSmsProvider, allowing sensitive local information disclosure due to a missing permission check. Exploitation requires no user interaction or special privileges, but the impact is limited to data accessible on the device. Confirming affected devices and assessing business

NVD published: June 17, 2026

A SQL injection vulnerability in the Contacts Provider allows unauthorized local information disclosure without requiring user interaction or additional privileges. This could potentially expose sensitive contact data. Confirming relevance and exposure within your environment is advised.

NVD published: June 17, 2026

A logic error in Android's PackageInstaller can cause memory exhaustion, leading to a local denial of service. This vulnerability does not require special access or user interaction to exploit, potentially impacting device operations. The attack vector is local, suggesting a limited external threat.

NVD published: June 17, 2026

An unauthenticated PHP Object Injection vulnerability exists in the Nifty WordPress theme. Attackers can exploit this by sending specially crafted requests, potentially leading to remote code execution. This could impact system data and service behavior. Confirming theme usage and external exposure is crucial for asses

NVD published: June 17, 2026

A critical unauthenticated privilege escalation vulnerability exists in Support Board, allowing attackers to gain administrative control. This impacts the software's ability to secure system functions and data, necessitating an assessment of its use and potential exposure.

NVD published: June 17, 2026

A WordPress plugin allows contributor-level users to upload arbitrary files, potentially enabling unauthorized code execution or site compromise. The risk is amplified because this plugin extends website functionality, making it a core component of public-facing web applications. Confirmation of its use and exposure on

NVD published: June 17, 2026

A critical code injection vulnerability exists in a WordPress plugin that creates custom post types, potentially allowing remote code inclusion. If reachable, an attacker could execute arbitrary code on the server, impacting site integrity and data. Confirmation of the plugin's usage and its internet accessibility with

NVD published: June 17, 2026

A critical arbitrary file upload vulnerability exists in the WishList Member X plugin, allowing authenticated users to upload malicious files, potentially leading to website compromise. This vulnerability is externally reachable, posing a risk to web application integrity and availability.

NVD published: June 17, 2026

A critical vulnerability exists in MetForm Pro, a WordPress plugin, allowing unauthenticated attackers to bypass access controls. This could lead to unauthorized access to sensitive data and disruption of service. Confirming its use is essential to understand potential business risk.

NVD published: June 17, 2026

An unauthenticated SQL injection vulnerability exists in the WPJobster WordPress theme. If reachable, an attacker could send malicious SQL queries to access or modify sensitive data, impacting database integrity and availability. It is important to determine if this theme and version are in use within your web presence

NVD published: June 17, 2026

An unauthenticated SQL injection vulnerability in Tutor LMS Pro could allow attackers to access or modify sensitive database information. This poses a risk to data confidentiality and integrity. It is important to determine if this plugin is in use and assess its exposure.

NVD published: June 17, 2026

A critical vulnerability in the Restaurt theme allows authenticated users to upload arbitrary files, potentially leading to system compromise. If the theme is in use and reachable, attackers could execute malicious code or alter application behavior, posing a risk to integrity and confidentiality. Confirming usage and

NVD published: June 17, 2026

A "use after free" vulnerability in Google Chrome's DigitalCredentials component on Windows could allow a remote attacker to escape the browser's sandbox by tricking a user into visiting a malicious HTML page. This could potentially lead to unauthorized access to system resources or sensitive information.

NVD published: June 17, 2026

A critical vulnerability exists in the Android Package Manager that allows for privilege escalation without user interaction. This bypasses device lock controls, potentially impacting device integrity and stored data. The affected technology is a core component of the Android operating system, making it relevant for ov

NVD published: June 17, 2026

A vulnerability in Android's NFC component could allow local privilege escalation through a use-after-free error caused by a race condition. This flaw is reachable and relevant for local attacks, and requires no user interaction or additional privileges to exploit, potentially impacting system data and service behavior

NVD published: June 17, 2026

A vulnerability in Android's NFC component may allow for automatic special app access permission assignment, leading to local privilege escalation without user interaction. This could potentially affect system and user data by granting elevated privileges.

NVD published: June 17, 2026

A vulnerability in NFC technology allows an attacker to spoof NFC events due to a missing permission check, potentially leading to local privilege escalation. This could impact system integrity and availability. The relevance and exposure of affected systems need to be confirmed.

NVD published: June 17, 2026

A logic error in SettingsLib could allow local privilege escalation without further privileges or user interaction, potentially impacting system integrity. The vulnerability's reachability is assessed as very unlikely due to its internal, non-network accessible nature.

NVD published: June 17, 2026

A vulnerability exists in the Android Package Installer Service that could allow a malicious app to remove a DPC app without consent, potentially leading to local privilege escalation. Exploitation requires local access and user interaction to install a malicious application. Confirming relevance and exposure on manage

NVD published: June 17, 2026

A critical vulnerability exists that allows for a persistent denial of service through resource exhaustion. This could disrupt local systems without needing special privileges or user interaction, impacting service availability. The relevance and exposure to our environment are currently uncertain.

NVD published: June 17, 2026

A logic error in Android's phone interface manager allows for disabling carrier restrictions, potentially leading to local privilege escalation on a device. This vulnerability does not require user interaction or network access. Confirmation is needed to determine the specific relevance and reachability of this flaw wi

NVD published: June 17, 2026

An unauthenticated privilege escalation vulnerability exists in a Support Ticket Management System plugin, potentially allowing network-accessible attackers to gain elevated system access. This could lead to unauthorized modification of sensitive ticket data, impacting customer support portal security.

NVD published: June 17, 2026

A critical vulnerability allows unauthenticated arbitrary file uploads in a WordPress and WooCommerce plugin, potentially leading to site compromise and malicious code execution. It is uncertain if this plugin is used within the organization, requiring confirmation to assess relevant risk.

NVD published: June 17, 2026

An unauthenticated PHP object injection vulnerability exists in SeaFood Company software, potentially enabling attackers to execute arbitrary PHP code remotely. This occurs when the application processes untrusted data, leading to the unserialization of malicious PHP objects, which could compromise the integrity and av

NVD published: June 17, 2026

An unauthenticated PHP Object Injection vulnerability exists in the Hot Coffee WordPress theme. This flaw could allow remote attackers to inject malicious PHP objects without needing credentials, potentially leading to unauthorized access, data manipulation, or denial of service. It is important to determine if this th

NVD published: June 17, 2026

A critical arbitrary file upload vulnerability exists in PT Luxa Addons, potentially allowing authenticated attackers to compromise affected websites. This issue, rated critical, could impact system integrity and availability if exploited.

NVD published: June 17, 2026

An unauthenticated PHP Object Injection vulnerability exists in ThemeREX Addons, potentially allowing attackers to execute arbitrary code. Confirmation of its presence and reachability within our environment is necessary to assess risk and plan remediation.

NVD published: June 17, 2026

A critical arbitrary file upload vulnerability in the Grip WordPress theme enables unauthenticated users to upload and potentially execute files. This could lead to arbitrary code execution and system compromise if the theme is used and reachable.

NVD published: June 17, 2026

A critical vulnerability in Oracle iSupport could allow a highly privileged attacker with network access to take over the system, potentially impacting other products. This issue affects Oracle E-Business Suite.

NVD published: June 17, 2026

A critical vulnerability exists in Oracle iSupport, allowing a highly privileged attacker with network access to potentially take over the system and impact other connected products. The issue is reachable via HTTP and could lead to a significant compromise of the iSupport application.

NVD published: June 17, 2026

A critical vulnerability in Oracle iSupport allows highly privileged attackers with network access to take over the system and potentially impact other connected products. This affects Oracle E-Business Suite versions 12.2.3 through 12.2.15. The issue has a CVSS score of 9.1, indicating high impacts to confidentiality,

NVD published: June 17, 2026

A critical vulnerability exists in Oracle In-Memory Cost Management for Discrete Industries, allowing unauthenticated network attackers to gain unauthorized access or modify critical data. This issue could lead to unauthorized creation, deletion, or modification of data, or complete access to all accessible data within

NVD published: June 17, 2026

A critical vulnerability exists in Oracle Siebel CRM Cloud Applications' Siebel Cloud Manager component that allows unauthenticated attackers with network access to completely compromise the application. Successful exploitation could lead to a full takeover, impacting data confidentiality, integrity, and availability.

NVD published: June 17, 2026

A critical vulnerability in Oracle Process Manufacturing Product Development, part of Oracle E-Business Suite, allows low-privileged attackers with network access to achieve a complete takeover of the system and potentially impact other products.

NVD published: June 17, 2026

A critical vulnerability exists in JD Edwards EnterpriseOne Tools' Web Runtime Security component, allowing unauthenticated attackers with network access to potentially gain unauthorized access to critical data or modify existing information. This issue may also impact other connected products, making it important to a

NVD published: June 17, 2026

A critical vulnerability exists in Oracle JD Edwards EnterpriseOne Project Costing that could allow a low-privileged attacker with network access to modify, delete, or gain unauthorized access to critical project and financial data. The exploit's impact may extend to other JD Edwards products.

NVD published: June 17, 2026

A critical vulnerability exists in Oracle JD Edwards EnterpriseOne Tools that could allow an unauthenticated attacker with network access to obtain unauthorized access to critical data or cause system crashes, impacting both confidentiality and availability. Because the issue is reachable via HTTP, it poses a risk to b

NVD published: June 17, 2026

A critical vulnerability exists in Oracle JD Edwards EnterpriseOne Tools that allows an unauthenticated attacker with network access to take over the affected system. This could impact the confidentiality, integrity, and availability of the product.

NVD published: June 17, 2026

A critical vulnerability exists in Oracle JD Edwards EnterpriseOne Accounts Payable, allowing a low-privileged attacker with network access via HTTP to compromise the system. Successful exploitation could lead to a takeover of the Accounts Payable functionality and potentially impact other connected products, with sign

NVD published: June 17, 2026

A critical vulnerability in Oracle JD Edwards EnterpriseOne Order Promising integration could allow a low-privileged attacker with network access to take over the system. Successful exploitation may impact additional products, leading to significant risks.

NVD published: June 17, 2026

A critical vulnerability in Oracle's JD Edwards EnterpriseOne Tools allows a low-privileged attacker with network access to compromise critical data. Successful exploitation could lead to unauthorized creation, deletion, or modification of sensitive information, potentially impacting additional JD Edwards products. Thi

NVD published: June 17, 2026

A critical vulnerability in Oracle JD Edwards EnterpriseOne Tools' Web Runtime Security component allows unauthenticated network attackers to achieve a full system takeover. This easily exploitable issue, accessible via HTTP, could impact confidentiality, integrity, and availability. Confirming the relevance and exposu

NVD published: June 17, 2026

A critical vulnerability exists in Oracle JD Edwards EnterpriseOne Tools, allowing unauthenticated network attackers to take over the system. This impacts confidentiality, integrity, and availability. It is important to determine if your organization uses the affected technology and assess potential exposure.

NVD published: June 17, 2026

A critical vulnerability in Oracle Enterprise Command Center Framework allows unauthenticated network attackers to take over the system. This could expose sensitive information and grant full control over the framework. Its network-accessible nature makes it a significant risk.

NVD published: June 17, 2026

A vulnerability exists in the Oracle Enterprise Command Center Framework, part of Oracle E-Business Suite, allowing a low-privileged attacker with network access to compromise the framework. This could lead to unauthorized access, modification, or deletion of critical data, and potentially a partial denial of service,

NVD published: June 17, 2026

A vulnerability in Oracle Enterprise Command Center Framework could allow a low-privileged attacker with network access to take over the framework, potentially impacting other connected products. This could lead to significant loss of confidentiality, integrity, and availability.

NVD published: June 17, 2026

A critical vulnerability in Oracle Enterprise Command Center Framework, part of Oracle E-Business Suite, allows a low-privileged attacker with network access to compromise the framework. This could result in unauthorized modification or access to critical data, potentially impacting additional Oracle products. Organiza

NVD published: June 17, 2026

A critical vulnerability exists in Oracle Enterprise Command Center Framework, potentially allowing unauthorized access to and modification of critical data, as well as a partial denial of service. Successful exploitation, achievable by a low-privileged attacker with network access, could impact additional Oracle produ

NVD published: June 17, 2026

A critical vulnerability in Oracle Enterprise Command Center Framework allows a highly privileged attacker with network access to compromise the framework, potentially impacting other products. Exploitation could lead to a full takeover of the framework.

NVD published: June 17, 2026

A critical vulnerability in Oracle Enterprise Command Center Framework could allow a low-privileged attacker with network access to take over the framework, potentially impacting other products. This issue affects specific supported versions.

NVD published: June 17, 2026

A vulnerability in Oracle JD Edwards EnterpriseOne General Ledger allows low-privileged attackers with network access to compromise the system, potentially impacting other products and leading to a full takeover. The exact business impact and relevance in your environment are currently under analysis.

NVD published: June 17, 2026

A critical vulnerability in Oracle JD Edwards EnterpriseOne Human Resources Management allows unauthenticated attackers with network access to compromise critical data. This could result in unauthorized creation, deletion, or modification of sensitive HR information.

NVD published: June 17, 2026

A critical vulnerability in Oracle Siebel CRM's Marketing component allows unauthenticated attackers with network access to take over the system, impacting confidentiality, integrity, and availability. This poses a significant risk to business operations due to the ease of exploitation and the value of enterprise CRM s

NVD published: June 17, 2026

A critical vulnerability exists in Oracle Enterprise Manager Base Platform's Deployment Library component. An attacker with high privileges and network access via HTTPS could exploit this to take over the platform, potentially affecting other connected products. This could impact confidentiality, integrity, and availab

NVD published: June 17, 2026

A vulnerability exists in Oracle Enterprise Manager Base Platform's installation component, allowing a high-privilege attacker with network access to compromise the platform. This could lead to unauthorized data modification or deletion, unauthorized data reading, or denial of service by causing the platform to crash.

NVD published: June 17, 2026

A vulnerability in Oracle MySQL NDB Cluster's NDB Operator component could allow a low-privileged attacker with network access to compromise the cluster. Successful exploitation may result in unauthorized access, modification, or deletion of critical data, with potential impact on other products. Uncertainty exists reg

NVD published: June 17, 2026

A critical vulnerability in Oracle's MySQL Router allows unauthenticated attackers with network access to take over the router. This easily exploitable issue could impact the confidentiality, integrity, and availability of the router and its managed services. Confirming if MySQL Router is in use is essential.

NVD published: June 17, 2026

A critical vulnerability in Oracle Agile PLM allows unauthenticated attackers with network access to compromise the system and achieve a full takeover. This could impact business operations by affecting confidentiality, integrity, and availability. It is important to determine if Oracle Agile PLM is in use and exposed

NVD published: June 17, 2026

A critical vulnerability exists in Oracle Enterprise Manager's Application Performance Management component, allowing unauthenticated network attackers to gain unauthorized access, modify or delete critical data, and cause denial of service. This issue impacts both data integrity and system availability, necessitating

NVD published: June 17, 2026

A critical vulnerability in Oracle Enterprise Manager Base Platform allows unauthenticated network attackers to compromise the system, potentially leading to a complete takeover. This issue affects the confidentiality, integrity, and availability of the platform and its managed resources, making it a significant concer

NVD published: June 17, 2026

A critical vulnerability in Oracle Enterprise Manager Base Platform, reachable via network access, can allow an unauthenticated attacker to take over the system after user interaction. This could significantly impact additional products.

NVD published: June 17, 2026

A critical vulnerability exists in Oracle Enterprise Manager Base Platform that allows a low-privileged attacker with network access to compromise the system. Successful exploitation could lead to a complete takeover of the platform and potentially impact other connected products, affecting confidentiality, integrity,

NVD published: June 17, 2026

A critical vulnerability in Oracle Enterprise Manager Base Platform allows a low-privileged attacker with network access to compromise the system. Successful exploitation could lead to a complete takeover of the platform, impacting other connected products and potentially causing significant data loss or unauthorized a

NVD published: June 17, 2026

A critical vulnerability exists in Oracle Enterprise Manager Base Platform, allowing unauthenticated attackers with network access to achieve platform takeover through user interaction. This issue could impact additional products beyond the Base Platform itself, necessitating a review of affected instances and their cr

NVD published: June 17, 2026

A vulnerability in Oracle Enterprise Manager Base Platform allows a low-privileged attacker with network access to take over the platform and potentially impact other products. This could lead to a complete compromise of confidentiality, integrity, and availability.

NVD published: June 17, 2026

A critical vulnerability exists in MySQL Shell for VS Code, allowing a low-privileged attacker with network access to compromise the shell and potentially affect other products. This easily exploitable flaw could lead to a complete takeover of MySQL Shell, impacting confidentiality, integrity, and availability.

NVD published: June 17, 2026

A critical vulnerability exists in Oracle WebCenter Portal that allows a low-privileged attacker with network access to take over the system. Successful exploitation can lead to significant impacts on confidentiality, integrity, and availability, potentially affecting other connected products.

NVD published: June 17, 2026

A vulnerability in Oracle Enterprise Manager Base Platform's Discovery Framework allows a low-privileged attacker with network access to compromise the platform, potentially impacting other connected products. Successful exploitation could lead to a full takeover of the Oracle Enterprise Manager Base Platform. This iss

NVD published: June 17, 2026

A critical vulnerability in Oracle WebCenter Content allows an unauthenticated attacker with network access to gain unauthorized access to, or modify, critical data. This could also impact other connected products.

NVD published: June 17, 2026

A vulnerability in Oracle Fusion Middleware's Identity Manager Connector allows a low-privileged attacker with network access via SSH to compromise the connector. This could lead to a complete takeover of the Identity Manager Connector and potentially impact other integrated products, affecting confidentiality, integri

NVD published: June 17, 2026

A critical vulnerability in Oracle Fusion Middleware's Identity Manager Connector could allow a low-privileged attacker with network access to take over the connector, potentially impacting other connected products. This vulnerability, easily exploitable via HTTP, poses a significant risk to confidentiality, integrity,

NVD published: June 17, 2026

A critical vulnerability in Oracle's Identity Manager Connector allows a low-privileged attacker with network access to potentially take over the connector, impacting other products and systems. <tool_code print(google_search.search(queries=["Oracle Identity Manager Connector Generic Unix Connector vulnerability", "Ora

NVD published: June 17, 2026

A critical vulnerability in Oracle WebCenter Content could allow unauthenticated attackers to take over the system via network access, requiring user interaction. This could impact the confidentiality, integrity, and availability of content management and potentially other connected products.

NVD published: June 17, 2026

A critical vulnerability in Oracle WebCenter Content allows unauthenticated network attackers to take over the system, potentially impacting other products. Exploitation requires user interaction and can lead to full system compromise. This issue is reachable externally and warrants attention due to its potential scope

NVD published: June 17, 2026

A critical vulnerability exists in Oracle WebCenter Content, allowing unauthenticated network attackers to modify or access sensitive data. Exploitation requires user interaction and can impact other products. This could lead to unauthorized data creation, deletion, modification, or complete access.

NVD published: June 17, 2026

A critical vulnerability exists in Oracle WebCenter Content: Imaging, allowing unauthenticated attackers with network access to compromise critical data. Successful exploitation could lead to unauthorized creation, deletion, or modification of data, or complete access to all accessible data within the system. This impa

NVD published: June 17, 2026

A critical vulnerability in Oracle WebCenter Content allows a high-privileged attacker with network access via HTTP to compromise the system, potentially leading to a complete takeover. While the vulnerability resides in WebCenter Content, successful exploitation could impact additional products. This issue is relevant

NVD published: June 17, 2026

A critical vulnerability in Oracle Fusion Middleware Identity Manager allows a low-privileged attacker with network access to potentially take over the system, impacting connected products. The vulnerability, which affects core identity management functions, carries a high severity score, indicating severe impacts on c

NVD published: June 17, 2026

A critical vulnerability in Oracle WebLogic Server, accessible via HTTP, could allow a low-privileged attacker to gain complete control of the server and potentially impact other connected products. This issue requires attention from teams managing the application and its infrastructure to identify instances, assess ex

NVD published: June 17, 2026