Export limit exceeded: 359063 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 359063 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (359063 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-46891 | 1 Oracle | 1 Jd Edwards Enterpriseone Accounts Payable | 2026-06-17 | 8.1 High |
| Vulnerability in the JD Edwards EnterpriseOne Accounts Payable product of Oracle JD Edwards (component: Accounts Payable). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Accounts Payable. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all JD Edwards EnterpriseOne Accounts Payable accessible data as well as unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Accounts Payable accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N). | ||||
| CVE-2026-46892 | 1 Oracle | 1 Jd Edwards Enterpriseone Human Resources Management | 2026-06-17 | 9.1 Critical |
| Vulnerability in the JD Edwards EnterpriseOne Human Resources Management product of Oracle JD Edwards (component: Human Resources). The supported version that is affected is 9.2. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Human Resources Management. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all JD Edwards EnterpriseOne Human Resources Management accessible data as well as unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Human Resources Management accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N). | ||||
| CVE-2026-35302 | 1 Oracle | 1 Weblogic Server | 2026-06-17 | 8.3 High |
| Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of WebLogic Server. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H). | ||||
| CVE-2026-46893 | 1 Oracle | 1 Jd Edwards Enterpriseone General Ledger | 2026-06-17 | 9.9 Critical |
| Vulnerability in the JD Edwards EnterpriseOne General Ledger product of Oracle JD Edwards (component: E1 Foundation). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via SMB to compromise JD Edwards EnterpriseOne General Ledger. While the vulnerability is in JD Edwards EnterpriseOne General Ledger, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of JD Edwards EnterpriseOne General Ledger. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H). | ||||
| CVE-2026-12454 | 1 Google | 1 Chrome | 2026-06-17 | 8.3 High |
| Race in Safe Browsing in Google Chrome on Mac prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-35303 | 1 Oracle | 1 Weblogic Server | 2026-06-17 | 8.8 High |
| Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise WebLogic Server. Successful attacks of this vulnerability can result in takeover of WebLogic Server. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). | ||||
| CVE-2026-12451 | 1 Google | 1 Chrome | 2026-06-17 | 8.3 High |
| Use after free in DigitalCredentials in Google Chrome prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-12449 | 1 Google | 1 Chrome | 2026-06-17 | 7.8 High |
| Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to perform OS-level privilege escalation via a malicious file. (Chromium security severity: High) | ||||
| CVE-2026-12448 | 1 Google | 1 Chrome | 2026-06-17 | 8.8 High |
| Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to perform privilege escalation via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-35304 | 1 Oracle | 1 Coherence | 2026-06-17 | 9.8 Critical |
| Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). | ||||
| CVE-2026-12447 | 1 Google | 1 Chrome | 2026-06-17 | 8.8 High |
| Heap buffer overflow in WebRTC in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity: High) | ||||
| CVE-2026-27410 | 2 Veronalabs, Wordpress | 2 Slimstat Analytics, Wordpress | 2026-06-17 | 6.5 Medium |
| Unauthenticated Deserialization of untrusted data in Slimstat Analytics < 5.4.0 versions. | ||||
| CVE-2026-39537 | 2 Mikado-themes, Wordpress | 2 Mikado Core, Wordpress | 2026-06-17 | 8.1 High |
| Unauthenticated Local File Inclusion in Mikado Core <= 1.6 versions. | ||||
| CVE-2026-39595 | 2 Boldgrid, Wordpress | 2 W3 Total Cache, Wordpress | 2026-06-17 | 4.7 Medium |
| Author Broken Access Control in W3 Total Cache <= 2.9.1 versions. | ||||
| CVE-2026-39597 | 2 Wordpress, Wpzoom | 2 Wordpress, Wpzoom Addons For Elementor | 2026-06-17 | 7.1 High |
| Unauthenticated Cross Site Scripting (XSS) in WPZOOM Addons for Elementor <= 1.3.4 versions. | ||||
| CVE-2026-12445 | 1 Google | 1 Chrome | 2026-06-17 | 7.5 High |
| Use after free in Extensions in Google Chrome prior to 149.0.7827.155 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted Chrome Extension. (Chromium security severity: High) | ||||
| CVE-2026-12443 | 1 Google | 1 Chrome | 2026-06-17 | 8.8 High |
| Use after free in Web Authentication in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-12442 | 1 Google | 1 Chrome | 2026-06-17 | 8.8 High |
| Use after free in Passwords in Google Chrome on Android prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-12441 | 1 Google | 1 Chrome | 2026-06-17 | 8.8 High |
| Use after free in File Input in Google Chrome on Linux prior to 149.0.7827.155 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: Critical) | ||||
| CVE-2026-12440 | 1 Google | 1 Chrome | 2026-06-17 | 9.6 Critical |
| Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: Critical) | ||||