|
2441
|
6.6 |
MEDIUM
Local
|
vim
|
vim
|
Vim is an open source, command line text editor. Prior to 9.2.0357, A command injection vulnerability exists in Vim's tag file processing. When resolving a tag, the filename field from the tags file …
|
CWE-78
OS Command
|
CVE-2026-41411
|
2026-04-27 22:39 |
2026-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2442
|
9.8 |
CRITICAL
Network
|
oracle
|
advanced_inbound_telephony
|
Vulnerability in the Oracle Advanced Inbound Telephony product of Oracle E-Business Suite (component: Setup and Administration). Supported versions that are affected are 12.2.3-12.2.15. Easily explo…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2026-34275
|
2026-04-27 22:09 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2443
|
6.5 |
MEDIUM
Network
|
oracle
|
peoplesoft_enterprise_fin_contracts
|
Vulnerability in the PeopleSoft Enterprise FIN Contracts product of Oracle PeopleSoft (component: Contracts). The supported version that is affected is 9.2. Easily exploitable vulnerability allows …
|
CWE-200
Information Exposure
|
CVE-2026-34300
|
2026-04-27 22:08 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2444
|
2.4 |
LOW
Network
|
oracle
|
database_server
|
Vulnerability in the RDBMS component of Oracle Database Server. Supported versions that are affected are 19.3-19.30. Easily exploitable vulnerability allows high privileged attacker having Row Acces…
|
CWE-284
Improper Access Control
|
CVE-2026-34312
|
2026-04-27 22:04 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2445
|
5.4 |
MEDIUM
Network
|
oracle
|
fusion_middleware
|
Vulnerability in Oracle Fusion Middleware (component: Dynamic Monitoring Service). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low pr…
|
CWE-284
Improper Access Control
|
CVE-2026-35232
|
2026-04-27 22:03 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2446
|
6.4 |
MEDIUM
Network
|
oracle
|
fusion_middleware
|
Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: C Oracle SSL API). Supported versions that are affected are 12.2.1.4.0 and 12.1.3.0.0. Difficult to expl…
|
CWE-284
Improper Access Control
|
CVE-2026-35252
|
2026-04-27 22:02 |
2026-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2447
|
7.3 |
HIGH
Local
|
uutils
|
coreutils
|
A vulnerability in the chmod utility of uutils coreutils allows users to bypass the --preserve-root safety mechanism. The implementation only validates if the target path is literally / and does not …
|
CWE-22
Path Traversal
|
CVE-2026-35338
|
2026-04-27 21:28 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2448
|
3.3 |
LOW
Local
|
uutils
|
coreutils
|
The comm utility in uutils coreutils silently corrupts data by performing lossy UTF-8 conversion on all output lines. The implementation uses String::from_utf8_lossy(), which replaces invalid UTF-8 b…
|
CWE-176
Improper Handling of Unicode Encoding
|
CVE-2026-35346
|
2026-04-27 21:28 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2449
|
4.4 |
MEDIUM
Local
|
uutils
|
coreutils
|
The comm utility in uutils coreutils incorrectly consumes data from non-regular file inputs before performing comparison operations. The are_files_identical function opens and reads from both input p…
|
CWE-20
Improper Input Validation
|
CVE-2026-35347
|
2026-04-27 21:28 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
2450
|
7.7 |
HIGH
Local
|
uutils
|
coreutils
|
A vulnerability in the rm utility of uutils coreutils allows a bypass of the --preserve-root protection. The implementation uses a path-string check rather than comparing device and inode numbers to …
|
CWE-59
Link Following
|
CVE-2026-35349
|
2026-04-27 21:28 |
2026-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
