5.4
CVE-2026-22006 - PeopleSoft Employee Snapshot Vulnerability Allows Unauthorized Data Modification
Vulnerability in the PeopleSoft Enterprise HCM Human Resources product of Oracle PeopleSoft (component: Employee Snapshot). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterpri…
6
CVE-2026-22003 - Local Privileged Code Execution and Denial of Service in Oracle Java SE and GraalVM
Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u481 and 8u481-b50; Oracle GraalVM Enterprise Edition: 21.3.17. Difficult to exploit vulnerability allows low privileged…
5.3
CVE-2026-21999 - Unauthenticated XML Database Access via HTTPS in Oracle Database Server
Vulnerability in the XML Database component of Oracle Database Server. Supported versions that are affected are 23.4.0-23.26.1. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTPS to compromise XML Database. Successful attacks require human interaction…
8.5
CVE-2026-21997 - Remote Unauthorized Data Modification and Read in Oracle Life Sciences Empirica Signal via Low-Priv…
Vulnerability in the Oracle Life Sciences Empirica Signal product of Oracle Life Science Applications (component: Common Core). Supported versions that are affected are 9.2.1-9.2.3. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Li…
5.3
CVE-2026-6796 - Sanluan PublicCMS Failed Login LoginAdminController.java log_login cleartext storage in file
A vulnerability was determined in Sanluan PublicCMS up to 6.202506.d. Affected is the function log_login of the file core/src/main/java/com/publiccms/controller/admin/LoginAdminController.java of the component Failed Login Handler. This manipulation of the argument errorPassword causes cleartext st…
6.5
CVE-2026-40910 - frp: Authentication bypass in frp HTTP vhost routing when routeByHTTPUser is used for access control
frp is a fast reverse proxy. From 0.43.0 to 0.68.0, frp contains an authentication bypass in the HTTP vhost routing path when routeByHTTPUser is used as part of access control. In proxy-style requests, the routing logic uses the username from Proxy-Authorization to select the routeByHTTPUser backen…
10
CVE-2026-40906 - Electric: SQL Injection via ORDER BY Parameter in Shape API
Electric is a Postgres sync engine. From 1.1.12 to before 1.5.0, the order_by parameter in the ElectricSQL /v1/shape API is vulnerable to error-based SQL injection, allowing any authenticated user to read, write, and destroy the full contents of the underlying PostgreSQL database through crafted OR…
8.1
CVE-2026-40905 - LinkAce: Password Reset Poisoning via X-Forwarded-Host Header Injection Leading to Account Takeover
LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, a password reset poisoning vulnerability was identified in the application due to improper trust of user-controlled HTTP headers. The application uses the X-Forwarded-Host header when generating password reset URLs. By manip…
7.1
CVE-2026-22020 - openjdk: libpng: OpenJDK: Update LibPNG (Oracle CPU 2026-04)
No description is available for this CVE.
7.5
CVE-2026-34282 - openjdk: OpenJDK: Enhance TLS connection handling (Oracle CPU 2026-04)
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Networking). Supported versions that are affected are Oracle Java SE: 8u481-perf, 11.0.30, 17.0.18, 21.0.10, 25.0.2, 26; Oracle GraalVM for JDK: 17.0.18 and 21.0.10…