Threat Intelligence Database

CVE-2026-46848 is a high-severity vulnerability in Oracle WebLogic Server versions 14.1.2.0.0 and 15.1.1.0.0. It allows a low privileged attacker with logon access to the infrastructure hosting WebLogic Server to compromise the server. Exploitation requires human interaction from a user other than the attacker. Successful exploitation can lead to unauthorized creation, deletion, or modification of critical data accessible by WebLogic Server, impacting confidentiality and integrity. The vulnerability also has a scope change, potentially affecting additional products beyond WebLogic Server. The CVSS 3.1 base score is 7.9, reflecting high confidentiality and integrity impacts with no availability impact.

CVE-2026-35311 is a high-severity vulnerability in Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.2.0.0. It allows a low privileged attacker with network access via HTTP to compromise the server, potentially leading to full takeover. The vulnerability impacts confidentiality, integrity, and availability with a CVSS 3.1 base score of 8.8. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update, which contains numerous security fixes across multiple products. Oracle strongly recommends applying the provided patches promptly to mitigate the risk. Until patches are applied, risk reduction may be possible by blocking required network protocols or removing unnecessary privileges, though these may affect functionality.

CVE-2026-35303 is a high-severity vulnerability in Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0 affecting the Console component. It allows a low privileged attacker with network access via HTTP to compromise the server, potentially leading to full takeover. The vulnerability has a CVSS 3.1 base score of 8.8, indicating high impact on confidentiality, integrity, and availability. Oracle has included this vulnerability in its June 2026 Critical Security Patch Update, which provides patches addressing this and other vulnerabilities. Oracle strongly recommends applying these patches promptly to mitigate the risk. Until patches are applied, risk reduction may be possible by blocking required network protocols or removing unnecessary privileges, though these may impact functionality.

CVE-2026-35302 is a high-severity vulnerability in Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0 affecting the Console component. It allows an unauthenticated attacker with network access via HTTP to potentially take over the WebLogic Server. Exploitation is difficult and requires human interaction from a third party. The vulnerability impacts confidentiality, integrity, and availability, and may affect additional products beyond WebLogic Server due to scope change. Oracle has released a Critical Security Patch Update addressing this and many other vulnerabilities. Customers are strongly advised to apply the available patches promptly to mitigate risk.

CVE-2026-35301 is a critical vulnerability in Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0. It allows an unauthenticated attacker with network access via HTTP to fully compromise the WebLogic Server, potentially leading to complete takeover. The vulnerability affects the Console component and has a CVSS 3.1 base score of 10.0, indicating high impact on confidentiality, integrity, and availability. Oracle has released a Critical Security Patch Update addressing this and many other vulnerabilities. Customers are strongly advised to apply the patches promptly to mitigate risk. Until patched, risk reduction may be possible by blocking required network protocols or restricting privileges, though these may impact functionality. No known exploits in the wild have been reported at this time.

CVE-2026-35300 is a critical vulnerability in Oracle WebLogic Server that allows an unauthenticated attacker with network access via TCP to fully compromise the server. The affected versions include 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0. The vulnerability has a CVSS 3.1 base score of 9.8, indicating high impact on confidentiality, integrity, and availability. Oracle has released a Critical Security Patch Update in June 2026 addressing this and many other vulnerabilities. Customers are strongly advised to apply the security patches promptly to mitigate the risk. Until patches are applied, risk reduction may be possible by blocking required network protocols or restricting privileges, though these may affect functionality.

CVE-2026-35299 is a high-severity vulnerability in Oracle WebLogic Server versions 12.2.1.4.0 and 14.1.1.0.0 affecting the Console component. It allows a low privileged attacker with network access via HTTP to compromise the server, potentially leading to full takeover. The vulnerability has a CVSS 3.1 base score of 8.8, indicating high impact on confidentiality, integrity, and availability. Oracle has released a Critical Security Patch Update in June 2026 addressing this and many other vulnerabilities. Customers are strongly advised to apply the security patches promptly to mitigate risk. Until patches are applied, risk reduction may be possible by blocking required network protocols or removing unnecessary privileges, though these may impact functionality.

CVE-2026-35298 is a critical vulnerability in Oracle WebLogic Server affecting versions 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0, and 15.1.1.0.0. It allows a high privileged attacker with network access via HTTP to compromise the server, potentially leading to full takeover. The vulnerability impacts confidentiality, integrity, and availability, with a CVSS 3.1 base score of 9.1. Oracle has released a Critical Security Patch Update in June 2026 addressing this and many other vulnerabilities. Customers are strongly advised to apply these patches promptly. Until patched, risk can be mitigated by blocking required network protocols or restricting privileges, though these may affect functionality.

CVE-2026-35292 is a critical vulnerability in Oracle WebLogic Server affecting versions 14.1.2.0.0 and 15.1.1.0.0. It allows an unauthenticated attacker with network access via HTTP to fully compromise the WebLogic Server, potentially leading to complete takeover. The vulnerability impacts confidentiality, integrity, and availability with a CVSS score of 10.0. Oracle has published a Critical Security Patch Update advisory recommending immediate patching. No explicit patch version is stated in the provided data, but Oracle strongly urges applying the June 2026 Critical Security Patch Update. Until patched, risk can be mitigated by blocking required network protocols or restricting privileges, though these may affect functionality.

CVE-2026-35291 is a vulnerability in Oracle WebLogic Server versions 14.1.2.0.0 and 15.1.1.0.0 affecting the Console component. It allows a high privileged attacker with network access via HTTP to potentially compromise and take over the WebLogic Server. The vulnerability is rated medium severity with a CVSS 3.1 base score of 6.6, impacting confidentiality, integrity, and availability. Oracle has released a Critical Security Patch Update in June 2026 addressing this and many other vulnerabilities. Customers are strongly advised to apply the available patches promptly to mitigate the risk. Until patches are applied, risk may be reduced by blocking required network protocols or restricting privileges, though these may affect functionality.