Skip to main content

Oracle

7772 CVEs vendor

Monthly

CVE-2025-53057 MEDIUM PATCH CISA This Month

Improper access control in Oracle Java SE, GraalVM for JDK, and GraalVM Enterprise Edition allows unauthenticated remote attackers to create, delete, or modify critical data when APIs in the Security component are exposed via web services or similar mechanisms. The vulnerability affects Java 8u461 through 25 and carries a CVSS 5.9 with high integrity impact, though exploitation is difficult (AC:H) and no public exploit or active KEV status has been confirmed.

Authentication Bypass Oracle Java Graalvm Graalvm For Jdk +4
NVD VulDB
CVSS 3.1
5.9
EPSS
0.1%
CVE-2023-53564 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix defrag path triggering jbd2 ASSERT code path: ocfs2_ioctl_move_extents ocfs2_move_extents ocfs2_defrag_extent __ocfs2_move_extent + ocfs2_journal_access_di ...

Denial Of Service Linux Oracle Red Hat Suse +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-36758 MEDIUM This Month

It is possible to bypass the clipping level of authentication attempts in SolaX Cloud through the use of the 'Forgot Password' functionality as an oracle. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle
NVD
CVSS 4.0
6.3
EPSS
0.1%
CVE-2025-7383 MEDIUM This Month

Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all versions since 1.0.0 and prior to 1.5.1 allows an attacker to recover plaintexts via timing. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required. No vendor patch available.

Oracle Information Disclosure
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-7071 MEDIUM This Month

Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required. No vendor patch available.

Oracle Information Disclosure
NVD
CVSS 4.0
5.9
EPSS
0.0%
CVE-2025-38517 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users() alloc_tag_top_users() attempts to lock. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Canonical Debian Linux Oracle +4
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-38506 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: KVM: Allow CPU to reschedule while setting per-page memory attributes When running an SEV-SNP guest with a sufficiently large. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle Linux Linux Kernel Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-49824 LOW PATCH Monitor

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travis_encrypt_binstar_token implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attack. This vulnerability results from the use of an outdated and insecure padding scheme during RSA encryption. A malicious actor with access to an oracle system can exploit this flaw by iteratively submitting modified ciphertexts and analyzing responses to infer the plaintext without possessing the private key. This issue has been patched in version 3.47.1.

Oracle Information Disclosure
NVD GitHub
CVSS 4.0
1.7
EPSS
0.1%
CVE-2024-56158 Maven CRITICAL PATCH Act Now

Critical SQL injection vulnerability in XWiki that allows unauthenticated remote attackers to execute arbitrary SQL queries against Oracle databases by exploiting insufficient validation of native SQL functions (DBMS_XMLGEN, DBMS_XMLQUERY) in Hibernate query processing. The vulnerability affects XWiki versions before 16.10.2, 16.4.7, and 15.10.16, with a CVSS score of 9.8 indicating critical severity and complete compromise of confidentiality, integrity, and availability. This is a pre-authentication remote code execution vector with no user interaction required.

Oracle Information Disclosure Xwiki
NVD GitHub
CVSS 3.1
9.8
EPSS
0.7%
CVE-2025-20286 CRITICAL Act Now

Default credentials in Cisco ISE cloud deployments on AWS/Azure/OCI. CVSS 9.9.

Cisco Oracle Information Disclosure Authentication Bypass Azure +2
NVD
CVSS 3.1
9.9
EPSS
0.1%
CVE-2025-37900 MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: iommu: Fix two issues in iommu_copy_struct_from_user() In the review for iommu_copy_struct_to_user() helper, Matt pointed out that. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Oracle Denial Of Service Nvidia +3
NVD
CVSS 3.1
5.5
EPSS
0.0%
CVE-2025-46720 npm LOW PATCH Monitor

Keystone is a content management system for Node.js. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Node.js Keystone
NVD GitHub
CVSS 3.1
3.1
EPSS
0.1%
CVE-2025-46569 Go HIGH PATCH This Week

Open Policy Agent (OPA) is an open source, general-purpose policy engine. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Oracle Code Injection Denial Of Service Red Hat +1
NVD GitHub
CVSS 4.0
7.4
EPSS
0.1%
CVE-2015-4582 HIGH This Week

The TheCartPress boot-store (aka Boot Store) theme 1.6.4 for WordPress allows header.php tcp_register_error XSS. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Oracle PHP XSS Boot Store
NVD
CVSS 3.1
7.2
EPSS
0.3%
CVE-2025-46674 LOW POC PATCH Monitor

NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress (not intended for use during flight), potentially leading to a keystream oracle. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Oracle Cryptolib
NVD GitHub
CVSS 3.1
3.5
EPSS
0.3%
CVE-2025-30740 MEDIUM PATCH This Month

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Jd Edwards Enterpriseone Tools
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-30737 MEDIUM This Month

Vulnerability in the Oracle Smart View for Office product of Oracle Hyperion (component: Core Smart View). Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Oracle Authentication Bypass Smart View For Office
NVD
CVSS 3.1
5.7
EPSS
0.5%
CVE-2025-30736 HIGH PATCH This Week

Vulnerability in the Java VM component of Oracle Database Server. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Oracle Authentication Bypass Java Java Virtual Machine
NVD
CVSS 3.1
7.4
EPSS
0.4%
CVE-2025-30735 HIGH PATCH This Week

Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Page and Field Configuration). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Cc Common Application Objects
NVD
CVSS 3.1
8.1
EPSS
0.4%
CVE-2025-30733 MEDIUM PATCH This Month

Vulnerability in the RDBMS Listener component of Oracle Database Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Oracle Authentication Bypass Rdbms Listener
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-30732 MEDIUM PATCH This Month

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Core). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Application Object Library
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-30731 LOW PATCH Monitor

Vulnerability in the Oracle Applications Technology Stack product of Oracle E-Business Suite (component: Configuration). Rated low severity (CVSS 3.6), this vulnerability is no authentication required.

Oracle Authentication Bypass Applications Technology Stack
NVD
CVSS 3.1
3.6
EPSS
0.1%
CVE-2025-30730 HIGH This Week

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Application Object Library
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2025-30729 MEDIUM This Month

Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Denial Of Service Communications Order And Service Management
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2025-30728 HIGH PATCH This Week

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Configurator
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-30727 CRITICAL Act Now

Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: iSurvey Module). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass E Business Suite
NVD
CVSS 3.1
9.8
EPSS
1.0%
CVE-2025-30726 MEDIUM PATCH This Month

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Core). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Application Object Library
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-30725 MEDIUM PATCH This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.7). This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Oracle Denial Of Service Vm Virtualbox
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-30724 HIGH PATCH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Oracle Authentication Bypass Bi Publisher
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-30723 MEDIUM This Month

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Bi Publisher
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2025-30722 MEDIUM PATCH This Month

Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Oracle Authentication Bypass Mysql Cluster Mysql Client Active Iq Unified Manager +4
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-30721 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Rated medium severity (CVSS 4.0). No vendor patch available.

Oracle Denial Of Service Mysql Server MySQL Red Hat +1
NVD
CVSS 3.1
4.0
EPSS
0.2%
CVE-2025-30720 MEDIUM This Month

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Orders). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Configurator
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-30719 MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Oracle Denial Of Service Vm Virtualbox
NVD
CVSS 3.1
6.1
EPSS
0.1%
CVE-2025-30718 MEDIUM This Month

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments, File Upload). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle File Upload Applications Framework
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-30717 MEDIUM This Month

Vulnerability in the Oracle Teleservice product of Oracle E-Business Suite (component: Service Diagnostics Scripts). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Teleservice
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-30716 HIGH PATCH This Week

Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Oracle Authentication Bypass Common Applications
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-30715 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Oracle Denial Of Service Mysql Server MySQL Red Hat +1
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-30714 MEDIUM PATCH This Month

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable.

Python Oracle Authentication Bypass Mysql Connectors
NVD
CVSS 3.1
4.8
EPSS
0.2%
CVE-2025-30713 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise HCM Talent Acquisition Manager product of Oracle PeopleSoft (component: Job Opening). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Hcm Talent Acquisition Manager
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-30712 HIGH POC PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.1), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Oracle Authentication Bypass Denial Of Service Vm Virtualbox +1
NVD GitHub
CVSS 3.1
8.1
EPSS
0.1%
CVE-2025-30711 MEDIUM PATCH This Month

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments, File Upload). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass File Upload Applications Framework
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-30710 MEDIUM PATCH This Month

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: NDBCluster Plugin). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Mysql Cluster MySQL
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-30709 MEDIUM PATCH This Month

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Jd Edwards Enterpriseone Tools
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-30708 HIGH This Week

Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Search and Register Users). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass User Management
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-30707 HIGH PATCH This Week

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: User Management). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Istore
NVD
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-30706 HIGH PATCH This Week

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Oracle Privilege Escalation Mysql Connectors Red Hat Suse
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2025-30705 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Mysql Server MySQL Red Hat +1
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-30704 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Oracle Denial Of Service Mysql Server MySQL Red Hat +1
NVD
CVSS 3.1
4.4
EPSS
0.2%
CVE-2025-30703 LOW PATCH Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Oracle Authentication Bypass Mysql Server MySQL
NVD
CVSS 3.1
2.7
EPSS
0.2%
CVE-2025-30702 MEDIUM This Month

Vulnerability in the Fleet Patching and amp; Provisioning component of Oracle Database Server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oracle Fleet Patching And Provisioning
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2025-30701 HIGH PATCH This Week

Vulnerability in the RAS Security component of Oracle Database Server. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Oracle Authentication Bypass Privilege Escalation Ras Security
NVD
CVSS 3.1
7.3
EPSS
0.3%
CVE-2025-30700 LOW PATCH Monitor

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Solaris
NVD
CVSS 3.1
3.5
EPSS
0.3%
CVE-2025-30699 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Mysql Server MySQL Red Hat +1
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-30698 MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Authentication Bypass Denial Of Service Java Jre +5
NVD VulDB
CVSS 3.1
5.6
EPSS
0.6%
CVE-2025-30697 MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Panel Processor). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-30696 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Mysql Server MySQL Red Hat +1
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-30695 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Mysql Server MySQL Red Hat +1
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-30694 MEDIUM PATCH This Month

Vulnerability in the XML Database component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Xml Database
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-30693 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Mysql Cluster Mysql Server MySQL +2
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2025-30692 MEDIUM PATCH This Month

Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Attachments). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Isupplier Portal
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-30691 MEDIUM PATCH This Month

Vulnerability in Oracle Java SE (component: Compiler). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Authentication Bypass Java Graalvm For Jdk Jdk +5
NVD VulDB
CVSS 3.1
4.8
EPSS
0.4%
CVE-2025-30690 HIGH PATCH This Week

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). Rated high severity (CVSS 7.2).

Oracle Authentication Bypass Solaris
NVD
CVSS 3.1
7.2
EPSS
0.2%
CVE-2025-30689 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Mysql Server MySQL Red Hat +1
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-30688 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Oracle Denial Of Service Mysql Server MySQL Red Hat +1
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-30687 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Oracle Denial Of Service Mysql Server MySQL Red Hat +1
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-30686 HIGH PATCH This Week

Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: EMC). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Denial Of Service Hospitality Simphony
NVD
CVSS 3.1
7.6
EPSS
0.4%
CVE-2025-30685 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Oracle Denial Of Service Mysql Server MySQL Red Hat +1
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-30684 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Oracle Denial Of Service Mysql Server MySQL Red Hat +1
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-30683 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Oracle Denial Of Service Mysql Server MySQL Red Hat +1
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-30682 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Oracle Denial Of Service Mysql Server MySQL Red Hat +1
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-30681 LOW PATCH Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Oracle Denial Of Service Mysql Cluster Mysql Server MySQL
NVD
CVSS 3.1
2.7
EPSS
0.3%
CVE-2025-21588 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Mysql Server MySQL Red Hat +1
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-21587 HIGH PATCH This Week

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Authentication Bypass Java Jre Jdk +4
NVD VulDB
CVSS 3.1
7.4
EPSS
0.6%
CVE-2025-21586 MEDIUM PATCH This Month

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Jd Edwards Enterpriseone Tools
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-21585 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Oracle Denial Of Service Mysql Server MySQL Red Hat +1
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-21584 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Oracle Denial Of Service Mysql Server MySQL Red Hat +1
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-21583 MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Mysql Server Snapcenter MySQL +1
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-21582 MEDIUM PATCH This Month

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Oracle Authentication Bypass Crm Technical Foundation
NVD
CVSS 3.1
6.1
EPSS
0.2%
CVE-2025-21581 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Oracle Denial Of Service Mysql Server MySQL Red Hat +1
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-21580 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Oracle Denial Of Service Mysql Server MySQL Red Hat +1
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-21579 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Oracle Denial Of Service Mysql Server MySQL Red Hat +1
NVD
CVSS 3.1
4.9
EPSS
0.3%
CVE-2025-21578 MEDIUM PATCH This Month

Vulnerability in Oracle Secure Backup (component: General). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Oracle Secure Backup
NVD
CVSS 3.1
6.7
EPSS
0.1%
CVE-2025-21577 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Oracle Denial Of Service Mysql Server MySQL Red Hat +1
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-21576 MEDIUM PATCH This Month

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Personalization Server). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Oracle CSRF Commerce Platform
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2025-21575 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Oracle Denial Of Service Mysql Cluster Mysql Server MySQL +2
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-21574 MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Oracle Denial Of Service Mysql Cluster Mysql Server MySQL +2
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2025-21573 MEDIUM PATCH This Month

Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Chatbot). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Oracle Authentication Bypass Denial Of Service Financial Services Revenue Management And Billing
NVD
CVSS 3.1
6.0
EPSS
0.6%
CVE-2025-30852 HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in emotionalonlinestorytelling Oracle Cards Lite allows Reflected XSS.2.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle XSS
NVD
CVSS 3.1
7.1
EPSS
0.2%
CVE-2025-31884 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP CMS Ninja Norse Rune Oracle Plugin allows Stored XSS.4.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle XSS
NVD
CVSS 3.1
6.5
EPSS
0.1%
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

Improper access control in Oracle Java SE, GraalVM for JDK, and GraalVM Enterprise Edition allows unauthenticated remote attackers to create, delete, or modify critical data when APIs in the Security component are exposed via web services or similar mechanisms. The vulnerability affects Java 8u461 through 25 and carries a CVSS 5.9 with high integrity impact, though exploitation is difficult (AC:H) and no public exploit or active KEV status has been confirmed.

Authentication Bypass Oracle Java +6
NVD VulDB
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix defrag path triggering jbd2 ASSERT code path: ocfs2_ioctl_move_extents ocfs2_move_extents ocfs2_defrag_extent __ocfs2_move_extent + ocfs2_journal_access_di ...

Denial Of Service Linux Oracle +3
NVD
EPSS 0% CVSS 6.3
MEDIUM This Month

It is possible to bypass the clipping level of authentication attempts in SolaX Cloud through the use of the 'Forgot Password' functionality as an oracle. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Oracle
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Padding oracle attack vulnerability in Oberon microsystem AG’s Oberon PSA Crypto library in all versions since 1.0.0 and prior to 1.5.1 allows an attacker to recover plaintexts via timing. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required. No vendor patch available.

Oracle Information Disclosure
NVD
EPSS 0% CVSS 5.9
MEDIUM This Month

Padding oracle attack vulnerability in Oberon microsystem AG’s ocrypto library in all versions since 3.1.0 and prior to 3.9.2 allows an attacker to recover plaintexts via timing measurements of. Rated medium severity (CVSS 5.9), this vulnerability is no authentication required. No vendor patch available.

Oracle Information Disclosure
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: lib/alloc_tag: do not acquire non-existent lock in alloc_tag_top_users() alloc_tag_top_users() attempts to lock. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Canonical Debian +6
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: KVM: Allow CPU to reschedule while setting per-page memory attributes When running an SEV-SNP guest with a sufficiently large. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Information Disclosure Oracle Linux +3
NVD
EPSS 0% CVSS 1.7
LOW PATCH Monitor

conda-smithy is a tool for combining a conda recipe with configurations to build using freely hosted CI services into a single repository. Prior to version 3.47.1, the travis_encrypt_binstar_token implementation in the conda-smithy package has been identified as vulnerable to an Oracle Padding Attack. This vulnerability results from the use of an outdated and insecure padding scheme during RSA encryption. A malicious actor with access to an oracle system can exploit this flaw by iteratively submitting modified ciphertexts and analyzing responses to infer the plaintext without possessing the private key. This issue has been patched in version 3.47.1.

Oracle Information Disclosure
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

Critical SQL injection vulnerability in XWiki that allows unauthenticated remote attackers to execute arbitrary SQL queries against Oracle databases by exploiting insufficient validation of native SQL functions (DBMS_XMLGEN, DBMS_XMLQUERY) in Hibernate query processing. The vulnerability affects XWiki versions before 16.10.2, 16.4.7, and 15.10.16, with a CVSS score of 9.8 indicating critical severity and complete compromise of confidentiality, integrity, and availability. This is a pre-authentication remote code execution vector with no user interaction required.

Oracle Information Disclosure Xwiki
NVD GitHub
EPSS 0% CVSS 9.9
CRITICAL Act Now

Default credentials in Cisco ISE cloud deployments on AWS/Azure/OCI. CVSS 9.9.

Cisco Oracle Information Disclosure +4
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

In the Linux kernel, the following vulnerability has been resolved: iommu: Fix two issues in iommu_copy_struct_from_user() In the review for iommu_copy_struct_to_user() helper, Matt pointed out that. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Null Pointer Dereference Linux Oracle +5
NVD
EPSS 0% CVSS 3.1
LOW PATCH Monitor

Keystone is a content management system for Node.js. Rated low severity (CVSS 3.1), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Oracle Node.js +1
NVD GitHub
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Open Policy Agent (OPA) is an open source, general-purpose policy engine. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Oracle Code Injection +3
NVD GitHub
EPSS 0% CVSS 7.2
HIGH This Week

The TheCartPress boot-store (aka Boot Store) theme 1.6.4 for WordPress allows header.php tcp_register_error XSS. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Oracle PHP +2
NVD
EPSS 0% CVSS 3.5
LOW POC PATCH Monitor

NASA CryptoLib before 1.3.2 uses Extended Procedures that are a Work in Progress (not intended for use during flight), potentially leading to a keystream oracle. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. Public exploit code available.

Information Disclosure Oracle Cryptolib
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Jd Edwards Enterpriseone Tools
NVD
EPSS 0% CVSS 5.7
MEDIUM This Month

Vulnerability in the Oracle Smart View for Office product of Oracle Hyperion (component: Core Smart View). Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable. No vendor patch available.

Microsoft Oracle Authentication Bypass +1
NVD
EPSS 0% CVSS 7.4
HIGH PATCH This Week

Vulnerability in the Java VM component of Oracle Database Server. Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required.

Oracle Authentication Bypass Java +1
NVD
EPSS 0% CVSS 8.1
HIGH PATCH This Week

Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Page and Field Configuration). Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Cc Common Application Objects
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the RDBMS Listener component of Oracle Database Server. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.

Oracle Authentication Bypass Rdbms Listener
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Core). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Application Object Library
NVD
EPSS 0% CVSS 3.6
LOW PATCH Monitor

Vulnerability in the Oracle Applications Technology Stack product of Oracle E-Business Suite (component: Configuration). Rated low severity (CVSS 3.6), this vulnerability is no authentication required.

Oracle Authentication Bypass Applications Technology Stack
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Denial Of Service Application Object Library
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Denial Of Service +1
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Configurator
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: iSurvey Module). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass E Business Suite
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Core). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Application Object Library
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.7). This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Oracle Denial Of Service Vm Virtualbox
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Oracle Authentication Bypass +1
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Bi Publisher
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Vulnerability in the MySQL Client product of Oracle MySQL (component: Client: mysqldump). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Oracle Authentication Bypass Mysql Cluster +6
NVD
EPSS 0% CVSS 4.0
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: UDF). Rated medium severity (CVSS 4.0). No vendor patch available.

Oracle Denial Of Service Mysql Server +3
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Orders). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Configurator
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Oracle Denial Of Service Vm Virtualbox
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments, File Upload). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle File Upload Applications Framework
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Vulnerability in the Oracle Teleservice product of Oracle E-Business Suite (component: Service Diagnostics Scripts). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Authentication Bypass Teleservice
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Oracle Authentication Bypass Common Applications
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Oracle Denial Of Service Mysql Server +3
NVD
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable.

Python Oracle Authentication Bypass +1
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise HCM Talent Acquisition Manager product of Oracle PeopleSoft (component: Job Opening). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Hcm Talent Acquisition Manager
NVD
EPSS 0% CVSS 8.1
HIGH POC PATCH This Week

Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Rated high severity (CVSS 8.1), this vulnerability is low attack complexity. Public exploit code available.

Integer Overflow Oracle Authentication Bypass +3
NVD GitHub
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Attachments, File Upload). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass File Upload +1
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: NDBCluster Plugin). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Mysql Cluster +1
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Jd Edwards Enterpriseone Tools
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Vulnerability in the Oracle User Management product of Oracle E-Business Suite (component: Search and Register Users). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle Authentication Bypass User Management
NVD
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: User Management). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Oracle Authentication Bypass Istore
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Week

Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Oracle Privilege Escalation Mysql Connectors +2
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Mysql Server +3
NVD
EPSS 0% CVSS 4.4
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Rated medium severity (CVSS 4.4), this vulnerability is remotely exploitable. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Oracle Denial Of Service Mysql Server +3
NVD
EPSS 0% CVSS 2.7
LOW PATCH Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Oracle Authentication Bypass Mysql Server +1
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

Vulnerability in the Fleet Patching and amp; Provisioning component of Oracle Database Server. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Oracle Fleet Patching And Provisioning
NVD
EPSS 0% CVSS 7.3
HIGH PATCH This Week

Vulnerability in the RAS Security component of Oracle Database Server. Rated high severity (CVSS 7.3), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Default Permissions vulnerability could allow attackers to access resources due to overly permissive default settings.

Oracle Authentication Bypass Privilege Escalation +1
NVD
EPSS 0% CVSS 3.5
LOW PATCH Monitor

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Pluggable authentication module). Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Solaris
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Stored Procedure). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Mysql Server +3
NVD
EPSS 1% CVSS 5.6
MEDIUM PATCH This Month

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: 2D). Rated medium severity (CVSS 5.6), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Authentication Bypass Denial Of Service +7
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Panel Processor). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Peoplesoft Enterprise Peopletools
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: PS). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Mysql Server +3
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Mysql Server +3
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Vulnerability in the XML Database component of Oracle Database Server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Xml Database
NVD
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Mysql Cluster +4
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Attachments). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Isupplier Portal
NVD
EPSS 0% CVSS 4.8
MEDIUM PATCH This Month

Vulnerability in Oracle Java SE (component: Compiler). Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Authentication Bypass Java +7
NVD VulDB
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). Rated high severity (CVSS 7.2).

Oracle Authentication Bypass Solaris
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Mysql Server +3
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Oracle Denial Of Service Mysql Server +3
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Oracle Denial Of Service Mysql Server +3
NVD
EPSS 0% CVSS 7.6
HIGH PATCH This Week

Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: EMC). Rated high severity (CVSS 7.6), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Denial Of Service +1
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Oracle Denial Of Service Mysql Server +3
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Oracle Denial Of Service Mysql Server +3
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Oracle Denial Of Service Mysql Server +3
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Oracle Denial Of Service Mysql Server +3
NVD
EPSS 0% CVSS 2.7
LOW PATCH Monitor

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Oracle Denial Of Service Mysql Cluster +2
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Mysql Server +3
NVD
EPSS 1% CVSS 7.4
HIGH PATCH This Week

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JSSE). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Oracle Authentication Bypass Java +6
NVD VulDB
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Oracle Authentication Bypass Jd Edwards Enterpriseone Tools
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Oracle Denial Of Service Mysql Server +3
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Oracle Denial Of Service Mysql Server +3
NVD
EPSS 0% CVSS 4.9
MEDIUM This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DDL). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle Denial Of Service Mysql Server +3
NVD
EPSS 0% CVSS 6.1
MEDIUM PATCH This Month

Vulnerability in the Oracle CRM Technical Foundation product of Oracle E-Business Suite (component: Preferences). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Oracle Authentication Bypass Crm Technical Foundation
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Oracle Denial Of Service Mysql Server +3
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Oracle Denial Of Service Mysql Server +3
NVD
EPSS 0% CVSS 4.9
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Options). Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Oracle Denial Of Service Mysql Server +3
NVD
EPSS 0% CVSS 6.7
MEDIUM PATCH This Month

Vulnerability in Oracle Secure Backup (component: General). Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. This Incorrect Permission Assignment vulnerability could allow attackers to access resources due to misconfigured permissions.

Information Disclosure Oracle Secure Backup
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Oracle Denial Of Service Mysql Server +3
NVD
EPSS 0% CVSS 5.4
MEDIUM PATCH This Month

Vulnerability in the Oracle Commerce Platform product of Oracle Commerce (component: Dynamo Personalization Server). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

Oracle CSRF Commerce Platform
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Oracle Denial Of Service Mysql Cluster +4
NVD
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Parser). Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Oracle Denial Of Service Mysql Cluster +4
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications (component: Chatbot). Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable.

Oracle Authentication Bypass Denial Of Service +1
NVD
EPSS 0% CVSS 7.1
HIGH This Week

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in emotionalonlinestorytelling Oracle Cards Lite allows Reflected XSS.2.1. Rated high severity (CVSS 7.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Oracle XSS
NVD
EPSS 0% CVSS 6.5
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP CMS Ninja Norse Rune Oracle Plugin allows Stored XSS.4.3. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Oracle XSS
NVD
Prev Page 7 of 87 Next

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy