Security Vulnerabilities
Vulnerability in the WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise WebLogic Server. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in WebLogic Server, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all WebLogic Server accessible data as well as unauthorized access to critical data or complete access to all WebLogic Server accessible data. CVSS 3.1 Base Score 8.7 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N).
CVSS Score
8.7
EPSS Score
0.003
Published
2026-06-17
Improper access control in PAM account discovery results in Devolutions
Server 2026.2.5, 2026.1.21 allows an authenticated user to retrieve
account discovery scan results.
CVSS Score
4.3
EPSS Score
0.002
Published
2026-06-16
Improper access control in Devolutions Server 2026.2.5, 2026.1.21 allows
an authenticated user to access attachments via folder duplication with
inherited permissions.
CVSS Score
6.5
EPSS Score
0.002
Published
2026-06-16
Improper access control in the social login connection endpoint in
Devolutions Server 2026.2.5 allows an authenticated vault member to
enumerate social login entry metadata to which they are not authorized
via a crafted API request.
CVSS Score
4.3
EPSS Score
0.002
Published
2026-06-16
In Modem, there is a possible way to trigger a modem crash during a SIP REFER request due to memory corruption. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
8.8
EPSS Score
0.002
Published
2026-06-16
In ImsMediaBitReader::ReadByteBuffer, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
4.3
EPSS Score
0.002
Published
2026-06-16
In RtcpHeader::decodeRtcpHeader, there is a possible OOB read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
4.3
EPSS Score
0.002
Published
2026-06-16
In Camera, there is a possible unauthorized way to access photos due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
3.3
EPSS Score
0.001
Published
2026-06-16
In TextRtpPayloadDecoderNode::DecodeT140 of TextRtpPayloadDecoderNode.cpp, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
8.8
EPSS Score
0.002
Published
2026-06-16
In numberOfReportBlocks of RtpSession.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVSS Score
8.8
EPSS Score
0.002
Published
2026-06-16