25/06/2026

ZDI-26-387: Oracle PeopleSoft HttpListeningConnector Server-Side Request Forgery Vulnerability

This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Oracle PeopleSoft. Authentication is not required to exploit this vulnerability. The ZDI has assigned a CVSS rating of 9.3. The following CVEs are assigned: CVE-2026-35273.

Comments are closed.

You may also like

ZDI-25-1186: (0Day) FontForge GUtils SGI File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability

ZDI-25-1018: Arista NG Firewall load_capture_settings Exposed Dangerous Function Information Disclosure Vulnerability