LiteLLM prior to 1
Description
LiteLLM prior to 1
AI Analyst Comment
Remediation
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Search and filter 17426 vulnerabilities with AI analyst insights
LiteLLM prior to 1
LiteLLM prior to 1
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
LiteLLM prior to 1
LiteLLM prior to 1
---METADATA---
VENDOR: LiteLLM
PRODUCT: LiteLLM
AFFECTED_VERSIONS: LiteLLM prior to 1.83.14
---END_METADATA---
Description Summary:
LiteLLM contains a privilege escalation vulnerability allowing authenticated users to generate unauthorized API keys, granting them full proxy administrative access.
Executive Summary:
A high-severity privilege escalation vulnerability in LiteLLM allows authenticated internal users to gain unauthorized administrative control over the proxy.
Vulnerability Details
CVE-ID: CVE-2026-47101
Affected Software: LiteLLM
Affected Versions: LiteLLM prior to 1.83.14
Vulnerability: The application fails to properly validate permissions when generating API keys, allowing an authenticated internal user to assign access to restricted routes. This flaw permits an attacker to escalate privileges from a standard user to a proxy administrator.
Business Impact
The vulnerability carries a CVSS score of 8.8, indicating a high risk of unauthorized administrative takeover. Successful exploitation allows an attacker to manipulate AI routing, access sensitive API configurations, and potentially intercept or modify downstream requests, leading to severe data compromise and loss of system integrity.
Remediation Plan
Immediate Action: Upgrade to LiteLLM version v1.83.14-stable or later to apply the necessary permission checks.
Proactive Monitoring: Monitor audit logs for unusual API key generation events or access to administrative routes by non-privileged accounts.
Compensating Controls: Implement strict network segmentation and restrict access to the LiteLLM administrative interface to trusted management networks only.
Exploitation Status
Public Exploit Available: True
Analyst Notes: As of June 12, 2026, public Proof-of-Concept exploits are available for this vulnerability. Given the availability of exploit code, immediate patching is required to prevent unauthorized administrative access.
Analyst Recommendation
The presence of public exploit code significantly increases the risk of active exploitation. Organizations utilizing LiteLLM must prioritize upgrading to version v1.83.14-stable immediately to close this privilege escalation vector and prevent unauthorized administrative access to their proxy infrastructure.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Funnel Builder for WooCommerce Checkout prior to 3
Funnel Builder for WooCommerce Checkout prior to 3
---METADATA---
VENDOR: Funnel Builder
PRODUCT: Funnel Builder for WooCommerce Checkout
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
CONFIDENCE: low
MISSING: versions, patch, technical_details
---END_METADATA---
Description Summary:
A security vulnerability affects versions of Funnel Builder for WooCommerce Checkout prior to version 3.
Executive Summary:
A high-severity vulnerability in the Funnel Builder for WooCommerce Checkout plugin necessitates immediate action to protect e-commerce transaction integrity.
Vulnerability Details
CVE-ID: CVE-2026-47100
Affected Software: Funnel Builder for WooCommerce Checkout
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability affects the Funnel Builder plugin for WooCommerce; however, the specific nature of the flaw remains undisclosed, requiring users to rely on official vendor patches for remediation.
Business Impact
With a CVSS score of 7.5, this vulnerability presents a substantial risk to e-commerce platforms, potentially leading to unauthorized access to customer data or checkout manipulation. Failure to remediate could result in significant reputational damage and loss of consumer trust in the checkout process.
Remediation Plan
Immediate Action: Update the Funnel Builder for WooCommerce Checkout plugin to version 3 or the latest available release as specified by the vendor.
Proactive Monitoring: Review WooCommerce logs for anomalous checkout activity or unauthorized plugin configuration changes.
Compensating Controls: Utilize a Web Application Firewall (WAF) with rulesets designed to block common WordPress plugin exploits until the patch is successfully deployed.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 20, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Plugin vulnerabilities are frequent targets for automated attacks. Administrators must update the affected software to version 3 or later immediately to close the security gap and protect the integrity of the WooCommerce checkout flow.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Claude HUD through 0
Claude HUD through 0
---METADATA---
VENDOR: Unknown
PRODUCT: Claude HUD
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
CONFIDENCE: low
MISSING: versions, patch, technical_details, exploit_status
---END_METADATA---
Description Summary:
A vulnerability has been identified in the Claude HUD software; however, specific technical details regarding the nature of the flaw remain currently unavailable.
Executive Summary:
The Claude HUD software contains an unspecified vulnerability that requires immediate monitoring for vendor-provided technical details and patches.
Vulnerability Details
CVE-ID: CVE-2026-47092
Affected Software: Unknown Vendor, Claude HUD
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The specific nature of this vulnerability is currently undefined based on the available data. Users should treat this as a high-priority item until the vendor releases a detailed security advisory.
Business Impact
The CVSS score of 7.8 indicates a high severity level. Without specific technical details, the business impact is assumed to be significant, potentially involving unauthorized access or system compromise, which could disrupt critical business workflows.
Remediation Plan
Immediate Action: Actively monitor the vendor's official support and security channels for a forthcoming advisory and associated patch.
Proactive Monitoring: Increase logging and monitoring for the Claude HUD environment to detect any unusual or unauthorized activity.
Compensating Controls: Restrict network access to the affected system to only necessary users and services to reduce the potential attack surface while awaiting further information.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of May 19, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Due to the lack of specific technical documentation, it is essential to exercise caution. Proactively verify the integrity of the current deployment and be prepared to perform an emergency update as soon as the vendor publishes the necessary technical details and remediation steps.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Incorrect boundary conditions in the Audio/Video: GMP component
Incorrect boundary conditions in the Audio/Video: GMP component
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Incorrect boundary conditions in the Graphics component
Incorrect boundary conditions in the Graphics component
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Incorrect boundary conditions in the Graphics: Canvas2D component
Incorrect boundary conditions in the Graphics: Canvas2D component
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Multiple deserialization vulnerabilities exist that allow filter bypass and the triggering of unintended static initializers in Java-based products.
Multiple deserialization vulnerabilities exist that allow filter bypass and the triggering of unintended static initializers in Java-based products.
---METADATA---
VENDOR: Unknown
PRODUCT: Multiple Products
AFFECTED_VERSIONS: See vendor advisory
---END_METADATA---
Description Summary:
Multiple deserialization vulnerabilities exist that allow filter bypass and the triggering of unintended static initializers in Java-based products.
Executive Summary:
Critical Java deserialization flaws in unspecified products permit security filter bypasses and unauthorized execution of static initializers.
Vulnerability Details
CVE-ID: CVE-2026-47065
Affected Software: Unknown Multiple Products
Affected Versions: See vendor advisory
Vulnerability: This vulnerability comprises two distinct issues: ZDRES-232, which bypasses ObjectInputStream filters via java.lang.reflect.Proxy, and ZDRES-233, which triggers static initializers (<clinit>) of allow-listed classes. These vulnerabilities affect Java applications that perform insecure deserialization of untrusted data.
Business Impact
With a CVSS score of 9.8, this vulnerability poses a significant risk to the integrity and availability of Java-based applications. Exploitation can lead to bypasses of security controls and the execution of arbitrary code via side-effecting static initializers, potentially resulting in full system compromise.
Remediation Plan
Immediate Action: Identify all Java-based applications in the environment and apply the latest security patches provided by the software vendor.
Proactive Monitoring: Monitor application logs for deserialization errors or unexpected class loading activity that may indicate exploitation attempts.
Compensating Controls: Implement strict deserialization filters (JEP 290/380) to limit the classes allowed for deserialization, reducing the attack surface.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of Jun 3, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Organizations should consult their software vendors immediately to determine if their specific Java products are impacted. Given the severity of deserialization flaws, applying vendor-supplied patches as soon as they become available is mandatory to maintain security posture.
Update Unknown Multiple Products to the latest version. Monitor for exploitation attempts and review access logs.
Incorrect boundary conditions in the Graphics: Canvas2D component
Incorrect boundary conditions in the Graphics: Canvas2D component
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Undefined behavior in the WebRTC: Signaling component of Mozilla products creates a critical security risk for Firefox and Thunderbird users.
Undefined behavior in the WebRTC: Signaling component of Mozilla products creates a critical security risk for Firefox and Thunderbird users.
---METADATA---
VENDOR: Mozilla
PRODUCT: Firefox and Thunderbird
AFFECTED_VERSIONS: Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9
---END_METADATA---
Description Summary:
Undefined behavior in the WebRTC: Signaling component of Mozilla products creates a critical security risk for Firefox and Thunderbird users.
Executive Summary:
A critical vulnerability involving undefined behavior in the WebRTC: Signaling component of Mozilla Firefox and Thunderbird could lead to remote code execution.
Vulnerability Details
CVE-ID: CVE-2026-4705
Affected Software: Mozilla Firefox and Thunderbird
Affected Versions: Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9
Vulnerability: The vulnerability stems from undefined behavior within the WebRTC: Signaling component. This type of flaw can be triggered by unauthenticated remote attackers to cause memory corruption or unpredictable application states.
Business Impact
WebRTC vulnerabilities are particularly dangerous as they can often be triggered through malicious websites or malicious peer-to-peer connections. With a CVSS score of 9.8, this vulnerability poses a severe risk of remote code execution, which could result in the theft of sensitive session data or the compromise of the user's workstation.
Remediation Plan
Immediate Action: Update all Mozilla Firefox and Thunderbird installations to the latest versions (149 or 140.9 ESR) to resolve the undefined behavior in WebRTC.
Proactive Monitoring: Review logs for unusual WebRTC connection attempts or frequent crashes of the browser process during media sessions.
Compensating Controls: Implement browser isolation technologies or restrict WebRTC functionality via Group Policy if real-time communication is not required for certain user groups.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of Mar 24, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Undefined behavior in core communication components often provides a reliable pathway for remote exploitation. Immediate patching is the only effective way to ensure that users are protected from malicious actors who might target WebRTC signaling to gain unauthorized access.
Update Signal Multiple Products to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
Denial-of-service in the WebRTC: Signaling component
Denial-of-service in the WebRTC: Signaling component
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A JIT miscompilation in the JavaScript Engine of Mozilla products allows unauthenticated attackers to achieve remote code execution via crafted web co...
A JIT miscompilation in the JavaScript Engine of Mozilla products allows unauthenticated attackers to achieve remote code execution via crafted web content.
---METADATA---
VENDOR: Mozilla
PRODUCT: Firefox and Thunderbird
AFFECTED_VERSIONS: Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9
---END_METADATA---
Description Summary:
A JIT miscompilation in the JavaScript Engine of Mozilla products allows unauthenticated attackers to achieve remote code execution via crafted web content.
Executive Summary:
A critical JIT compiler error in Mozilla Firefox and Thunderbird allows for unauthenticated remote code execution, posing a severe threat to system security.
Vulnerability Details
CVE-ID: CVE-2026-4702
Affected Software: Mozilla Firefox and Thunderbird
Affected Versions: Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9
Vulnerability: This vulnerability is caused by a JIT (Just-In-Time) miscompilation within the JavaScript Engine. It allows an unauthenticated attacker to bypass type safety and memory protections by serving malicious JavaScript, resulting in remote code execution.
Business Impact
An attacker could gain full control over the affected system, leading to unauthorized data access and potential lateral movement within the corporate network. The CVSS score of 9.8 indicates a critical risk level, as the vulnerability can be exploited remotely with minimal user interaction beyond visiting a compromised website.
Remediation Plan
Immediate Action: Update all Mozilla Firefox and Thunderbird instances to the latest patched versions (Firefox 149 / ESR 140.9) immediately.
Proactive Monitoring: Watch for unusual network traffic originating from browser processes and monitor for unexpected application crashes that could indicate failed exploit attempts.
Compensating Controls: Use application control policies to restrict the execution of unauthorized programs and scripts on endpoint devices.
Exploitation Status
Public Exploit Available: No
Analyst Notes: As of Mar 24, 2026, there is no public information indicating active exploitation of this vulnerability. JIT-related flaws remain a primary focus for researchers and attackers seeking to bypass browser security.
Analyst Recommendation
The potential for unauthenticated remote code execution makes this a high-priority item for security teams. Organizations should ensure that browser update mechanisms are functioning correctly and that all users are running the most recent, secure versions of Mozilla software.
Update Unknown Multiple Products to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
A use-after-free vulnerability in the JavaScript Engine of Mozilla products allows unauthenticated remote code execution through memory corruption.
A use-after-free vulnerability in the JavaScript Engine of Mozilla products allows unauthenticated remote code execution through memory corruption.
---METADATA---
VENDOR: Mozilla
PRODUCT: Firefox and Thunderbird
AFFECTED_VERSIONS: Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9
---END_METADATA---
Description Summary:
A use-after-free vulnerability in the JavaScript Engine of Mozilla products allows unauthenticated remote code execution through memory corruption.
Executive Summary:
Mozilla Firefox and Thunderbird are susceptible to a critical use-after-free vulnerability in their JavaScript Engine, enabling unauthenticated attackers to compromise user systems.
Vulnerability Details
CVE-ID: CVE-2026-4701
Affected Software: Mozilla Firefox and Thunderbird
Affected Versions: Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9
Vulnerability: This is a use-after-free vulnerability residing in the core JavaScript Engine. An unauthenticated attacker can exploit this flaw by delivering a malicious script that manipulates memory objects, leading to arbitrary code execution.
Business Impact
Successful exploitation can lead to a complete system takeover. For a business, this translates to potential data breaches, loss of intellectual property, and significant downtime during incident response. The CVSS score of 9.8 reflects the severity of the vulnerability and the high likelihood of successful exploitation if left unpatched.
Remediation Plan
Immediate Action: Immediately upgrade all Firefox and Thunderbird installations to version 149 or ESR 140.9.
Proactive Monitoring: Utilize EDR solutions to monitor for suspicious memory access patterns or the execution of unauthorized shellcode originating from browser processes.
Compensating Controls: Implement browser isolation technologies or sandbox environments for high-risk users to limit the impact of a potential browser compromise.
Exploitation Status
Public Exploit Available: No
Analyst Notes: As of Mar 24, 2026, there is no public information indicating active exploitation of this vulnerability. However, memory corruption bugs in JavaScript engines are staple components of modern exploit kits.
Analyst Recommendation
This vulnerability poses a critical threat to desktop security. We recommend an immediate, organization-wide patch deployment to address this JavaScript Engine flaw and prevent unauthenticated remote code execution.
Update Unknown Multiple Products to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
A mitigation bypass vulnerability in the Networking: HTTP component affects several Mozilla products, including Firefox and Thunderbird.
A mitigation bypass vulnerability in the Networking: HTTP component affects several Mozilla products, including Firefox and Thunderbird.
---METADATA---
VENDOR: Mozilla
PRODUCT: Firefox and Thunderbird
AFFECTED_VERSIONS: Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9
---END_METADATA---
Description Summary:
A mitigation bypass vulnerability in the Networking: HTTP component affects several Mozilla products, including Firefox and Thunderbird.
Executive Summary:
Mozilla Firefox and Thunderbird are susceptible to a critical mitigation bypass within the HTTP networking stack, undermining fundamental security controls.
Vulnerability Details
CVE-ID: CVE-2026-4700
Affected Software: Mozilla Firefox and Thunderbird
Affected Versions: Firefox < 149, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9
Vulnerability: This vulnerability involves a mitigation bypass within the Networking: HTTP component. It allows an unauthenticated attacker to circumvent built-in security protections designed to prevent malicious network activity.
Business Impact
By bypassing critical security mitigations, an attacker can more effectively deliver payloads or perform man-in-the-middle attacks. The CVSS score of 9.8 highlights the critical nature of this flaw, as it significantly lowers the bar for further exploitation, potentially leading to widespread data theft and loss of integrity for web-based communications.
Remediation Plan
Immediate Action: Deploy the latest security updates for Firefox (v149+), Firefox ESR (v140.9+), and Thunderbird (v149+ or v140.9+) to address the bypass.
Proactive Monitoring: Monitor network traffic for anomalous HTTP headers or patterns that suggest an attempt to circumvent standard protocol security.
Compensating Controls: Use a secure web gateway (SWG) to inspect encrypted traffic and enforce additional protocol-level security checks.
Exploitation Status
Public Exploit Available: Unknown
Analyst Notes: As of Mar 24, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
The ability to bypass security mitigations directly impacts the overall defense-in-depth posture of the organization. It is critical that these updates are applied immediately to ensure that the browser's networking stack remains resilient against modern web-based threats.
Update Mitigation Multiple Products to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
Incorrect boundary conditions in the Layout: Text and Fonts component
Incorrect boundary conditions in the Layout: Text and Fonts component
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A critical JIT miscompilation vulnerability in the JavaScript Engine of Mozilla browsers allows for remote code execution via malicious scripts.
A critical JIT miscompilation vulnerability in the JavaScript Engine of Mozilla browsers allows for remote code execution via malicious scripts.
---METADATA---
VENDOR: Mozilla
PRODUCT: Firefox and Thunderbird
AFFECTED_VERSIONS: Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9
---END_METADATA---
Description Summary:
A critical JIT miscompilation vulnerability in the JavaScript Engine of Mozilla browsers allows for remote code execution via malicious scripts.
Executive Summary:
A critical flaw in the JavaScript Just-In-Time (JIT) compiler of Mozilla Firefox and Thunderbird allows unauthenticated attackers to execute arbitrary code on target systems.
Vulnerability Details
CVE-ID: CVE-2026-4698
Affected Software: Mozilla Firefox and Thunderbird
Affected Versions: Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9
Vulnerability: This vulnerability involves a JIT miscompilation within the JavaScript Engine. An unauthenticated attacker can exploit this by serving a malicious script that triggers an incorrect compilation path, leading to memory corruption and code execution.
Business Impact
This vulnerability enables Remote Code Execution (RCE), which could result in a total loss of system integrity and confidentiality. Attackers can leverage this to steal session cookies, access local files, or deploy ransomware. The CVSS score of 9.8 indicates that this is a highly critical threat that requires immediate remediation.
Remediation Plan
Immediate Action: Update Firefox and Thunderbird to version 149 or the latest available ESR releases to patch the JavaScript Engine.
Proactive Monitoring: Monitor for anomalous JavaScript execution patterns and high CPU usage by browser processes, which may indicate exploitation attempts.
Compensating Controls: Disable JIT compilation via browser configuration if updates cannot be applied immediately, though this will significantly impact performance.
Exploitation Status
Public Exploit Available: No
Analyst Notes: As of Mar 24, 2026, there is no public information indicating active exploitation of this vulnerability. JIT vulnerabilities are complex but highly effective for bypassing modern browser sandboxes.
Analyst Recommendation
The risk of remote code execution via the JavaScript engine is a top-tier security concern. We strongly recommend that all organizations apply the vendor-provided patches immediately to mitigate the risk of unauthenticated attacks targeting end-users.
Update Unknown Multiple Products to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
A critical vulnerability in the Oracle Solaris Remote Administration Daemon allows unauthenticated attackers to modify or delete critical system data...
A critical vulnerability in the Oracle Solaris Remote Administration Daemon allows unauthenticated attackers to modify or delete critical system data via HTTPS.
---METADATA---
VENDOR: Oracle
PRODUCT: Solaris
AFFECTED_VERSIONS: 11.4
---END_METADATA---
Description Summary:
A critical vulnerability in the Oracle Solaris Remote Administration Daemon allows unauthenticated attackers to modify or delete critical system data via HTTPS.
Executive Summary:
An unauthenticated, critical vulnerability in Oracle Solaris allows remote attackers to manipulate or delete sensitive data without any user interaction.
Vulnerability Details
CVE-ID: CVE-2026-46978
Affected Software: Oracle Solaris
Affected Versions: 11.4
Vulnerability: The Remote Administration Daemon in Solaris 11.4 lacks proper authentication checks, permitting an unauthenticated attacker with network access to perform unauthorized data modifications. The vulnerability is network-exploitable via HTTPS and carries a high risk of data integrity loss.
Business Impact
With a CVSS score of 10.0, this flaw represents a significant risk to the integrity and confidentiality of critical Oracle Solaris systems. Successful exploitation could allow an attacker to destroy or alter sensitive business data, potentially causing irreversible service disruption and loss of critical information.
Remediation Plan
Immediate Action: Apply the relevant security patch from the Oracle June 2026 Critical Security Patch Update to all Solaris 11.4 installations.
Proactive Monitoring: Review audit logs for unauthorized access attempts to the Remote Administration Daemon and monitor for unexpected modifications to critical system files.
Compensating Controls: Restrict access to the Remote Administration Daemon to trusted network ranges and ensure the service is not exposed to the public internet.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of Jun 17, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Organizations running Oracle Solaris 11.4 must treat this vulnerability with the highest priority. Given the ease of exploitation and the potential for complete data compromise, patching should be scheduled immediately to maintain system integrity.
Update Oracle Solaris product to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle Outsourced Mfg for Discrete Industries product of Oracle E-Business Suite (component: Internal Operations)
Vulnerability in the Oracle Outsourced Mfg for Discrete Industries product of Oracle E-Business Suite (component: Internal Operations)
---METADATA---
VENDOR: Oracle
PRODUCT: E-Business Suite (Outsourced Mfg for Discrete Industries)
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A vulnerability exists in the Internal Operations component of Oracle Outsourced Mfg for Discrete Industries within the Oracle E-Business Suite.
Executive Summary:
A high-severity vulnerability in the Oracle E-Business Suite could allow an authenticated attacker to compromise the integrity and availability of internal manufacturing operations.
Vulnerability Details
CVE-ID: CVE-2026-46973
Affected Software: Oracle E-Business Suite (Outsourced Mfg for Discrete Industries)
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability affects the Internal Operations component of the application. It requires an authenticated user with appropriate access levels to trigger the vulnerable functionality within the suite.
Business Impact
With a CVSS score of 8.8, this flaw represents a substantial threat to the enterprise. Exploitation could facilitate unauthorized access to manufacturing data and disrupt mission-critical business processes, leading to significant reputational damage and potential loss of intellectual property.
Remediation Plan
Immediate Action: Identify the affected E-Business Suite instances and apply the official Oracle security updates as soon as they are made available.
Proactive Monitoring: Review audit logs for suspicious modifications to manufacturing configurations or unauthorized access to sensitive internal data modules.
Compensating Controls: Implement Web Application Firewall (WAF) rules designed to filter malicious traffic directed at Oracle E-Business Suite components.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 18, 2026, there is no public information indicating active exploitation of this vulnerability. However, the high CVSS score indicates that the underlying flaw is severe and requires immediate remediation.
Analyst Recommendation
Given the critical nature of Oracle E-Business Suite in industrial environments, immediate patching is essential. Security teams should coordinate with database and application administrators to apply the necessary updates to prevent potential unauthorized access.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle Outsourced Mfg for Discrete Industries product of Oracle E-Business Suite (component: Internal Operations)
Vulnerability in the Oracle Outsourced Mfg for Discrete Industries product of Oracle E-Business Suite (component: Internal Operations)
---METADATA---
VENDOR: Oracle
PRODUCT: E-Business Suite (Outsourced Mfg for Discrete Industries)
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A vulnerability exists in the Internal Operations component of Oracle Outsourced Mfg for Discrete Industries within the Oracle E-Business Suite.
Executive Summary:
A high-severity vulnerability in the Oracle E-Business Suite could allow an authenticated attacker to compromise the integrity and availability of internal manufacturing operations.
Vulnerability Details
CVE-ID: CVE-2026-46972
Affected Software: Oracle E-Business Suite (Outsourced Mfg for Discrete Industries)
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability affects the Internal Operations component of the application. Given the nature of Oracle E-Business Suite components, this typically requires an authenticated user with sufficient privileges to interact with internal business logic.
Business Impact
With a CVSS score of 8.8, this vulnerability poses a significant risk to organizational operations. Successful exploitation could lead to unauthorized data modification, disruption of critical manufacturing workflows, and potential compromise of internal business processes, resulting in severe operational downtime and financial impact.
Remediation Plan
Immediate Action: Review the latest Oracle Critical Patch Update (CPU) and apply the necessary security patches to the E-Business Suite environment immediately.
Proactive Monitoring: Monitor application logs for unusual administrative activity or unauthorized attempts to access the Internal Operations module.
Compensating Controls: Restrict network access to the E-Business Suite interface to trusted internal segments and employ strict role-based access control (RBAC) to limit user permissions.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 18, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the high CVSS score and the critical nature of the affected platform, the potential for exploitation remains high.
Analyst Recommendation
The severity of this vulnerability necessitates a swift response. Organizations should prioritize testing and deploying the vendor-supplied patches in their staging environments before moving to production to ensure business continuity and robust protection against potential exploitation.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Incorrect boundary conditions in the Audio/Video: Web Codecs component
Incorrect boundary conditions in the Audio/Video: Web Codecs component
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle Public Sector Financials (International) product of Oracle E-Business Suite (component: Authorization)
Vulnerability in the Oracle Public Sector Financials (International) product of Oracle E-Business Suite (component: Authorization)
---METADATA---
VENDOR: Oracle
PRODUCT: E-Business Suite (Public Sector Financials)
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A high-severity vulnerability exists within the Authorization component of the Oracle E-Business Suite Public Sector Financials (International) product.
Executive Summary:
An authenticated attacker could exploit a vulnerability in the Oracle E-Business Suite Public Sector Financials component to bypass authorization controls and gain unauthorized access.
Vulnerability Details
CVE-ID: CVE-2026-46967
Affected Software: Oracle E-Business Suite (Public Sector Financials)
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The flaw resides in the Authorization component, allowing an authenticated attacker to potentially bypass security checks and perform actions beyond their assigned privileges.
Business Impact
The CVSS score of 8.8 reflects a critical risk to data integrity and access control within the Public Sector Financials module. Unauthorized escalation of privileges can lead to the illicit modification of financial records and unauthorized access to sensitive fiscal data.
Remediation Plan
Immediate Action: Apply the vendor security updates immediately to restore proper authorization controls within the affected module.
Proactive Monitoring: Review user authorization logs and monitor for privilege escalation attempts or unusual access patterns in financial modules.
Compensating Controls: Restrict access to the Public Sector Financials module using network-level controls and ensure that session management is strictly enforced.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 18, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Authorization bypass vulnerabilities are severe and require immediate attention to prevent internal data manipulation. Administrators must prioritize the installation of vendor patches to ensure robust security posture for financial systems.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration)
Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration)
---METADATA---
VENDOR: Oracle
PRODUCT: E-Business Suite (Universal Work Queue)
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A high-severity vulnerability exists within the Work Provider Site Level Administration component of the Oracle E-Business Suite Universal Work Queue.
Executive Summary:
An authenticated attacker could exploit a vulnerability in the Oracle E-Business Suite Universal Work Queue component to perform unauthorized site-level administrative actions.
Vulnerability Details
CVE-ID: CVE-2026-46965
Affected Software: Oracle E-Business Suite (Universal Work Queue)
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability exists in the Work Provider Site Level Administration component, requiring an authenticated attacker to exploit the lack of proper validation at the administrative level.
Business Impact
A CVSS score of 8.8 underscores the significant risk of administrative-level compromise. An attacker exploiting this could potentially gain full control over the Universal Work Queue, resulting in severe data loss or manipulation of critical business processes.
Remediation Plan
Immediate Action: Apply the relevant security patch from Oracle to remediate the vulnerability in the Work Provider Site Level Administration component.
Proactive Monitoring: Audit administrative access logs and monitor for unauthorized changes to site-level configuration settings.
Compensating Controls: Enforce multi-factor authentication (MFA) for all administrative accounts to mitigate the risk of credential misuse.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 18, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the administrative scope of this vulnerability, immediate remediation is required. Security teams should verify their current version against the vendor advisory and deploy the necessary patches to protect the E-Business Suite.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle Project Portfolio Analysis product of Oracle E-Business Suite (component: Internal Operations)
Vulnerability in the Oracle Project Portfolio Analysis product of Oracle E-Business Suite (component: Internal Operations)
---METADATA---
VENDOR: Oracle
PRODUCT: E-Business Suite (Project Portfolio Analysis)
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A high-severity vulnerability exists within the Internal Operations component of the Oracle E-Business Suite Project Portfolio Analysis product.
Executive Summary:
An authenticated attacker could exploit a vulnerability in the Oracle E-Business Suite Project Portfolio Analysis component to compromise internal operations and gain unauthorized system access.
Vulnerability Details
CVE-ID: CVE-2026-46962
Affected Software: Oracle E-Business Suite (Project Portfolio Analysis)
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability is located within the Internal Operations component of the Project Portfolio Analysis product, requiring an authenticated attacker to trigger the flaw.
Business Impact
The CVSS score of 8.8 highlights a substantial risk to the integrity and confidentiality of the E-Business Suite. Exploitation could allow an attacker to bypass security controls, leading to unauthorized data access and potential operational downtime.
Remediation Plan
Immediate Action: Apply the vendor-provided security patches immediately upon availability to eliminate the vulnerability.
Proactive Monitoring: Review audit logs for suspicious administrative or internal operations activity within the Project Portfolio Analysis application.
Compensating Controls: Ensure that the Principle of Least Privilege is applied to all user accounts to minimize the potential impact of an account-based exploitation.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 18, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Organizations should prioritize patching this vulnerability to prevent potential unauthorized access. IT administrators are advised to monitor vendor updates closely and ensure all affected instances are updated without delay.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle Project Portfolio Analysis product of Oracle E-Business Suite (component: Internal Operations)
Vulnerability in the Oracle Project Portfolio Analysis product of Oracle E-Business Suite (component: Internal Operations)
---METADATA---
VENDOR: Oracle
PRODUCT: E-Business Suite (Project Portfolio Analysis)
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A high-severity vulnerability exists within the Internal Operations component of the Oracle E-Business Suite Project Portfolio Analysis product.
Executive Summary:
An authenticated attacker could exploit a vulnerability in the Oracle E-Business Suite Project Portfolio Analysis component to compromise internal operations and potentially gain unauthorized access.
Vulnerability Details
CVE-ID: CVE-2026-46961
Affected Software: Oracle E-Business Suite (Project Portfolio Analysis)
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability affects the Internal Operations component of the Project Portfolio Analysis product, requiring an authenticated user to leverage the flaw for unauthorized access or operational disruption.
Business Impact
With a CVSS score of 8.8, this vulnerability presents a high risk to organizational security. Compromise could result in the unauthorized modification of project data, loss of confidentiality, and potential disruption of integrated business workflows.
Remediation Plan
Immediate Action: Identify the correct patch version through the official Oracle security advisory and schedule an immediate deployment.
Proactive Monitoring: Monitor user activity logs for unusual patterns, specifically focusing on the Project Portfolio Analysis module.
Compensating Controls: Utilize a Web Application Firewall (WAF) to filter malicious requests directed at the E-Business Suite application tier.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 18, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Security teams should treat this vulnerability as a high-priority item. Prompt installation of vendor-supplied patches is the only effective way to remediate the underlying flaw and secure the environment against potential exploitation.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A critical use-after-free vulnerability in the Layout: Text and Fonts component of Mozilla products could allow for remote code execution when process...
A critical use-after-free vulnerability in the Layout: Text and Fonts component of Mozilla products could allow for remote code execution when processing malicious web content.
---METADATA---
VENDOR: Mozilla
PRODUCT: Firefox and Thunderbird
AFFECTED_VERSIONS: Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9
---END_METADATA---
Description Summary:
A critical use-after-free vulnerability in the Layout: Text and Fonts component of Mozilla products could allow for remote code execution when processing malicious web content.
Executive Summary:
Mozilla Firefox and Thunderbird contain a critical memory corruption vulnerability in the text layout engine that enables remote code execution by unauthenticated attackers.
Vulnerability Details
CVE-ID: CVE-2026-4696
Affected Software: Mozilla Firefox and Thunderbird
Affected Versions: Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9
Vulnerability: The vulnerability is a use-after-free flaw in the "Layout: Text and Fonts" component. It occurs when the application attempts to access memory after it has been freed, which an unauthenticated attacker can exploit via a malicious website or email.
Business Impact
Successful exploitation allows an attacker to bypass security boundaries and execute arbitrary code. This could lead to the exfiltration of sensitive user data, credential harvesting, or the establishment of a persistent foothold within the corporate network. The CVSS score of 9.8 reflects the high impact on confidentiality, integrity, and availability.
Remediation Plan
Immediate Action: Deploy the latest security updates provided by Mozilla for Firefox and Thunderbird to all end-user devices.
Proactive Monitoring: Review endpoint security logs for signs of memory corruption exploits or suspicious child processes spawned by browser applications.
Compensating Controls: Implement robust email filtering to block malicious attachments and links, and use web content filtering to restrict access to known malicious domains.
Exploitation Status
Public Exploit Available: No
Analyst Notes: As of Mar 24, 2026, there is no public information indicating active exploitation of this vulnerability. Use-after-free bugs in layout engines are high-value targets for exploit developers due to their reliability.
Analyst Recommendation
This vulnerability represents a significant risk to the organization's security posture. Immediate patching is the only reliable mitigation; therefore, IT departments should expedite the rollout of Mozilla updates across the entire enterprise to prevent potential exploitation.
Update Unknown Multiple Products to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle Quality product of Oracle E-Business Suite (component: Internal Operations)
Vulnerability in the Oracle Quality product of Oracle E-Business Suite (component: Internal Operations)
---METADATA---
VENDOR: Oracle
PRODUCT: E-Business Suite (Quality)
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A high-severity vulnerability exists within the Internal Operations component of the Oracle E-Business Suite Quality product.
Executive Summary:
An authenticated attacker could exploit a vulnerability in the Oracle E-Business Suite Quality component to compromise internal operations and potentially gain unauthorized system access.
Vulnerability Details
CVE-ID: CVE-2026-46952
Affected Software: Oracle E-Business Suite (Quality)
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability resides in the Internal Operations component of the Oracle Quality product. It requires an authenticated user to perform actions that may lead to unauthorized operational impact.
Business Impact
Successful exploitation of this flaw carries a CVSS score of 8.8, indicating a high risk of system compromise. Unauthorized access to the E-Business Suite can lead to the exposure of sensitive corporate data, disruption of business processes, and significant reputational damage.
Remediation Plan
Immediate Action: Consult the official Oracle Security Alert advisory to identify and apply the necessary patches for your specific environment.
Proactive Monitoring: Review application and database access logs for anomalous activity or unauthorized commands originating from authenticated user accounts.
Compensating Controls: Implement strict network segmentation and ensure that access to the E-Business Suite is restricted to authorized personnel only via VPN or secure gateway.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 18, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation remains significant.
Analyst Recommendation
Given the high CVSS score, organizations must prioritize the review of vendor guidance. Administrators should apply the relevant security patches immediately to mitigate the risk of unauthorized access to critical business infrastructure.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle Quality product of Oracle E-Business Suite (component: Internal Operations)
Vulnerability in the Oracle Quality product of Oracle E-Business Suite (component: Internal Operations)
---METADATA---
VENDOR: Oracle
PRODUCT: E-Business Suite (Quality)
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A high-severity vulnerability exists within the Internal Operations component of Oracle E-Business Suite’s Quality product.
Executive Summary:
A high-severity vulnerability in the Oracle E-Business Suite Quality module could allow an authenticated attacker to compromise the integrity of quality assurance data.
Vulnerability Details
CVE-ID: CVE-2026-46951
Affected Software: Oracle E-Business Suite (Quality)
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability affects the Internal Operations component of the Quality product, potentially allowing an authenticated attacker to perform unauthorized actions that affect quality control processes.
Business Impact
A CVSS score of 8.8 signifies a significant threat to the integrity of quality management data. Successful exploitation could lead to the unauthorized modification or deletion of quality records, causing major disruptions in quality assurance and manufacturing compliance.
Remediation Plan
Immediate Action: Apply the necessary security updates from the Oracle Critical Patch Update to the affected Quality module.
Proactive Monitoring: Monitor access and audit logs for any unauthorized modification of quality-related records or unusual system access patterns.
Compensating Controls: Restrict permissions for the Quality module to the minimum necessary for job roles and deploy WAF rules to monitor for suspicious inputs within the application.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 18, 2026, there is no public information indicating active exploitation of this vulnerability. Nonetheless, the high severity necessitates immediate patch management.
Analyst Recommendation
Due to the critical nature of quality assurance systems, organizations should prioritize patching this vulnerability. Failure to address this flaw could lead to compromised data integrity and regulatory non-compliance.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Internal Operations)
Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Internal Operations)
---METADATA---
VENDOR: Oracle
PRODUCT: E-Business Suite (Advanced Outbound Telephony)
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A high-severity vulnerability exists within the Internal Operations component of Oracle E-Business Suite’s Advanced Outbound Telephony product.
Executive Summary:
A high-severity vulnerability in the Oracle E-Business Suite Advanced Outbound Telephony module could allow an authenticated attacker to manipulate critical telephony operations.
Vulnerability Details
CVE-ID: CVE-2026-46950
Affected Software: Oracle E-Business Suite (Advanced Outbound Telephony)
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This security flaw impacts the Internal Operations component, where an authenticated user may exploit the system to gain unauthorized control over telephony functions or data.
Business Impact
The CVSS score of 8.8 highlights the severity of this issue. Potential impacts include unauthorized access to telephony configurations, disruption of business-critical customer contact services, and potential data exfiltration related to outbound communication records.
Remediation Plan
Immediate Action: Update the affected Oracle E-Business Suite components by applying the latest security patches provided by the vendor.
Proactive Monitoring: Implement logging for all administrative operations within the Advanced Outbound Telephony module to detect and investigate any suspicious behavior.
Compensating Controls: Use WAF to inspect traffic for common attack patterns and restrict access to the management console to a hardened jump-host or specific subnet.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 18, 2026, there is no public information indicating active exploitation of this vulnerability. However, the potential for exploitation is high due to the nature of the affected component.
Analyst Recommendation
Urgency is required to mitigate this vulnerability. Security administrators must ensure all patches are tested and deployed to the affected Oracle production environments as soon as possible to prevent potential exploitation.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Incorrect boundary conditions in the Audio/Video: Web Codecs component
Incorrect boundary conditions in the Audio/Video: Web Codecs component
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Internal Operations)
Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Internal Operations)
---METADATA---
VENDOR: Oracle
PRODUCT: E-Business Suite (Advanced Outbound Telephony)
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A high-severity vulnerability exists within the Internal Operations component of Oracle E-Business Suite’s Advanced Outbound Telephony product.
Executive Summary:
A high-severity vulnerability in the Oracle E-Business Suite Advanced Outbound Telephony module could allow an authenticated attacker to compromise critical communication systems.
Vulnerability Details
CVE-ID: CVE-2026-46947
Affected Software: Oracle E-Business Suite (Advanced Outbound Telephony)
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability affects the Internal Operations component of the Advanced Outbound Telephony product, which may allow an authenticated user to perform unauthorized actions within the telephony management interface.
Business Impact
The CVSS score of 8.8 reflects the high potential for system compromise. An attacker successfully exploiting this could disrupt outbound communication operations, gain unauthorized access to telephony configurations, or compromise sensitive customer interaction data.
Remediation Plan
Immediate Action: Apply the appropriate security updates from Oracle to all affected Advanced Outbound Telephony components immediately.
Proactive Monitoring: Monitor telephony system logs for unauthorized configuration changes or suspicious outbound activity patterns.
Compensating Controls: Employ network segmentation and WAF policies to limit access to the telephony management interface to authorized internal networks only.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 18, 2026, there is no public information indicating active exploitation of this vulnerability. Despite this, the high severity justifies prompt remediation.
Analyst Recommendation
Organizations utilizing Oracle E-Business Suite for telephony management should perform a comprehensive review of their security patches. Applying the vendor-supplied fix is the only reliable method to eliminate the risk posed by this vulnerability.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle Process Manufacturing Process Planning product of Oracle E-Business Suite (component: Internal Operations)
Vulnerability in the Oracle Process Manufacturing Process Planning product of Oracle E-Business Suite (component: Internal Operations)
---METADATA---
VENDOR: Oracle
PRODUCT: E-Business Suite (Process Manufacturing)
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A high-severity vulnerability exists within the Internal Operations component of Oracle E-Business Suite’s Process Manufacturing Process Planning product.
Executive Summary:
A high-severity flaw in the Oracle E-Business Suite Process Manufacturing module poses a significant risk to the security and operational continuity of enterprise manufacturing systems.
Vulnerability Details
CVE-ID: CVE-2026-46942
Affected Software: Oracle E-Business Suite (Process Manufacturing)
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability resides in the Internal Operations component of the Process Manufacturing Process Planning product, allowing an authenticated attacker to potentially manipulate process data.
Business Impact
With a CVSS score of 8.8, this vulnerability represents a severe threat to manufacturing data integrity. Exploitation could result in unauthorized modification of production plans, leading to significant operational disruption and financial loss.
Remediation Plan
Immediate Action: Identify all instances of Oracle E-Business Suite running the Process Manufacturing module and apply the relevant security patches provided by Oracle.
Proactive Monitoring: Review audit logs for anomalous transactions or unauthorized modifications related to the Process Planning module components.
Compensating Controls: Restrict access to the affected module to only necessary personnel and leverage WAF rules to filter malicious traffic targeting internal operational modules.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 18, 2026, there is no public information indicating active exploitation of this vulnerability. However, the potential for exploitation is significant given the critical nature of manufacturing process control.
Analyst Recommendation
Security teams must prioritize patching this vulnerability to prevent unauthorized access or system manipulation. Immediate application of vendor-supplied updates is essential to mitigating the risk to your production environment.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle Cost Management product of Oracle E-Business Suite (component: Cost Planning)
Vulnerability in the Oracle Cost Management product of Oracle E-Business Suite (component: Cost Planning)
---METADATA---
VENDOR: Oracle
PRODUCT: E-Business Suite (Cost Management)
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A high-severity vulnerability exists within the Cost Planning component of Oracle E-Business Suite’s Cost Management product.
Executive Summary:
A high-severity vulnerability in Oracle E-Business Suite Cost Management could allow an authenticated attacker to compromise system integrity and confidentiality.
Vulnerability Details
CVE-ID: CVE-2026-46940
Affected Software: Oracle E-Business Suite (Cost Management)
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability affects the Cost Planning component of the Oracle E-Business Suite. While specific attack vectors are limited by vendor disclosure, the flaw requires an authenticated user to perform unauthorized operations.
Business Impact
The high CVSS score of 8.8 indicates a significant risk to organizational operations. Successful exploitation could lead to unauthorized access to sensitive financial data, disruption of cost-planning processes, and potential escalation of privileges within the ERP environment.
Remediation Plan
Immediate Action: Review the latest Oracle Critical Patch Update (CPU) advisory and apply the necessary patches to the affected E-Business Suite environment immediately.
Proactive Monitoring: Monitor application and database access logs for unusual administrative activity or unauthorized access attempts originating from authenticated user accounts.
Compensating Controls: Implement strict role-based access control (RBAC) and utilize a Web Application Firewall (WAF) to detect and block abnormal request patterns targeting Cost Planning components.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 18, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the complexity and sensitivity of the Oracle E-Business Suite, the risk of exploitation remains high.
Analyst Recommendation
Given the high CVSS score, organizations should treat this vulnerability as a priority. Administrators must verify their current patch levels against the latest Oracle security bulletins and apply recommended updates to maintain the security posture of their ERP infrastructure.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Incorrect boundary conditions, integer overflow in the Graphics component
Incorrect boundary conditions, integer overflow in the Graphics component
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle iSetup product of Oracle E-Business Suite (component: General Ledger Update Transform, Reports)
Vulnerability in the Oracle iSetup product of Oracle E-Business Suite (component: General Ledger Update Transform, Reports)
---METADATA---
VENDOR: Oracle
PRODUCT: E-Business Suite
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A vulnerability in the iSetup product of Oracle E-Business Suite could allow for unauthorized data transformation or reporting manipulation.
Executive Summary:
A high-severity vulnerability in the Oracle E-Business Suite iSetup component threatens the integrity of general ledger updates and reporting processes.
Vulnerability Details
CVE-ID: CVE-2026-46937
Affected Software: Oracle E-Business Suite
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The flaw affects the General Ledger Update Transform and Reports components of the iSetup product. This could potentially allow an unauthorized user to influence reporting outputs or ledger configurations, necessitating strict validation of user inputs.
Business Impact
The CVSS score of 8.8 reflects the high risk to financial data integrity. Exploitation could result in inaccurate financial reporting, manipulation of ledger updates, or the unauthorized disclosure of sensitive business configuration data, leading to significant compliance and operational challenges.
Remediation Plan
Immediate Action: Apply the vendor-supplied security patches for the iSetup component of E-Business Suite without delay.
Proactive Monitoring: Monitor for unusual activity within the General Ledger Update Transform function and audit all generated reports for signs of unauthorized modification.
Compensating Controls: Implement strict input validation and access controls at the application level and utilize database monitoring to detect any unauthorized modifications to ledger records.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 18, 2026, there is no public information indicating active exploitation of this vulnerability. Nevertheless, the risk to financial reporting makes this a high-priority security concern.
Analyst Recommendation
Financial systems integrity is paramount. Security teams must ensure that the iSetup component is fully patched and that all administrative access to financial configuration tools is strictly monitored and secured.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite (component: Internal Operations)
Vulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite (component: Internal Operations)
---METADATA---
VENDOR: Oracle
PRODUCT: E-Business Suite
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A security vulnerability in the Enterprise Asset Management component of Oracle E-Business Suite could allow for unauthorized internal operational changes.
Executive Summary:
A high-severity vulnerability in the Oracle E-Business Suite Enterprise Asset Management module risks the compromise of critical asset data and operational control.
Vulnerability Details
CVE-ID: CVE-2026-46931
Affected Software: Oracle E-Business Suite
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability affects the Internal Operations component of Enterprise Asset Management. It may allow an attacker to interfere with asset lifecycle management or maintenance schedules, requiring immediate review of access permissions.
Business Impact
Given the CVSS score of 8.8, this vulnerability poses a significant risk to operational efficiency. Exploitation could lead to the loss of asset tracking accuracy, unauthorized modification of maintenance protocols, or unauthorized access to sensitive internal infrastructure data, resulting in operational disruption.
Remediation Plan
Immediate Action: Immediately apply the latest Oracle Critical Patch Update for the Enterprise Asset Management module.
Proactive Monitoring: Review audit trails specifically for the Enterprise Asset Management module, focusing on modifications to asset configurations and maintenance logs.
Compensating Controls: Ensure that access to the Enterprise Asset Management system is restricted to authorized personnel via secure VPNs and strong multi-factor authentication.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 18, 2026, there is no public information indicating active exploitation of this vulnerability. However, the criticality of asset management data necessitates swift remediation to prevent potential unauthorized access.
Analyst Recommendation
Organizations should prioritize the deployment of vendor-provided patches for the Enterprise Asset Management component. Maintaining system integrity is vital for operational stability, and this update should be applied during the next available maintenance window.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Incorrect boundary conditions in the Audio/Video: Playback component
Incorrect boundary conditions in the Audio/Video: Playback component
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle Cost Management product of Oracle E-Business Suite (component: Cost Planning)
Vulnerability in the Oracle Cost Management product of Oracle E-Business Suite (component: Cost Planning)
---METADATA---
VENDOR: Oracle
PRODUCT: E-Business Suite
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A vulnerability in the Cost Management component of Oracle E-Business Suite could allow for unauthorized manipulation of cost planning data.
Executive Summary:
A critical vulnerability in the Oracle E-Business Suite Cost Management module poses a severe risk to the integrity of sensitive financial and planning data.
Vulnerability Details
CVE-ID: CVE-2026-46929
Affected Software: Oracle E-Business Suite
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The flaw exists within the Cost Planning component. This vulnerability potentially allows an attacker to influence cost-related calculations or data, which necessitates strict enforcement of authorization controls within the application.
Business Impact
The CVSS score of 8.8 underscores the severity of this issue. Successful exploitation could compromise financial integrity, lead to the disclosure of sensitive cost structures, or facilitate fraudulent activity within the cost management system, causing significant financial and operational damage.
Remediation Plan
Immediate Action: Apply the relevant Oracle security patches to the Cost Management module as identified in the latest vendor documentation.
Proactive Monitoring: Monitor for anomalous changes to cost planning records and ensure that administrative access to the Cost Management module is strictly audited.
Compensating Controls: Employ role-based access control (RBAC) and database activity monitoring to detect and block unauthorized attempts to modify financial planning data.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 18, 2026, there is no public information indicating active exploitation of this vulnerability. Despite the lack of current exploit data, the high severity justifies immediate attention.
Analyst Recommendation
The potential for financial data tampering makes this vulnerability a high-priority item. Organizations are urged to verify their patch status and implement the recommended security updates to ensure the integrity of their cost management processes.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle Spares Management product of Oracle E-Business Suite (component: Internal Operations)
Vulnerability in the Oracle Spares Management product of Oracle E-Business Suite (component: Internal Operations)
---METADATA---
VENDOR: Oracle
PRODUCT: E-Business Suite
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A security flaw has been identified in the Spares Management component of Oracle E-Business Suite that could be exploited to compromise internal operations.
Executive Summary:
A high-severity vulnerability in the Oracle E-Business Suite Spares Management component threatens the security and stability of internal business operations.
Vulnerability Details
CVE-ID: CVE-2026-46928
Affected Software: Oracle E-Business Suite
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability resides within the Internal Operations component of the Spares Management module. It potentially allows an attacker to manipulate internal processes, requiring rigorous attention to access control and input validation.
Business Impact
With a CVSS score of 8.8, this vulnerability presents a substantial risk to enterprise resource planning. An exploit could lead to the unauthorized modification of supply chain data, disruption of inventory management, or unauthorized administrative control, directly impacting business continuity and financial reporting accuracy.
Remediation Plan
Immediate Action: Identify all instances of Oracle E-Business Suite running the Spares Management module and apply the vendor-provided security patches immediately.
Proactive Monitoring: Review application-level audit logs for unexpected modifications to spares data or unauthorized execution of internal operational workflows.
Compensating Controls: Restrict access to the E-Business Suite to trusted internal networks and utilize database-level monitoring to detect unauthorized queries or transactions.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 18, 2026, there is no public information indicating active exploitation of this vulnerability. However, the high severity score necessitates a proactive patching strategy to prevent potential unauthorized access.
Analyst Recommendation
Security teams must treat this advisory with high priority to protect the integrity of the E-Business Suite. Ensure that the latest Oracle security updates are deployed across all affected environments to mitigate the identified risks.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager)
Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager)
---METADATA---
VENDOR: Oracle
PRODUCT: Siebel CRM
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A vulnerability exists in the Siebel Cloud Manager component of Oracle Siebel CRM that may allow unauthorized access or impact system integrity.
Executive Summary:
A high-severity vulnerability in the Oracle Siebel CRM Cloud Manager component poses a significant risk to organizational data integrity and system availability.
Vulnerability Details
CVE-ID: CVE-2026-46926
Affected Software: Oracle Siebel CRM
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability affects the Siebel Cloud Manager component. While specific authentication requirements are not detailed by the vendor, the nature of the component suggests it handles administrative or orchestration tasks that could be leveraged by an attacker to gain unauthorized control.
Business Impact
The CVSS score of 8.8 indicates a high risk of potential compromise. Successful exploitation could lead to unauthorized access to sensitive CRM data, service disruption, or unauthorized administrative actions within the cloud infrastructure, potentially resulting in severe operational downtime and reputational damage.
Remediation Plan
Immediate Action: Review the latest Oracle Critical Patch Update (CPU) advisory and apply the necessary patches to your Siebel CRM environment immediately.
Proactive Monitoring: Monitor system logs for unauthorized access attempts, unusual administrative activities, or anomalous traffic patterns targeting the Siebel Cloud Manager interface.
Compensating Controls: Implement strict network segmentation and utilize a Web Application Firewall (WAF) to filter malicious requests directed at the CRM infrastructure until a patch can be applied.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 18, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the high CVSS score, the potential for exploitation is significant, and rapid patching is required.
Analyst Recommendation
Given the high severity of this vulnerability, organizations should prioritize the identification of affected Siebel CRM instances. Apply the vendor-supplied security updates immediately to mitigate the risk of unauthorized access to critical business data.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager)
Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager)
---METADATA---
VENDOR: Oracle
PRODUCT: Siebel CRM
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A high-severity vulnerability within the Siebel Cloud Manager component of Oracle Siebel CRM may permit unauthorized access or manipulation of critical CRM functions.
Executive Summary:
The Oracle Siebel CRM Cloud Applications contain a high-severity vulnerability in the Siebel Cloud Manager that could lead to unauthorized system access and data exposure.
Vulnerability Details
CVE-ID: CVE-2026-46925
Affected Software: Oracle Siebel CRM
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability resides in the Siebel Cloud Manager component of the Oracle Siebel CRM suite. This component manages complex cloud deployments, and flaws here often involve improper authorization checks that could be exploited by an attacker with access to the management interface.
Business Impact
Successful exploitation could compromise the integrity and confidentiality of sensitive customer relationship data, leading to severe reputational and regulatory consequences. The CVSS score of 8.3 underscores the necessity of immediate attention, as CRM systems frequently hold the most sensitive client information within an organization.
Remediation Plan
Immediate Action: Prioritize the deployment of vendor-supplied security patches to all affected Siebel CRM Cloud Manager instances immediately upon availability.
Proactive Monitoring: Monitor system logs for anomalous administrative behavior or unauthorized configuration changes within the Siebel Cloud Manager environment.
Compensating Controls: Utilize a Web Application Firewall (WAF) to filter traffic and block suspicious requests targeting the management endpoints of the Siebel application.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 20, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the critical role of CRM platforms in business operations, this vulnerability presents a high risk to data privacy. Administrators should verify their current versions against the vendor’s advisory and ensure that access to the Siebel Cloud Manager is strictly controlled via multi-factor authentication and network-level restrictions.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager)
Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager)
---METADATA---
VENDOR: Oracle
PRODUCT: Siebel CRM
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A vulnerability in the Siebel Cloud Manager component of Oracle Siebel CRM could allow an attacker to disrupt or compromise cloud-based application management.
Executive Summary:
A high-severity flaw in the Oracle Siebel CRM Cloud Manager component presents a significant threat to the security and management of cloud-deployed instances.
Vulnerability Details
CVE-ID: CVE-2026-46921
Affected Software: Oracle Siebel CRM
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability exists in the Siebel Cloud Manager component. It potentially allows an attacker to exploit management functions, which may lead to unauthorized control over cloud application deployments.
Business Impact
A compromise of the Siebel Cloud Manager could allow an attacker to gain control over the deployment environment, leading to unauthorized access to cloud-based CRM data or the ability to disrupt service availability. A CVSS score of 8.8 confirms this is a critical threat to the security of cloud-hosted CRM infrastructure.
Remediation Plan
Immediate Action: Apply the latest Oracle security updates specifically addressing the Siebel Cloud Manager component.
Proactive Monitoring: Monitor the Siebel Cloud Manager interface for unauthorized login attempts or unusual configuration changes.
Compensating Controls: Ensure the Cloud Manager interface is not exposed to the public internet and require multi-factor authentication (MFA) for all administrative access.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 18, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Because this vulnerability affects the management layer of cloud-based CRM deployments, it must be addressed immediately. Administrators should apply the necessary patches and ensure that administrative access to the Cloud Manager is restricted to highly privileged, audited accounts.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle Process Manufacturing Product Development product of Oracle E-Business Suite (component: Quality Management Specs)
Vulnerability in the Oracle Process Manufacturing Product Development product of Oracle E-Business Suite (component: Quality Management Specs)
---METADATA---
VENDOR: Oracle
PRODUCT: E-Business Suite
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A vulnerability within the Quality Management Specs component of Oracle E-Business Suite could lead to unauthorized system impacts.
Executive Summary:
A critical vulnerability in the Oracle E-Business Suite Process Manufacturing module poses a significant risk to the integrity of production quality data.
Vulnerability Details
CVE-ID: CVE-2026-46916
Affected Software: Oracle E-Business Suite
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability affects the Quality Management Specs component within the Process Manufacturing product of Oracle E-Business Suite. It potentially allows for unauthorized access to sensitive quality management data or modification of system specifications.
Business Impact
Exploitation of this vulnerability could result in the compromise of manufacturing specifications and quality control data, leading to potential product defects or operational downtime. The CVSS score of 8.8 reflects the high risk posed to the operational integrity of the manufacturing process.
Remediation Plan
Immediate Action: Update the affected Oracle E-Business Suite instances to the latest version as specified in the vendor security advisory.
Proactive Monitoring: Review logs for unauthorized access to the Quality Management module and monitor for unexpected changes to product development specifications.
Compensating Controls: Enforce strict network access control lists (ACLs) to ensure only authorized production systems can communicate with the E-Business Suite Quality Management component.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 18, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the potential impact on manufacturing quality and operations, organizations should prioritize patching these systems. Security teams should also verify that internal access controls are strictly enforced to minimize the risk of unauthorized interaction with the Quality Management module.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Vulnerability in the Oracle Complex Maintenance, Repair and Overhaul product of Oracle E-Business Suite (component: Production)
Vulnerability in the Oracle Complex Maintenance, Repair and Overhaul product of Oracle E-Business Suite (component: Production)
---METADATA---
VENDOR: Oracle
PRODUCT: Complex Maintenance, Repair and Overhaul
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A vulnerability within the Production component of Oracle Complex Maintenance, Repair and Overhaul poses a risk to system integrity.
Executive Summary:
An unauthenticated attacker may exploit a vulnerability in Oracle Complex Maintenance, Repair and Overhaul to disrupt or compromise critical production data.
Vulnerability Details
CVE-ID: CVE-2026-46915
Affected Software: Oracle Complex Maintenance, Repair and Overhaul (E-Business Suite)
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability impacts the Production component of the Oracle E-Business Suite. It potentially allows an attacker to interact with the application in an unauthorized manner, threatening data integrity within maintenance and repair workflows.
Business Impact
A CVSS score of 8.5 highlights a high-risk vulnerability that could affect mission-critical supply chain and maintenance operations. Exploitation could lead to unauthorized access to production data, operational downtime, or the corruption of maintenance logs, resulting in severe business disruptions.
Remediation Plan
Immediate Action: Prioritize the application of the latest Oracle security updates for E-Business Suite and the specific affected modules.
Proactive Monitoring: Monitor database transaction logs and application access logs for irregular activity related to production workflows.
Compensating Controls: Implement strict access control lists (ACLs) for the application environment and utilize intrusion detection systems to monitor for suspicious application-layer requests.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 18, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Organizations running E-Business Suite must prioritize this patch to maintain the integrity of their production systems. Immediate action is required to prevent potential unauthorized access to critical maintenance operational data.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A use-after-free vulnerability in the CSS Parsing and Computation component of Mozilla browsers allows for potential remote code execution via specifi...
A use-after-free vulnerability in the CSS Parsing and Computation component of Mozilla browsers allows for potential remote code execution via specifically crafted web content.
---METADATA---
VENDOR: Mozilla
PRODUCT: Firefox and Thunderbird
AFFECTED_VERSIONS: Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9
---END_METADATA---
Description Summary:
A use-after-free vulnerability in the CSS Parsing and Computation component of Mozilla browsers allows for potential remote code execution via specifically crafted web content.
Executive Summary:
Mozilla Firefox and Thunderbird are vulnerable to a critical use-after-free flaw that could allow an attacker to execute arbitrary code on a user's system.
Vulnerability Details
CVE-ID: CVE-2026-4691
Affected Software: Mozilla Firefox and Thunderbird
Affected Versions: Firefox < 149, Firefox ESR < 115.34, Firefox ESR < 140.9, Thunderbird < 149, and Thunderbird < 140.9
Vulnerability: This is a use-after-free (UAF) vulnerability located within the CSS Parsing and Computation component. An unauthenticated attacker can trigger this memory corruption by inducing a user to process malicious CSS content, potentially leading to arbitrary code execution.
Business Impact
Exploitation of this vulnerability can result in full system compromise, as an attacker may gain the ability to execute code with the same privileges as the logged-in user. This poses a significant risk of data theft, malware installation, and unauthorized access to corporate resources. The CVSS score of 9.8 underscores the extreme severity and the low complexity required for a successful attack.
Remediation Plan
Immediate Action: Update all affected installations of Firefox and Thunderbird to the latest versions (149 or the relevant ESR/Thunderbird patches) immediately.
Proactive Monitoring: Security teams should monitor for unusual browser crashes or unexpected outbound network connections from client workstations.
Compensating Controls: Utilize endpoint detection and response (EDR) tools to identify and block common exploitation techniques, such as heap spraying or shellcode execution.
Exploitation Status
Public Exploit Available: No
Analyst Notes: As of Mar 24, 2026, there is no public information indicating active exploitation of this vulnerability. However, use-after-free vulnerabilities are frequently targeted by advanced threat actors for browser-based attacks.
Analyst Recommendation
Given the critical CVSS score of 9.8 and the potential for remote code execution, this vulnerability requires immediate attention. Organizations should prioritize the automated deployment of patches for all Mozilla-based applications to ensure client systems are protected against memory corruption exploits.
Update Unknown Multiple Products to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Business Logic Infrastructure Security)
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Business Logic Infrastructure Security)
---METADATA---
VENDOR: Oracle
PRODUCT: JD Edwards EnterpriseOne
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A security vulnerability in the Business Logic Infrastructure of Oracle JD Edwards EnterpriseOne Tools could allow for unauthorized system manipulation.
Executive Summary:
A high-severity vulnerability within the core business logic infrastructure of Oracle JD Edwards EnterpriseOne threatens the security of enterprise resource planning data.
Vulnerability Details
CVE-ID: CVE-2026-46903
Affected Software: Oracle JD Edwards EnterpriseOne
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This vulnerability affects the Business Logic Infrastructure Security component of JD Edwards EnterpriseOne Tools. It potentially allows an attacker to interact with core business logic, circumventing standard security protocols.
Business Impact
The Business Logic Infrastructure is the backbone of the ERP system; therefore, a compromise could lead to widespread unauthorized data access or the ability to execute unauthorized financial or operational transactions. The CVSS score of 8.8 highlights the critical urgency of securing this infrastructure against potential exploitation.
Remediation Plan
Immediate Action: Apply the vendor-provided security patches immediately to address the identified flaws in the Business Logic Infrastructure.
Proactive Monitoring: Monitor for unusual modifications to business logic configurations or unexpected administrative actions within the ERP environment.
Compensating Controls: Utilize database activity monitoring (DAM) to detect unauthorized queries or changes performed through the business logic layer.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 18, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Because this vulnerability targets the core infrastructure of the JD Edwards suite, it should be treated as a high-priority remediation task. Security teams must ensure that patching is combined with a thorough review of access logs to confirm no unauthorized modifications have occurred.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component
Sandbox escape due to incorrect boundary conditions, integer overflow in the XPCOM component
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
A critical vulnerability in the Core component of Oracle Enterprise Command Center Framework allows low-privileged attackers to perform unauthorized d...
A critical vulnerability in the Core component of Oracle Enterprise Command Center Framework allows low-privileged attackers to perform unauthorized data modifications and denial of service.
---METADATA---
VENDOR: Oracle
PRODUCT: Enterprise Command
AFFECTED_VERSIONS: V15 and V16
---END_METADATA---
Description Summary:
A critical vulnerability in the Core component of Oracle Enterprise Command Center Framework allows low-privileged attackers to perform unauthorized data modifications and denial of service.
Executive Summary:
A critical vulnerability in the Oracle Enterprise Command Center Framework (versions V15 and V16) allows low-privileged attackers to manipulate or delete critical data and trigger a denial of service.
Vulnerability Details
CVE-ID: CVE-2026-46897
Affected Software: Oracle Enterprise Command Center Framework
Affected Versions: V15 and V16
Vulnerability: This vulnerability in the Core component allows a low-privileged attacker with network access via HTTP to perform unauthorized creation, deletion, or modification of critical data. It also allows for partial denial of service (DoS) attacks.
Business Impact
The CVSS score of 9.9 underscores the high risk of this vulnerability. Beyond the potential for unauthorized data access and integrity loss, the ability for an attacker to initiate a partial DoS could severely disrupt business operations and the availability of critical command center functions.
Remediation Plan
Immediate Action: Apply the June 2026 Critical Security Patch Update to all affected V15 and V16 instances immediately.
Proactive Monitoring: Monitor system logs for unauthorized data modification events and unusual traffic spikes consistent with a partial DoS attack.
Compensating Controls: Utilize WAF configurations to block suspicious HTTP requests that may attempt to manipulate framework data or exhaust system resources.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of June 17, 2026, there is no public information indicating active exploitation of this vulnerability. However, the ability to modify critical data makes this a high-risk vulnerability that requires prompt attention.
Analyst Recommendation
To maintain the integrity and availability of the Enterprise Command Center Framework, administrators must apply the provided security patches without delay. Addressing this flaw is essential to preventing data corruption and operational disruption.
Update Oracle Enterprise Command to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
A critical vulnerability in the Core component of Oracle Enterprise Command Center Framework allows low-privileged attackers to achieve full platform...
A critical vulnerability in the Core component of Oracle Enterprise Command Center Framework allows low-privileged attackers to achieve full platform takeover via HTTP.
---METADATA---
VENDOR: Oracle
PRODUCT: Enterprise Command
AFFECTED_VERSIONS: V15 and V16
---END_METADATA---
Description Summary:
A critical vulnerability in the Core component of Oracle Enterprise Command Center Framework allows low-privileged attackers to achieve full platform takeover via HTTP.
Executive Summary:
A critical vulnerability in the Oracle Enterprise Command Center Framework (versions V15 and V16) permits low-privileged attackers to gain full control of the framework.
Vulnerability Details
CVE-ID: CVE-2026-46895
Affected Software: Oracle Enterprise Command Center Framework
Affected Versions: V15 and V16
Vulnerability: This vulnerability is located in the Core component of the framework. It allows an attacker with low-level privileges and network access to exploit the system via HTTP, leading to a complete takeover and potential impact on other integrated Oracle products.
Business Impact
With a CVSS score of 9.9, this flaw poses a severe threat. A takeover of the Command Center Framework allows attackers to exert control over critical operational data, leading to potential data exfiltration and total loss of system integrity.
Remediation Plan
Immediate Action: Update the Oracle Enterprise Command Center Framework to the latest version as outlined in the June 2026 Critical Security Patch Update.
Proactive Monitoring: Monitor HTTP request logs for anomalous patterns and unauthorized access attempts to the framework's core interfaces.
Compensating Controls: Deploy WAF rules to inspect and filter HTTP traffic targeting the framework and limit access to the interface to authorized internal networks.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of June 17, 2026, there is no public information indicating active exploitation of this vulnerability. However, the potential for high-impact exploitation warrants immediate mitigation.
Analyst Recommendation
Organizations must treat this as a high-priority update. Failure to patch the Enterprise Command Center Framework could result in total system compromise and unauthorized access to sensitive operational data.
Update Oracle Enterprise Command to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
A critical vulnerability in the E1 Foundation of Oracle JD Edwards EnterpriseOne allows low-privileged attackers to compromise the General Ledger via...
A critical vulnerability in the E1 Foundation of Oracle JD Edwards EnterpriseOne allows low-privileged attackers to compromise the General Ledger via SMB.
---METADATA---
VENDOR: Oracle
PRODUCT: JD Edwards
AFFECTED_VERSIONS: 9.2
---END_METADATA---
Description Summary:
A critical vulnerability in the E1 Foundation of Oracle JD Edwards EnterpriseOne allows low-privileged attackers to compromise the General Ledger via SMB.
Executive Summary:
A critical vulnerability in Oracle JD Edwards EnterpriseOne General Ledger version 9.2 allows low-privileged attackers to achieve full system takeover via SMB.
Vulnerability Details
CVE-ID: CVE-2026-46893
Affected Software: Oracle JD Edwards EnterpriseOne
Affected Versions: 9.2
Vulnerability: This easily exploitable vulnerability exists in the E1 Foundation component. It allows a low-privileged attacker with network access via SMB to compromise the General Ledger, with the potential for scope change to impact additional products.
Business Impact
The CVSS score of 9.9 signifies a critical risk to business-critical financial data. A successful takeover of the General Ledger module could lead to unauthorized modification of financial records, data theft, and significant compliance/regulatory repercussions.
Remediation Plan
Immediate Action: Patch the affected JD Edwards EnterpriseOne 9.2 instance using the June 2026 Critical Security Patch Update.
Proactive Monitoring: Review SMB traffic and log files for suspicious access patterns related to the E1 Foundation component.
Compensating Controls: Restrict SMB access to the JD Edwards environment to authorized, authenticated workstations only until the patch is applied.
Exploitation Status
Public Exploit Available: False
Analyst Notes: As of June 17, 2026, there is no public information indicating active exploitation of this vulnerability. Despite the lack of current exploit activity, the ease of access via SMB necessitates urgent attention.
Analyst Recommendation
The severity of this vulnerability necessitates immediate patching. Organizations should prioritize updating their JD Edwards EnterpriseOne environments to mitigate the risk of financial data compromise and system-wide takeover.
Update Oracle JD Edwards to the latest version. Check vendor security advisory for specific patch details. Monitor for exploitation attempts and review access logs.
Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Marketing)
Vulnerability in the Siebel Apps - Marketing product of Oracle Siebel CRM (component: Marketing)
---METADATA---
VENDOR: Oracle
PRODUCT: Siebel CRM
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A vulnerability in the Marketing component of Oracle Siebel CRM could potentially be leveraged by an attacker to compromise application integrity.
Executive Summary:
An unpatched vulnerability in Oracle Siebel CRM Marketing poses a high risk to the security and confidentiality of marketing data.
Vulnerability Details
CVE-ID: CVE-2026-46886
Affected Software: Oracle Siebel CRM
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: This issue affects the Marketing component of Oracle Siebel CRM. The vulnerability allows for potential exploitation of application logic, which may bypass intended security controls within the marketing module.
Business Impact
The compromise of the Marketing module could result in the unauthorized exposure of lead data, customer segments, or campaign strategies. With a CVSS score of 8.8, this vulnerability represents a substantial risk to organizational privacy and reputational integrity.
Remediation Plan
Immediate Action: Verify the current version of Siebel CRM and apply the latest security patches provided by Oracle.
Proactive Monitoring: Analyze application logs for unusual access patterns within the Marketing module or unauthorized attempts to export sensitive campaign data.
Compensating Controls: Restrict access to the Marketing module to specific IP addresses and enforce strict role-based access controls (RBAC) to limit the blast radius.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of June 18, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Given the high severity of this vulnerability, administrators should ensure that all Oracle security updates are applied without delay. Regular auditing of user permissions within the Marketing module is recommended to mitigate the risk of internal or external unauthorized access.
Apply vendor security updates immediately. Monitor for exploitation attempts and review access logs.
---METADATA---
VENDOR: LiteLLM
PRODUCT: LiteLLM
AFFECTED_VERSIONS: See vendor advisory for specific affected versions
---END_METADATA---
Description Summary:
A vulnerability in LiteLLM prior to version 1 allows for potential unauthorized actions or information disclosure within the platform.
Executive Summary:
A high-severity vulnerability in LiteLLM prior to version 1 necessitates an immediate upgrade to ensure the security and integrity of the application.
Vulnerability Details
CVE-ID: CVE-2026-47102
Affected Software: LiteLLM
Affected Versions: See vendor advisory for specific affected versions
Vulnerability: The vulnerability exists in versions of LiteLLM prior to 1. The specific nature of the flaw allows for potential exploitation by an attacker to bypass intended security controls, though the exact entry point depends on the specific deployment configuration.
Business Impact
Exploitation of this vulnerability could lead to the compromise of data handled by the LLM integration or unauthorized control over the platform's functions. With a CVSS score of 8.8, this represents a significant threat to business operations that rely on LiteLLM, requiring immediate mitigation.
Remediation Plan
Immediate Action: Upgrade all instances of LiteLLM to version 1 or the latest available secure version immediately.
Proactive Monitoring: Monitor application logs for unauthorized API requests or suspicious behavior originating from the LiteLLM integration.
Compensating Controls: Implement strict API key management and restrict access to the LiteLLM service to authorized internal networks only.
Exploitation Status
Public Exploit Available: false
Analyst Notes: As of May 22, 2026, there is no public information indicating active exploitation of this vulnerability. However, due to the nature of the flaw, the potential for exploitation is high.
Analyst Recommendation
Organizations utilizing LiteLLM should treat this as a high-priority update. Administrators must verify their current version and upgrade to version 1 or higher immediately to protect the application from potential exploitation.