Oracle

CVE-2026-46837 is a SQL injection vulnerability in Oracle Flow Manufacturing within Oracle E-Business Suite versions 12.2.9 through 12.2.15, allowing a low-privileged attacker with network access to potentially take over the application.

CVE-2026-46835 is an easily exploitable vulnerability in Oracle Database Server's Net Service component, affecting versions 23.4.0 to 23.26.2, allowing an unauthenticated attacker with network access via TLS to cause a complete denial-of-service (DoS).

CVE-2026-46834 is a vulnerability in the Net Service component of Oracle Database Server versions 23.4.0 to 23.26.2 that allows an unauthenticated attacker with network access via TLS to cause a denial-of-service (DoS) condition.

An unauthenticated attacker with network access via HTTPS can exploit CVE-2026-46829 in Oracle REST Data Services versions 24.2.0 through 26.1.0, leading to a denial of service.

CVE-2026-46828 is an easily exploitable vulnerability in Oracle Payroll versions 12.2.3-12.2.15, allowing a low-privileged attacker with network access via HTTP to perform unauthorized creation, deletion, or modification of critical payroll data, as well as gain unauthorized access to sensitive information.

CVE-2026-46827 allows a low-privileged attacker with network access via HTTP to compromise Oracle Payroll versions 12.2.3 through 12.2.15, leading to a potential system takeover.

CVE-2026-46826 is a vulnerability in Oracle Payroll within Oracle E-Business Suite, where a low-privileged attacker can achieve a system takeover via network access over HTTPS.

CVE-2026-46823 is an easily exploitable vulnerability in Oracle Public Sector Financials (International) versions 12.2.6-12.2.15, allowing a low privileged attacker with network access via HTTPS to gain unauthorized access to critical data or complete access to all accessible data, potentially impacting additional products.

CVE-2026-46821 is an easily exploitable vulnerability in Oracle Financials Common Modules of Oracle E-Business Suite versions 12.2.3-12.2.15, allowing a low-privileged attacker with network access via HTTP to gain unauthorized access to critical data.

CVE-2026-46820 is a vulnerability in Oracle Financials Common Modules within Oracle E-Business Suite versions 12.2.3-12.2.15, allowing a low-privileged attacker with network access via HTTP to gain unauthorized access to critical data and modify some data, resulting in a confidentiality and integrity impact.

CVE-2026-46818 is a vulnerability in Oracle Payments within Oracle E-Business Suite (versions 12.2.3-12.2.15) that allows an unauthenticated attacker with network access via HTTPS to compromise the system, leading to unauthorized data access and modification.

CVE-2026-35277 is a vulnerability in Oracle REST Data Services (Core) versions 24.2.0 to 26.1.0 that allows a low-privileged attacker with network access via HTTPS to compromise the system, leading to unauthorized data access, creation, deletion, or modification.

A vulnerability exists in Oracle REST Data Services versions 24.2.0 to 26.1.0, where a low-privileged attacker with network access via HTTPS can, with human interaction, gain unauthorized data access, modification, and cause a partial denial of service.

CVE-2026-46840 is a critical vulnerability in Oracle REST Data Services (ORDS) that allows an unauthenticated attacker with network access to achieve complete takeover of the service, potentially impacting additional products due to scope change.

CVE-2026-46839 is an easily exploitable vulnerability in Oracle REST Data Services versions 24.2.0 through 26.1.0, allowing a low-privileged attacker with network access via HTTPS to compromise the service, potentially impacting other products and leading to a complete takeover.

CVE-2026-46833 allows an unauthenticated attacker with network access via TLS to compromise the Net Service component of Oracle Database Server versions 23.4.0 through 23.26.2, potentially leading to takeover of the Net Service and significant impact on other products.

CVE-2026-46824 allows a low-privileged attacker with network access via HTTP to compromise Oracle Universal Work Queue versions 12.2.3-12.2.15, potentially leading to takeover and impact on additional products.

CVE-2026-46822 is a vulnerability in Oracle iAssets within Oracle E-Business Suite, affecting versions 12.2.3 through 12.2.15, allowing a low-privileged attacker with network access via HTTP to compromise the application, potentially impacting other products within the environment.

CVE-2026-46819 is a critical vulnerability in Oracle Internet Procurement Connector versions 12.2.3-12.2.15 that allows an unauthenticated attacker with network access via HTTP to compromise the system, leading to unauthorized data access, modification, or deletion.

CVE-2026-46817 is a critical vulnerability in Oracle Payments component of Oracle E-Business Suite versions 12.2.3 through 12.2.15, allowing an unauthenticated attacker with network access via HTTP to compromise the application and potentially achieve complete takeover.

CVE-2026-46775 is a critical vulnerability in Oracle REST Data Services (Core component) versions 24.2.0-26.1.0, allowing a low-privileged attacker with network access via HTTPS to achieve complete takeover of the service and potentially impact other products.

A public exploit, rwsploit, has been released targeting CVE-2012-3152 and CVE-2012-3153 in Oracle Reports Server versions below 11g, enabling unauthenticated file read, SSRF, and JSP shell upload.

CVE-2026-21992 allows an unauthenticated attacker to gain network access via HTTP and execute code remotely on Oracle Identity Manager and Oracle Web Services Manager.

An unauthenticated or authenticated remote attacker can exploit multiple vulnerabilities in Oracle Fusion Middleware to compromise confidentiality, integrity, and availability.