|
4851
|
6.5 |
MEDIUM
Network
|
oracle
|
peoplesoft_enterprise_fin_contracts
|
Vulnerability in the PeopleSoft Enterprise FIN Contracts product of Oracle PeopleSoft (component: Contracts). The supported version that is affected is 9.2. Easily exploitable vulnerability allows …
|
CWE-200
Information Exposure
|
CVE-2026-34300
|
2026-04-27 22:08 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4852
|
2.4 |
LOW
Network
|
oracle
|
database_server
|
Vulnerability in the RDBMS component of Oracle Database Server. Supported versions that are affected are 19.3-19.30. Easily exploitable vulnerability allows high privileged attacker having Row Acces…
|
CWE-284
Improper Access Control
|
CVE-2026-34312
|
2026-04-27 22:04 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4853
|
5.4 |
MEDIUM
Network
|
oracle
|
fusion_middleware
|
Vulnerability in Oracle Fusion Middleware (component: Dynamic Monitoring Service). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low pr…
|
CWE-284
Improper Access Control
|
CVE-2026-35232
|
2026-04-27 22:03 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4854
|
6.4 |
MEDIUM
Network
|
oracle
|
fusion_middleware
|
Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: C Oracle SSL API). Supported versions that are affected are 12.2.1.4.0 and 12.1.3.0.0. Difficult to expl…
|
CWE-284
Improper Access Control
|
CVE-2026-35252
|
2026-04-27 22:02 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4855
|
7.3 |
HIGH
Local
|
uutils
|
coreutils
|
A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path is literally / and does not …
|
CWE-22
Path Traversal
|
CVE-2026-35338
|
2026-04-27 21:28 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4856
|
3.3 |
LOW
Local
|
uutils
|
coreutils
|
The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::from_utf8_lossy(), which replaces invalid UTF-8 b…
|
CWE-176
Improper Handling of Unicode Encoding
|
CVE-2026-35346
|
2026-04-27 21:28 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4857
|
4.4 |
MEDIUM
Local
|
uutils
|
coreutils
|
The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The are_files_identical function opens and reads from both input p…
|
CWE-20
Improper Input Validation
|
CVE-2026-35347
|
2026-04-27 21:28 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4858
|
7.7 |
HIGH
Local
|
uutils
|
coreutils
|
A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than comparing device and inode numbers to …
|
CWE-59
Link Following
|
CVE-2026-35349
|
2026-04-27 21:28 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4859
|
4.2 |
MEDIUM
Local
|
uutils
|
coreutils
|
The mv utility in uutils coreutils fails to preserve file ownership during moves across different filesystem boundaries. The utility falls back to a copy-and-delete routine that creates the destinati…
|
CWE-281
Improper Preservation of Permissions
|
CVE-2026-35351
|
2026-04-27 21:28 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4860
|
3.3 |
LOW
Local
|
uutils
|
coreutils
|
The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions (typically 0755) before subsequently changing them …
|
CWE-367
Time-of-check Time-of-use (TOCTOU) Race Condition
|
CVE-2026-35353
|
2026-04-27 21:27 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
