Threat Intelligence Database

CVE-2026-46808 is a high-severity vulnerability in Oracle WebCenter Content 14.1.2.0.0 that allows a low privileged attacker with network access via HTTP to compromise the product. Exploitation requires user interaction by a person other than the attacker and can lead to unauthorized creation, deletion, or modification of critical data. The vulnerability also has scope change implications, potentially impacting additional Oracle products. The CVSS 3.1 base score is 8.7, reflecting high confidentiality and integrity impacts. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update advisory but has not explicitly stated the availability of a patch for this specific version. Oracle strongly recommends applying the Critical Security Patch Update patches promptly to mitigate the risk. Until patches are applied, risk reduction may be possible by blocking required network protocols or restricting privileges, though these may affect functionality.

CVE-2026-46806 is a high-severity vulnerability in Oracle WebCenter Content 14.1.2.0.0 that allows an unauthenticated attacker with network access via HTTPS to compromise the product. Exploitation requires user interaction by a person other than the attacker and can lead to unauthorized access to critical data or complete access to all Oracle WebCenter Content accessible data. The vulnerability also allows unauthorized modification (update, insert, delete) of some accessible data. The vulnerability has a CVSS 3.1 base score of 8.2, reflecting high confidentiality impact and limited integrity impact. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update advisory but has not explicitly stated patch availability or a direct fix for this specific CVE in the advisory content provided. Oracle strongly recommends applying the June 2026 Critical Security Patch Update to mitigate this and other vulnerabilities.

CVE-2026-46804 is a high-severity vulnerability in Oracle WebCenter Content 14.1.2.0.0 that allows a low privileged attacker with network access via HTTP to compromise the product. Exploitation requires user interaction from a person other than the attacker. Successful exploitation can lead to unauthorized creation, deletion, or modification of critical data, impacting confidentiality and integrity. The vulnerability has a CVSS 3.1 base score of 8.7. Oracle has published a Critical Security Patch Update advisory recommending prompt patching and mitigation measures to reduce risk until patches are applied.

CVE-2026-46795 is a critical vulnerability in Oracle WebCenter Content 14.1.2.0.0 that allows an unauthenticated attacker with network access via HTTP to compromise the system. Exploitation requires user interaction from someone other than the attacker. Successful exploitation can lead to unauthorized creation, deletion, or modification of critical data, impacting confidentiality and integrity with a CVSS score of 9.3. The vulnerability also has scope to affect additional Oracle products. Oracle has published a Critical Security Patch Update advisory recommending prompt application of security patches to mitigate this and other vulnerabilities.

CVE-2026-46791 is a high-severity vulnerability in Oracle WebCenter Content 14.1.2.0.0 that allows an unauthenticated attacker with network access via HTTP to gain unauthorized access to critical or all accessible data within the product. The vulnerability has a CVSS 3.1 base score of 7.5, indicating a significant confidentiality impact without requiring privileges or user interaction. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update advisory, which addresses multiple vulnerabilities across various products. Customers are strongly advised to apply the relevant security patches promptly to mitigate this risk.

CVE-2026-46790 is a medium severity vulnerability in Oracle WebCenter Content 14.1.2.0.0 that allows an unauthenticated attacker with network access via HTTP to gain unauthorized read access to some accessible data. The vulnerability affects Oracle WebCenter Content, part of Oracle Fusion Middleware. The CVSS 3.1 base score is 5.3, reflecting a confidentiality impact without integrity or availability effects. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update advisory but has not explicitly stated a specific patch or fix for this version in the advisory content provided. Oracle strongly recommends applying Critical Security Patch Updates promptly to mitigate such vulnerabilities. Until patches are applied, risk reduction may be possible by blocking required network protocols or limiting privileges, though these may impact functionality.

CVE-2026-46789 is a critical vulnerability in Oracle WebCenter Content 14.1.2.0.0 that allows an unauthenticated attacker with network access via HTTP to compromise the product. Exploitation requires human interaction from a person other than the attacker and can lead to full takeover of Oracle WebCenter Content. The vulnerability has a CVSS 3.1 base score of 9.6, indicating high impact on confidentiality, integrity, and availability. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update, which contains multiple security fixes across many products. Customers are strongly advised to apply the provided patches promptly to mitigate the risk. Until patches are applied, risk reduction may be possible by blocking required network protocols or limiting privileges, though these may impact functionality.

CVE-2026-46788 is a high-severity vulnerability in Oracle WebCenter Content version 14.1.2.0.0. It allows a high privileged attacker with network access via HTTP to compromise the product. Exploitation requires human interaction from a user other than the attacker and can lead to full takeover of Oracle WebCenter Content. The vulnerability also has potential to impact additional Oracle products due to scope change. The CVSS 3.1 base score is 8.4, indicating high confidentiality, integrity, and availability impacts. Oracle has published a Critical Security Patch Update advisory recommending prompt patching. No specific patch version is explicitly stated for this vulnerability in the advisory, but customers are urged to apply the June 2026 Critical Security Patch Update without delay.

CVE-2026-46787 is a high-severity vulnerability in Oracle WebCenter Content 14.1.2.0.0 that allows an unauthenticated attacker with network access via HTTP to compromise the product. Exploitation is difficult and requires human interaction from a user other than the attacker. Successful exploitation can lead to unauthorized creation, deletion, or modification of critical data, impacting confidentiality and integrity. The vulnerability also has scope to affect additional Oracle products. Oracle has published a Critical Security Patch Update advisory recommending prompt patching to mitigate this and other vulnerabilities.

CVE-2026-46786 is a critical vulnerability in Oracle WebCenter Content 14.1.2.0.0 that allows an unauthenticated attacker with network access via HTTP to compromise the product. Exploitation requires user interaction from someone other than the attacker and can lead to full takeover of Oracle WebCenter Content. The vulnerability has a CVSS 3.1 base score of 9.6, indicating high impact on confidentiality, integrity, and availability. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update, which contains multiple patches across various products. Customers are strongly advised to apply the security patches promptly to mitigate the risk. Until patches are applied, risk can be reduced by blocking required network protocols or limiting privileges, though these may impact functionality.