Skip to main content

Application Express

44 CVEs product

Monthly

CVE-2025-21557 MEDIUM This Month

Vulnerability in Oracle Application Express (component: General). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Application Express
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-21261 MEDIUM This Month

Vulnerability in Oracle Application Express (component: General). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Oracle Application Express
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2023-21983 MEDIUM PATCH This Month

Vulnerability in the Application Express Administration product of Oracle Application Express (component: None). Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required.

Oracle Denial Of Service Application Express
NVD
CVSS 3.1
5.6
EPSS
0.3%
CVE-2023-21975 CRITICAL PATCH Act Now

Vulnerability in the Application Express Customers Plugin product of Oracle Application Express (component: User Account). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Oracle Information Disclosure Application Express
NVD
CVSS 3.1
9.0
EPSS
0.5%
CVE-2023-21974 CRITICAL PATCH Act Now

Vulnerability in the Application Express Team Calendar Plugin product of Oracle Application Express (component: User Account). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Oracle Information Disclosure Application Express
NVD
CVSS 3.1
9.0
EPSS
0.5%
CVE-2022-24729 LIB HIGH PATCH This Week

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Ckeditor Drupal Application Express Commerce Merchandising +5
NVD GitHub
CVSS 3.1
7.5
EPSS
2.4%
CVE-2022-24728 LIB MEDIUM PATCH This Month

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor Drupal Application Express Commerce Merchandising +5
NVD GitHub
CVSS 3.1
5.4
EPSS
1.2%
CVE-2021-41165 LIB MEDIUM PATCH This Month

CKEditor4 is an open source WYSIWYG HTML editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor Drupal Agile Product Lifecycle Management Application Express +5
NVD GitHub
CVSS 3.1
5.4
EPSS
1.5%
CVE-2021-41164 npm MEDIUM PATCH This Month

CKEditor4 is an open source WYSIWYG HTML editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor Drupal Banking Apis Banking Digital Experience +6
NVD GitHub
CVSS 3.1
5.4
EPSS
1.3%
CVE-2021-41184 LIB MEDIUM PATCH This Month

jQuery-UI is the official jQuery user interface library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jquery Ui Fedora H300s Firmware H500s Firmware +23
NVD GitHub
CVSS 3.1
6.1
EPSS
44.5%
CVE-2021-41183 LIB MEDIUM POC PATCH This Month

jQuery-UI is the official jQuery user interface library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Ui Fedora H300s Firmware H500s Firmware +24
NVD GitHub
CVSS 3.1
6.1
EPSS
7.9%
CVE-2021-41182 LIB MEDIUM POC PATCH THREAT This Month

jQuery-UI is the official jQuery user interface library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Ui Fedora H500s Firmware H700s Firmware +25
NVD GitHub
CVSS 3.1
6.1
EPSS
42.2%
CVE-2021-37695 npm MEDIUM PATCH This Month

ckeditor is an open source WYSIWYG HTML editor with rich content support. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor Debian Linux Fedora Application Express +8
NVD GitHub
CVSS 3.1
5.4
EPSS
1.3%
CVE-2021-32809 npm MEDIUM PATCH This Month

ckeditor is an open source WYSIWYG HTML editor with rich content support. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Ckeditor Fedora Application Express +7
NVD GitHub
CVSS 3.1
5.4
EPSS
1.2%
CVE-2021-32808 npm MEDIUM PATCH This Month

ckeditor is an open source WYSIWYG HTML editor with rich content support. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor Fedora Application Express Banking Party Management +9
NVD GitHub
CVSS 3.1
5.4
EPSS
1.2%
CVE-2021-2460 MEDIUM This Month

Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Application Express
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-32723 npm MEDIUM PATCH This Month

Prism is a syntax highlighting library. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Prism Application Express
NVD GitHub
CVSS 3.1
6.5
EPSS
1.4%
CVE-2021-26272 npm MEDIUM PATCH This Month

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ckeditor Agile Plm Application Express Banking Party Management +6
NVD GitHub
CVSS 3.1
6.5
EPSS
2.2%
CVE-2021-26271 npm MEDIUM PATCH This Month

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ckeditor Agile Plm Application Express Financial Services Analytical Applications Infrastructure +3
NVD GitHub
CVSS 3.1
6.5
EPSS
2.0%
CVE-2020-27193 npm MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Ckeditor Agile Plm Application Express Banking Party Management +5
NVD
CVSS 3.1
6.1
EPSS
2.0%
CVE-2020-7760 npm HIGH POC PATCH This Week

This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache Denial Of Service Codemirror Application Express Enterprise Manager Express User Interface +3
NVD GitHub
CVSS 3.1
7.5
EPSS
5.2%
CVE-2020-14900 MEDIUM This Month

Vulnerability in the Oracle Application Express Group Calendar component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Application Express
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-14899 MEDIUM This Month

Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Application Express
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-14898 MEDIUM This Month

Vulnerability in the Oracle Application Express Packaged Apps component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Application Express
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-14763 MEDIUM This Month

Vulnerability in the Oracle Application Express Quick Poll component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Application Express
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-14762 MEDIUM PATCH This Month

Vulnerability in the Oracle Application Express component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Application Express
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-26870 npm MEDIUM POC PATCH This Month

Cure53 DOMPurify before 2.0.17 allows mutation XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Dompurify Debian Linux Visual Studio 2017 Visual Studio 2019 +1
NVD GitHub
CVSS 3.1
6.1
EPSS
4.9%
CVE-2020-2977 MEDIUM PATCH This Month

Vulnerability in the Oracle Application Express component of Oracle Database Server. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Application Express
NVD
CVSS 3.1
4.6
EPSS
0.7%
CVE-2020-2976 MEDIUM PATCH This Month

Vulnerability in the Oracle Application Express component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Application Express
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-2975 MEDIUM PATCH This Month

Vulnerability in the Oracle Application Express component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Application Express
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-2974 MEDIUM PATCH This Month

Vulnerability in the Oracle Application Express component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Application Express
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-2973 MEDIUM PATCH This Month

Vulnerability in the Oracle Application Express component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Application Express
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-2972 MEDIUM PATCH This Month

Vulnerability in the Oracle Application Express component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Oracle Application Express
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-2971 MEDIUM PATCH This Month

Vulnerability in the Oracle Application Express component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Application Express
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-2513 MEDIUM PATCH This Month

Vulnerability in the Oracle Application Express component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Oracle Application Express
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-11023 LIB MEDIUM POC KEV PATCH THREAT This Month

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Debian Linux Fedora Drupal +48
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
83.8%
CVE-2020-2514 MEDIUM This Month

Vulnerability in the Oracle Application Express component of Oracle Database Server. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Application Express
NVD
CVSS 3.1
4.6
EPSS
0.7%
CVE-2020-9281 npm MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Ckeditor Fedora Drupal Agile Plm +7
NVD GitHub
CVSS 3.1
6.1
EPSS
4.3%
CVE-2019-10219 Maven MEDIUM POC PATCH This Month

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hibernate Validator Fuse Jboss Data Grid Jboss Enterprise Application Platform +184
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2019-11358 LIB MEDIUM POC PATCH THREAT This Month

{}, ...) because of Object.prototype pollution. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Jquery Debian Linux Drupal +102
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
87.2%
CVE-2018-2699 MEDIUM PATCH This Month

Vulnerability in the Application Express component of Oracle Database Server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Application Express
NVD
CVSS 3.0
6.1
EPSS
1.1%
CVE-2016-7103 LIB MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Ui Application Express Business Intelligence Hospitality Cruise Fleet Management +9
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2016-3467 MEDIUM PATCH This Month

Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect availability via unknown vectors. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oracle Application Express
NVD
CVSS 3.0
5.8
EPSS
1.0%
CVE-2016-3448 MEDIUM PATCH This Month

Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect confidentiality and integrity via unknown vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oracle Application Express
NVD
CVSS 3.0
6.1
EPSS
0.3%
EPSS 0% CVSS 5.4
MEDIUM This Month

Vulnerability in Oracle Application Express (component: General). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Oracle Application Express
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Vulnerability in Oracle Application Express (component: General). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable. No vendor patch available.

Authentication Bypass Oracle Application Express
NVD
EPSS 0% CVSS 5.6
MEDIUM PATCH This Month

Vulnerability in the Application Express Administration product of Oracle Application Express (component: None). Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required.

Oracle Denial Of Service Application Express
NVD
EPSS 1% CVSS 9.0
CRITICAL PATCH Act Now

Vulnerability in the Application Express Customers Plugin product of Oracle Application Express (component: User Account). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Oracle Information Disclosure Application Express
NVD
EPSS 1% CVSS 9.0
CRITICAL PATCH Act Now

Vulnerability in the Application Express Team Calendar Plugin product of Oracle Application Express (component: User Account). Rated critical severity (CVSS 9.0), this vulnerability is remotely exploitable, low attack complexity.

Oracle Information Disclosure Application Express
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Ckeditor Drupal +7
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor Drupal +7
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

CKEditor4 is an open source WYSIWYG HTML editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor Drupal +7
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

CKEditor4 is an open source WYSIWYG HTML editor. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor Drupal +8
NVD GitHub
EPSS 45% CVSS 6.1
MEDIUM PATCH This Month

jQuery-UI is the official jQuery user interface library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Jquery Ui Fedora +25
NVD GitHub
EPSS 8% CVSS 6.1
MEDIUM POC PATCH This Month

jQuery-UI is the official jQuery user interface library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Ui Fedora +26
NVD GitHub
EPSS 42% CVSS 6.1
MEDIUM POC PATCH THREAT This Month

jQuery-UI is the official jQuery user interface library. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Ui Fedora +27
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

ckeditor is an open source WYSIWYG HTML editor with rich content support. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor Debian Linux +10
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

ckeditor is an open source WYSIWYG HTML editor with rich content support. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

RCE Code Injection Ckeditor +9
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

ckeditor is an open source WYSIWYG HTML editor with rich content support. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Ckeditor Fedora +11
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM This Month

Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Application Express
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

Prism is a syntax highlighting library. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Prism Application Express
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ckeditor Agile Plm +8
NVD GitHub
EPSS 2% CVSS 6.5
MEDIUM PATCH This Month

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Ckeditor Agile Plm +5
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Ckeditor Agile Plm +7
NVD
EPSS 5% CVSS 7.5
HIGH POC PATCH This Week

This affects the package codemirror before 5.58.2; the package org.apache.marmotta.webjars:codemirror before 5.58.2. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Apache Denial Of Service Codemirror +5
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM This Month

Vulnerability in the Oracle Application Express Group Calendar component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Application Express
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Vulnerability in the Oracle Application Express Data Reporter component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Application Express
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Vulnerability in the Oracle Application Express Packaged Apps component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Application Express
NVD
EPSS 1% CVSS 5.4
MEDIUM This Month

Vulnerability in the Oracle Application Express Quick Poll component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Application Express
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Vulnerability in the Oracle Application Express component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Application Express
NVD
EPSS 5% CVSS 6.1
MEDIUM POC PATCH This Month

Cure53 DOMPurify before 2.0.17 allows mutation XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Dompurify Debian Linux +3
NVD GitHub
EPSS 1% CVSS 4.6
MEDIUM PATCH This Month

Vulnerability in the Oracle Application Express component of Oracle Database Server. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Application Express
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Vulnerability in the Oracle Application Express component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Application Express
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Vulnerability in the Oracle Application Express component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Application Express
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Vulnerability in the Oracle Application Express component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Application Express
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Vulnerability in the Oracle Application Express component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Application Express
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Vulnerability in the Oracle Application Express component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Oracle Application Express
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Vulnerability in the Oracle Application Express component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Application Express
NVD
EPSS 1% CVSS 5.4
MEDIUM PATCH This Month

Vulnerability in the Oracle Application Express component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Oracle Application Express
NVD
EPSS 84% CVSS 6.1
MEDIUM POC KEV PATCH THREAT This Month

In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Debian Linux +50
NVD GitHub Exploit-DB
EPSS 1% CVSS 4.6
MEDIUM This Month

Vulnerability in the Oracle Application Express component of Oracle Database Server. Rated medium severity (CVSS 4.6), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Oracle Application Express
NVD
EPSS 4% CVSS 6.1
MEDIUM PATCH This Month

A cross-site scripting (XSS) vulnerability in the HTML Data Processor for CKEditor 4.0 before 4.14 allows remote attackers to inject arbitrary web script through a crafted "protected" comment (with. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Ckeditor Fedora +9
NVD GitHub
EPSS 2% CVSS 6.1
MEDIUM POC PATCH This Month

A vulnerability was found in Hibernate-Validator. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Hibernate Validator Fuse +186
NVD GitHub
EPSS 87% CVSS 6.1
MEDIUM POC PATCH THREAT This Month

{}, ...) because of Object.prototype pollution. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Jquery +104
NVD GitHub Exploit-DB
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

Vulnerability in the Application Express component of Oracle Database Server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Application Express
NVD
EPSS 1% CVSS 6.1
MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Jquery Ui Application Express +11
NVD GitHub
EPSS 1% CVSS 5.8
MEDIUM PATCH This Month

Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect availability via unknown vectors. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oracle Application Express
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect confidentiality and integrity via unknown vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Oracle Application Express
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy