7770
CVEs
609
Critical
1959
High
41
KEV
245
PoC
1053
Unpatched C/H
58.7%
Patch Rate
2.6%
Avg EPSS
Severity Breakdown
CRITICAL
609
HIGH
1959
MEDIUM
4405
LOW
796
Monthly CVE Trend
Affected Products (30)
MySQL
1171
Java
889
Jre
721
Jdk
714
Oncommand Insight
692
Oncommand Workflow Automation
527
Ubuntu Linux
454
Active Iq Unified Manager
452
Snapcenter
445
Debian Linux
410
Vm Virtualbox
374
MariaDB
322
Enterprise Linux Server Aus
299
Enterprise Linux Eus
288
Enterprise Linux Desktop
279
Enterprise Linux Workstation
279
Solaris
279
Enterprise Linux Server
279
Fedora
270
Enterprise Linux Server Tus
269
Fusion Middleware
241
Peoplesoft Enterprise Peopletools
212
Weblogic Server
198
Database Server
192
Mysql Server
185
Leap
183
E Business Suite
177
Outside In Technology
165
Enterprise Linux
163
E Series Santricity Os Controller
150
Top Risky CVEs
| CVE | Summary | Severity | CVSS | EPSS | Priority | Signals |
|---|---|---|---|---|---|---|
| CVE-2012-4681 | Oracle Java SE 7 Update 6 and earlier contains multiple sandbox bypass vulnerabilities via the ClassFinder and forName methods, enabling complete sandbox escape for untrusted applets. Massively exploited by exploit kits in 2012. | CRITICAL | 9.8 | 94.1% | 238 |
KEV
PoC
No patch
|
| CVE-2013-2465 | Java Runtime Environment sandbox bypass via incorrect image channel verification in 2D component allows remote unauthenticated attackers to execute arbitrary code and escape security restrictions. Affects Oracle JRE 5.0 through Update 45, 6 through Update 45, 7 through Update 21, and OpenJDK 7. Confirmed actively exploited (CISA KEV) with 93.22% EPSS probability and publicly available exploit code. Oracle released patches in June 2013 CPU addressing the vulnerability through image channel verification corrections. | CRITICAL | 9.8 | 93.2% | 237 |
KEV
PoC
|
| CVE-2011-3544 | Oracle Java SE JDK/JRE 7 and 6 Update 27 and earlier allows remote code execution with complete system compromise through malicious Java Web Start applications and untrusted applets exploiting the Scripting component. CISA KEV confirms active exploitation in the wild. EPSS score of 92.59% (100th percentile) indicates extremely high probability of mass exploitation. Public exploit code exists, making this a critical priority for any environment running affected Java versions despite the vulnerability's age. | CRITICAL | 9.8 | 92.6% | 237 |
KEV
PoC
|
| CVE-2012-1723 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier allows. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | CRITICAL | 9.8 | 94.1% | 228 |
KEV
PoC
No patch
|
| CVE-2013-0422 | Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitrary code by (1) using the public getMBeanInstantiator method in the JmxMBeanServer class to obtain a. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | CRITICAL | 9.8 | 93.6% | 228 |
KEV
PoC
No patch
|
| CVE-2012-0507 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 2 and earlier, 6 Update 30 and earlier, and 5.0 Update 33 and earlier allows remote attackers to. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | CRITICAL | 9.8 | 93.6% | 228 |
KEV
PoC
No patch
|
| CVE-2017-10271 | Oracle WebLogic Server allows unauthenticated remote code execution through the WLS Security component's T3 protocol, massively exploited for cryptocurrency mining and botnet recruitment from 2017 onward. | HIGH | 7.5 | 94.4% | 227 |
KEV
PoC
|
| CVE-2015-4852 | The WLS Security component in Oracle WebLogic Server 10.3.6.0, 12.1.2.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to execute arbitrary commands via a crafted serialized Java object in T3. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | CRITICAL | 9.8 | 92.9% | 227 |
KEV
PoC
|
| CVE-2012-5076 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 7 and earlier allows remote attackers to affect confidentiality, integrity, and availability,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | CRITICAL | 9.8 | 91.7% | 226 |
KEV
PoC
|
| CVE-2012-3152 | Unspecified vulnerability in the Oracle Reports Developer component in Oracle Fusion Middleware 11.1.1.4, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect confidentiality and integrity via. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | CRITICAL | 9.1 | 93.5% | 224 |
KEV
PoC
|
| CVE-2016-8735 | Remote code execution is possible with Apache Tomcat before 6.0.48, 7.x before 7.0.73, 8.x before 8.0.39, 8.5.x before 8.5.7, and 9.x before 9.0.0.M12 if JmxRemoteLifecycleListener is used and an. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | CRITICAL | 9.8 | 93.8% | 213 |
KEV
PoC
|
| CVE-2013-0431 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 through Update 11, and OpenJDK 7, allows user-assisted remote attackers to bypass the Java security. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | MEDIUM | 5.3 | 91.6% | 203 |
KEV
PoC
No patch
|
| CVE-2017-3506 | Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Rated high severity (CVSS 7.4), this vulnerability is remotely exploitable, no authentication required. Actively exploited in the wild (cisa kev) and public exploit code available. | HIGH | 7.4 | 94.4% | 201 |
KEV
PoC
|
| CVE-2013-2423 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7, allows remote attackers to affect integrity via unknown vectors. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required. Actively exploited in the wild (cisa kev) and public exploit code available. | LOW | 3.7 | 93.4% | 197 |
KEV
PoC
|
| CVE-2024-21182 | Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and public exploit code available. | HIGH | 7.5 | 87.7% | 195 |
KEV
PoC
No patch
|