PoC Week 2026-07-06
The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count.
For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. I don’t vouch for any links in this list: follow them with caution.
CVE-2026-46817 NEW
- Severity: 9.8 CRITICAL
- Impacted Products: Oracle Payments 12.2.3 through 12.2.15
- Description: Oracle Payments, a component of Oracle E-Business Suite, is affected by a vulnerability in its File Transmission component that allows an unauthenticated remote attacker to take full control of the application. This flaw stems from missing authentication controls and improper privilege management when processing requests over HTTP.
- Remediation:
- More Info: NVD - CVE-2026-46817
- PoC:
CVE-2026-8451 NEW
- Severity: 9.4 CRITICAL
- Impacted Products: NetScaler ADC, NetScaler Gateway
- Description: Insufficient input validation in NetScaler ADC and NetScaler Gateway leading to memory overread if NetScaler ADC or NetScaler Gateway is configured as a SAML IDP
- Remediation: Follow vendor security advisories and apply the latest patches. Review affected systems and prioritize patching based on exploitability and business impact.
- More Info: NVD - CVE-2026-8451
- PoC:
CVE-2026-35273
- Severity: 9.8 CRITICAL
- Impacted Products: Oracle PeopleSoft Enterprise PeopleTools 8.61, Oracle PeopleSoft Enterprise PeopleTools 8.62
- Description: Oracle PeopleSoft Enterprise PeopleTools is affected by a missing authentication vulnerability in the Updates Environment Management component that allows for remote code execution. This flaw enables an unauthenticated attacker to gain full control over the PeopleSoft environment via network access over HTTP.
- Remediation:
- More Info: NVD - CVE-2026-35273
- PoC:
References
This list was scraped from the quite amazing and highly recommended newsletters below:
Thanks for reading! For corrections, omissions (e.g. newsletter recs) feel free to get in touch.