VDB

GCVE-110-NCSC-2026-127

GCVE-110-NCSC-2026-127
Advisory PublishedCVSS 5.4/10
Vulnetix · Advisory published April 22, 2026
A vulnerability in Oracle PeopleSoft Enterprise HCM Shared Components 9.2 allows a low-privileged attacker with network access and user interaction to gain unauthorized read and write access, with a CVSS 3.1 score of 5.4.

Weaknesses (CWE)

CWE-835Loop with Unreachable Exit Condition ('Infinite Loop')CWE-567Unsynchronized Access to Shared Data in a Multithreaded ContextCWE-787Out-of-bounds WriteCWE-476NULL Pointer DereferenceCWE-770Allocation of Resources Without Limits or ThrottlingCWE-297Improper Validation of Certificate with Host Mismatch

Risk Scores

CVSS 3.1
5.4/10
Medium · CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Affected Products

VendorProductVersionsPlatforms
Oracle Corporationvers:unknown/*
Oraclevers:unknown/*

References

advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory
advisory

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›