CISA Flags Actively Exploited Oracle E-Business Suite Vulnerability
An improper privilege management flaw in Oracle E-Business Suite is being actively exploited, potentially allowing unauthorized access to Oracle Payments.
CISA has added CVE-2026-46817 to its Known Exploited Vulnerabilities catalog after confirming the flaw is being used in real-world attacks. The vulnerability exists within Oracle E-Business Suite due to improper privilege management, which allows an unauthenticated attacker with network access via HTTP to compromise Oracle Payments.
Successful exploitation of this flaw can result in a complete takeover of Oracle Payments. The vulnerability is tied to weakness types CWE-269, CWE-287, and CWE-306.
Federal agencies are required to apply vendor-provided mitigations by July 18, 2026, in accordance with CISA’s BOD 26-04. Organizations should evaluate their assets for internet exposure and follow all relevant patching and forensics triage guidance provided by CISA.
Continue Reading
23andMe Settles Data Privacy Claims
A multi-state settlement highlights the massive fallout from a 2023 breach that exposed sensitive genetic data for millions of customers.
LegacyHive: A New Windows Zero-Day
A persistent security researcher has unveiled a local privilege escalation bug for Windows 11, raising questions about severity.
Critical SSRF Vulnerability Discovered in stoatchat Versions Below 0.13.5
A critical server-side request forgery vulnerability in stoatchat allows unauthenticated attackers to access internal network infrastructure.