Oracle PeopleSoft SSRF Flaw Requires No Auth, Scores 9.3 CVSS

A server-side request forgery vulnerability in Oracle PeopleSoft's HttpListeningConnector can be exploited by unauthenticated remote attackers and chained with other bugs to achieve code execution.

by Robbie · 43 minutes ago · 1 source

Published

Critical · 72h

AI-security · 72h

Vulnerabilities · 72h

Guides

Wiring OpenAI Codex into Claude Code in Git Bash for Cross-Model…

Guides

Multi-Agent Workflows: Orchestrating Specialized AI Agents

LATEST BRIEFINGS

VIEW ALL →

AI Security

Oracle PeopleSoft SSRF Flaw Requires No Auth, Scores 9.3 CVSS

Wiring OpenAI Codex into Claude Code in Git Bash for Cross-Model…

Multi-Agent Workflows: Orchestrating Specialized AI Agents

LATEST BRIEFINGS

Google Expands SynthID and C2PA Tools to Flag AI-Generated Content

Google DeepMind RCT Finds AI Tutoring Adds Up to 2.5 Years of Math Progress

Google DeepMind Releases Gemma 4 12B, an Encoder-Free Multimodal Model

Google DeepMind Launches Gemini 3.5 Live Translate Across 70+ Languages

Google DeepMind Launches $10M Multi-Agent AI Safety Research Fund

Google DeepMind Publishes AI Control Roadmap to Contain Misaligned Agents

Google AMIE Medical AI Matches Physicians in Disease Management Study

ATEN Unizon Directory Traversal Flaw Exposes Files to Unauthenticated Attackers

Oracle PeopleSoft RCE Flaw Allows Auth Bypass via Deserialization

X.Org Server Out-Of-Bounds Read Leaks Sensitive Data to Local Attackers

Quest NetVault Backup XSS Flaw Enables Authentication Bypass

ATEN Unizon Flaw Allows Remote Code Execution via Broken Signature Check

THE 0600 BRIEF