997 items
Unread (2128) All Dismissed
HIGH
CVE-2026-46829 (CVSS 7.5) — Vulnerability in Oracle REST Data Services (component: Mongoapi). Supported versions that are affec...
NVD CVE-2026-46829 8d ago
HIGH
CVE-2026-46828 (CVSS 8.1) — Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Internal Operatio...
NVD CVE-2026-46828 8d ago
HIGH
CVE-2026-46827 (CVSS 8.8) — Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Self Service Mana...
NVD CVE-2026-46827 8d ago
HIGH
CVE-2026-46826 (CVSS 8.8) — Vulnerability in the Oracle Payroll product of Oracle E-Business Suite (component: Internal Operatio...
NVD CVE-2026-46826 8d ago
HIGH
CVE-2026-46823 (CVSS 7.7) — Vulnerability in the Oracle Public Sector Financials (International) product of Oracle E-Business Su...
NVD CVE-2026-46823 8d ago
HIGH
CVE-2026-46821 (CVSS 7.7) — Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite (component:...
NVD CVE-2026-46821 8d ago
HIGH
CVE-2026-46820 (CVSS 8.5) — Vulnerability in the Oracle Financials Common Modules product of Oracle E-Business Suite (component:...
NVD CVE-2026-46820 8d ago
HIGH
CVE-2026-46818 (CVSS 7.4) — Vulnerability in the Oracle Payments product of Oracle E-Business Suite (component: File Transmissio...
NVD CVE-2026-46818 8d ago
HIGH
CVE-2026-35277 (CVSS 8.1) — Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected ...
NVD CVE-2026-35277 8d ago
HIGH
CVE-2026-35266 (CVSS 7.9) — Vulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected ...
NVD CVE-2026-35266 8d ago
HIGH
CVE-2026-32847 (CVSS 7.5) — DeepCode through commit c991dc2 contains a path traversal vulnerability in the SPA catch-all route i...
NVD CVE-2026-32847 8d ago
HIGH
CVE-2026-45353 (CVSS 7.8) — electerm is an open-sourced terminal/ssh/sftp/telnet/serialport/RDP/VNC/Spice/ftp client. From 3.0.6...
NVD CVE-2026-45353 8d ago
HIGH
CVE-2026-34126 (CVSS 7.5) — TP-Link has identified a vulnerability in Tapo L535E v1.0 and v3.0, Tapo P300 v1.0, and Tapo D100C v...
NVD CVE-2026-34126 8d ago
HIGH
CVE-2026-8697 (CVSS 8.8) — Due to improper enforcement of authentication rate-limiting on a debug SSH service in Archer C64 v1,...
NVD CVE-2026-8697 8d ago
HIGH
CVE-2026-44463 (CVSS 8.6) — Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by pre...
NVD CVE-2026-44463 8d ago
HIGH
CVE-2026-45017 (CVSS 7.5) — Python Liquid is a Python engine for the Liquid template language. Prior to 2.2.0, the built-in File...
NVD CVE-2026-45017 8d ago
HIGH
CVE-2026-35675 (CVSS 8.2) — phpMyFAQ before 4.1.3 contains an authentication bypass vulnerability in the password reset endpoint...
NVD CVE-2026-35675 8d ago
HIGH
CVE-2026-35671 (CVSS 8.8) — phpMyFAQ before 4.1.3 contains an insecure direct object reference vulnerability in the admin API us...
NVD CVE-2026-35671 8d ago
HIGH
CVE-2026-9804 (CVSS 7.7) — A flaw was found in KubeVirt's virt-exportserver component. An attacker with specific namespace-leve...
NVD CVE-2026-9804 8d ago
HIGH
CVE-2026-6226 (CVSS 8.8) — The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to unauthenticated privilege esc...
NVD CVE-2026-6226 8d ago
HIGH
CVE-2026-9227 (CVSS 8.8) — The GutenBee – Gutenberg Blocks plugin for WordPress is vulnerable to Arbitrary File Upload in all v...
NVD CVE-2026-9227 8d ago
HIGH
CVE-2026-7797 (CVSS 7.5) — The Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin plugin for WordPress ...
NVD CVE-2026-7797 8d ago
HIGH
CVE-2026-7634 (CVSS 7.2) — The SlimStat Analytics plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Us...
NVD CVE-2026-7634 8d ago
HIGH
CVE-2026-7052 (CVSS 7.2) — The HT Contact Form – Drag & Drop Form Builder for WordPress plugin for WordPress is vulnerable to S...
NVD CVE-2026-7052 8d ago
HIGH
CVE-2026-6455 (CVSS 8.1) — The WP Contact Form 7 DB Handler plugin for WordPress is vulnerable to Cross-Site Request Forgery le...
NVD CVE-2026-6455 8d ago
HIGH
CVE-2026-44604 (CVSS 7) — A command injection vulnerability was discovered in the `rpmuncompress` utility of RPM. When extract...
NVD CVE-2026-44604 8d ago
HIGH
CVE-2026-9009 (CVSS 8.8) — The Crawlomatic Multipage Scraper Post Generator plugin for WordPress is vulnerable to Remote Code E...
NVD CVE-2026-9009 8d ago
HIGH
CVE-2026-9795 (CVSS 7.3) — A flaw was found in Keycloak's Fine-Grained Admin Permissions (FGAPv2) feature. An administrator wit...
NVD CVE-2026-9795 8d ago
HIGH
CVE-2026-7802 (CVSS 8.8) — The Frontend Admin by DynamiApps plugin for WordPress is vulnerable to authorization bypass in all v...
NVD CVE-2026-7802 8d ago
HIGH
CVE-2026-2374 (CVSS 7.2) — The Login No Captcha reCAPTCHA plugin for WordPress is vulnerable to Stored Cross-Site Scripting via...
NVD CVE-2026-2374 8d ago
HIGH
CVE-2026-45136 (CVSS 7.8) — claude-code-cache-fix is a cache optimization proxy for Claude Code. From 3.5.0 to before 3.5.2, too...
NVD CVE-2026-45136 9d ago
HIGH
CVE-2026-44660 (CVSS 7.5) — UltraJSON is a fast JSON encoder and decoder written in pure C with bindings for Python 3.7+. Prior ...
NVD CVE-2026-44660 9d ago
HIGH
CVE-2026-5509 (CVSS 7.2) — An authenticated command injection vulnerability exists in the Archer BE450 v1 and BE7200 v1 router ...
NVD CVE-2026-5509 9d ago
HIGH
CVE-2026-44378 (CVSS 7.5) — Botan is a C++ cryptography library. Prior to 3.12.0, certain patterns of indefinite length encoding...
NVD CVE-2026-44378 9d ago
HIGH
CVE-2026-42790 (CVSS 8.1) — Improper Certificate Validation vulnerability in Erlang OTP public_key (pubkey_cert and public_key m...
NVD CVE-2026-42790 9d ago
HIGH
CVE-2026-42459 (CVSS 7.5) — free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, the free5GC UDM com...
NVD CVE-2026-42459 9d ago
HIGH
CVE-2026-48544 (CVSS 7.5) — Taipy 4.1.1, fixed in commit 129fd40, contains a path traversal vulnerability in the ElementLibrary....
NVD CVE-2026-48544 9d ago
HIGH
CVE-2026-45022 (CVSS 7.5) — go-git is an extensible git implementation library written in pure Go. Prior to 5.19.0 and 6.0.0-alp...
NVD CVE-2026-45022 9d ago
HIGH
CVE-2026-44838 (CVSS 8.1) — RabbitMQ is a messaging and streaming broker. From 4.2.0 to before 4.2.4, RabbitMQ's MQTT plugin all...
NVD CVE-2026-44838 9d ago
HIGH
CVE-2026-42184 (CVSS 8.8) — Tauri is a framework for building binaries for all major desktop platforms. From 2.0 to 2.11.0, a fl...
NVD CVE-2026-42184 9d ago
HIGH
CVE-2026-8180 (CVSS 7.5) — IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Tra...
NVD CVE-2026-8180 9d ago
HIGH
CVE-2026-8179 (CVSS 8.8) — IBM Aspera High-Speed Transfer Endpoint 3.7.4 through 4.4.7 Fix Pack 1 and IBM Aspera High-Speed Tra...
NVD CVE-2026-8179 9d ago
HIGH
CVE-2026-7528 (CVSS 7.1) — IBM Langflow OSS 1.0.0 through 1.9.0 could allow a denial of service due to uncontrolled resource co...
NVD CVE-2026-7528 9d ago
HIGH
CVE-2026-7365 (CVSS 8.4) — IBM Operations Analytics - Log Analysis  and IBM SmartCloud Analytics - Log Analysis uses default pa...
NVD CVE-2026-7365 9d ago
HIGH
CVE-2026-5065 (CVSS 8.8) — IBM Controller 11.0.1, 11.1.0, 11.1.1, and 11.1.2 contains hard-coded credentials, such as a passwor...
NVD CVE-2026-5065 9d ago
HIGH
CVE-2026-3623 (CVSS 7.8) — IBM Netezza Performance Server Replication Services 3.0.2.0 through 3.0.5.0 allows an attacker with ...
NVD CVE-2026-3623 9d ago
HIGH
CVE-2026-3366 (CVSS 7.5) — IBM InfoSphere Optim Test Data Fabrication 1.0.0, 1.0.0.1, 1.0.0.2, 1.0.2, 1.0.2.2, 1.0.2.3, 1.0.2.4...
NVD CVE-2026-3366 9d ago
HIGH
CVE-2026-1933 (CVSS 7.1) — A flaw was found in Samba’s handling of NTFS-style reparse points on shares configured with read onl...
NVD CVE-2026-1933 9d ago
HIGH
CVE-2026-1718 (CVSS 7.1) — IBM Db2 11.5.0 through 11.5.9, and 12.1.0 through 12.1.4 is vulnerable to a denial of service with a...
NVD CVE-2026-1718 9d ago
HIGH
CVE-2024-56462 (CVSS 7.2) — IBM QRadar 7.5.0 through 7.5.0 UP15 Interim Fix 002 could allow a privileged user to upload a malici...
NVD CVE-2024-56462 9d ago
HIGH NVD Thu, 28 May 2026 21:16:32 UTC
CVE-2026-46829 (CVSS 7.5) — Vulnerability in Oracle REST Data Services (component: Mongoapi). Supported versions that are affec...
https://nvd.nist.gov/vuln/detail/CVE-2026-46829
TL;DR AI
A vulnerability has been identified in Oracle REST Data Services (Mongoapi) that allows an attacker to compromise the system via HTTPS by exploiting a network access vulnerability. This affects versions 24.2.0-26.1.0. Successful exploitation can cause a hang or crash of Oracle REST Data Services, with CVSS scores of 7.5 indicating significant availability impacts. The vulnerability has a CVSS Vector of AV:N:CVSS:CVSS:AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H.
CVE-2026-46829
Read full story ↗