Threat Intelligence Database

CVE-2026-46813 is a critical vulnerability in Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0. It allows an unauthenticated attacker with network access via HTTP to fully compromise the product, potentially leading to complete takeover. The vulnerability has a CVSS 3.1 base score of 9.8, indicating high impact on confidentiality, integrity, and availability. Oracle has released a Critical Security Patch Update in June 2026 addressing this and many other vulnerabilities. Customers are strongly advised to apply the available patches promptly to mitigate the risk. Until patches are applied, risk reduction may be possible by blocking required network protocols or removing unnecessary privileges, though these may impact functionality.

CVE-2026-46805 is a critical vulnerability in Oracle WebCenter Content 14.1.2.0.0 that allows an unauthenticated attacker with network access via HTTP to compromise the product. Exploitation requires user interaction from a person other than the attacker. Successful exploitation can lead to unauthorized creation, deletion, or modification of critical data within Oracle WebCenter Content, potentially impacting additional Oracle products. The vulnerability has a CVSS 3.1 base score of 9.3, indicating high confidentiality and integrity impacts. Oracle has acknowledged the vulnerability in their June 2026 Critical Security Patch Update advisory but has not explicitly confirmed patch availability for this specific version. Oracle strongly recommends applying security patches promptly and following mitigation guidance to reduce risk until patches are applied.

CVE-2026-46785 is a critical vulnerability in Oracle WebCenter Content version 14.1.2.0.0 that allows an unauthenticated attacker with network access via HTTP to compromise the product. Exploitation requires user interaction from someone other than the attacker. Successful exploitation can lead to unauthorized creation, deletion, or modification of critical data, impacting the confidentiality and integrity of all accessible data within Oracle WebCenter Content. The vulnerability also has a scope change, potentially affecting additional Oracle products. The CVSS 3.1 base score is 9.3, indicating a critical severity level.

CVE-2026-35327 is a high-severity vulnerability in Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0. It allows a low privileged attacker with network access via HTTPS to compromise the product, requiring user interaction from a third party. Exploitation can lead to unauthorized access to critical data and unauthorized modification of some data. The vulnerability also has scope to impact additional Oracle products. Oracle has released a Critical Security Patch Update addressing this and strongly recommends applying patches promptly.

CVE-2026-35325 is a high-severity vulnerability in Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0. It allows a low privileged attacker with network access via HTTP to compromise the product, potentially leading to full takeover. The vulnerability impacts confidentiality, integrity, and availability with a CVSS score of 8.8. Oracle has released a Critical Security Patch Update in June 2026 addressing this and many other vulnerabilities. Customers are strongly advised to apply the provided patches promptly. Until patches are applied, risk can be reduced by blocking required network protocols and restricting privileges, though these may affect functionality.

CVE-2026-35322 is a high-severity vulnerability in Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0. It allows a low privileged attacker with network access via HTTP to compromise the product, potentially leading to full takeover. The vulnerability impacts confidentiality, integrity, and availability with a CVSS 3.1 base score of 8.8. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update advisory. Customers are strongly advised to apply the provided security patches promptly to mitigate the risk. Until patches are applied, risk reduction may be possible by blocking required network protocols or limiting user privileges, though these may affect functionality.

CVE-2026-35317 is a high-severity vulnerability in Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0. It allows a low privileged attacker with network access via HTTP to compromise the product, potentially leading to full takeover. The vulnerability has a CVSS 3.1 base score of 8.8, indicating high impact on confidentiality, integrity, and availability. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update (CSPU). Customers are strongly advised to apply the provided patches promptly. Until patched, risk may be mitigated by blocking required network protocols or restricting privileges, though these may impact functionality.

CVE-2026-35315 is a high-severity vulnerability in Oracle WebCenter Content versions 12.2.1.4.0 and 14.1.2.0.0. It allows a low privileged attacker with network access via HTTP to compromise the product, potentially leading to full takeover. The vulnerability impacts confidentiality, integrity, and availability with a CVSS 3.1 base score of 8.8. Oracle has acknowledged the issue in their June 2026 Critical Security Patch Update advisory and strongly recommends applying the provided patches promptly. Workarounds include blocking required network protocols or removing unnecessary privileges, but these may affect functionality. No explicit patch links or remediation levels were provided in the input, so users should consult the Oracle advisory for patch availability and installation instructions.