CVE Vulnerabilities - 28 May 2026

Oracle REST Data Services versions 24.2.0 to 26.1.0 have a security flaw that allows an attacker to take control of the system without a password. This affects not only Oracle REST Data Services but p...

Portainer's Git-backed stack feature allows attackers to read sensitive files on the system by creating a malicious Git repository. This is especially concerning when combined with Portainer's auto-up...

A vulnerability in a server-side application allows users who have logged in to run any command on the server with complete control, potentially leading to system compromise. This means that an attack...

If an attacker with network access to your Oracle REST Data Services (via HTTPS) has low privileges, they may be able to take control of your entire Oracle REST Data Services system. This could impact...

The Oracle Universal Work Queue in Oracle E-Business Suite versions 12.2.3-12.2.15 can be compromised through a vulnerability in its Work Provider Site Level Administration component. This means an at...

Oracle iAssets in Oracle E-Business Suite versions 12.2.3 to 12.2.15 can be taken over by a hacker with low privileges and access to the internet. This is a significant risk because it can also affect...

Oracle REST Data Services versions 24.2.0-26.1.0 are at risk of being taken over by an attacker with network access. This could impact other products as well. We recommend upgrading to a fixed version...

The Advanced Custom Fields: Extended plugin for WordPress has a security flaw that allows anyone to create a new administrator-level user account on your website without needing a password. This can h...

The Oracle E-Business Suite's Payments component has a vulnerability in its File Transmission feature. This means an attacker with internet access can potentially take control of the Payments system, ...

Marten's full-text search feature has a security issue that allows attackers to inject malicious SQL code. This could allow attackers to access or modify sensitive data. To protect your data, update t...

Some versions of Oracle Hospitality OPERA 5 Property Services have a security weakness that allows hackers to access and control the system without a password. This means they can potentially steal se...

RustFS's internal communication system uses a secret key for authentication. However, in some cases, a default key is used instead of a properly configured one. This could potentially allow unauthoriz...

The IPSec VPN feature in InHand Networks IR302, IR305, IR315, and IR615 firmware allows attackers to gain control of the device by sending malicious commands. This is a serious risk because it can all...

A security issue in InHand Networks IR302, IR305, IR315, and IR615 firmware versions allows attackers to gain control over devices connected to the VPN. This could lead to unauthorized access and data...

A security weakness in the ZeroTier VPN feature of InHand Networks' IR302, IR305, IR315, and IR615 firmware versions allows an attacker to gain complete control over a device connected to the network....

InHand Networks devices running certain firmware versions have a security flaw that allows hackers to gain full control of the device. This can happen if a hacker finds a way to exploit this flaw, so ...

Some SDMC cable modem routers have a security flaw that allows unauthorized access to the device. This means an attacker could gain complete control over the device from anywhere on the internet. User...

A malicious server can exploit a vulnerability in the Linux kernel's SMB client to overwrite DACL pointers, potentially leading to data corruption or security breaches. This issue has been resolved in...

A potential issue was found in the Linux kernel's MPTCP (Multipath TCP) feature, where a data-race could occur when a socket is in use. This could potentially cause data corruption or other issues. To...

A bug in the Linux kernel's NVMe/TCP connection handling has been fixed. This bug could have allowed a connection to be closed multiple times, potentially causing data loss or system instability. The ...

A security update has been made to the Linux kernel to prevent data merging from different memory zones, which could have allowed unauthorized access to sensitive data. This update is important for Li...

A vulnerability in the Java Runtime Environment (JRE) allows attackers to execute malicious code on a target system. This affects Java users, and it's essential to update to the latest version to prev...

Apache HTTP Server may expose sensitive files to unauthorized users, potentially allowing them to access or modify sensitive data. This issue affects Apache HTTP Server installations, and it's essenti...

Adobe Flash Player has a vulnerability that allows attackers to execute malicious code on a victim's computer remotely. This means that if you have Adobe Flash installed and visit a malicious website,...

Prior to version 148.0.7778.216, Google Chrome's GPU feature had a security issue that could be exploited by a malicious website to break out of its security sandbox and potentially take control of yo...