Oracle Oracle Software Giant

  1. Vendors
  2. Oracle

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Oracle product.

RSS Feeds for Oracle security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Oracle products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Oracle Sorted by Most Security Vulnerabilities since 2018

Oracle1958 vulnerabilities

Oracle MySQL1289 vulnerabilities
Open Source Database Engine

Oracle Java739 vulnerabilities

Oracle Jdk727 vulnerabilities

Oracle VM VirtualBox336 vulnerabilities

Oracle Solaris326 vulnerabilities

Oracle Weblogic Server274 vulnerabilities
Java EE server

Oracle Peoplesoft Enterprise Peopletools261 vulnerabilities

Oracle GraalVM195 vulnerabilities

Oracle Linux158 vulnerabilities

Oracle Outside In Technology155 vulnerabilities

Oracle Database Server153 vulnerabilities
Oracle Database Server

Oracle Jd Edwards Enterpriseone Tools135 vulnerabilities

Oracle Communications Cloud Native Core Policy125 vulnerabilities

Oracle Retail Xstore Point Of Service118 vulnerabilities

Oracle Zfs Storage Appliance Kit117 vulnerabilities

Oracle Enterprise Manager Base Platform116 vulnerabilities

Oracle Enterprise Manager Ops Center101 vulnerabilities

Oracle E Business Suite95 vulnerabilities

Oracle Financial Services Analytical Applications Infrastructure91 vulnerabilities

Oracle Webcenter Portal89 vulnerabilities

Oracle Http Server84 vulnerabilities

Oracle Business Intelligence76 vulnerabilities

Oracle Communications Cloud Native Core Binding Support Function75 vulnerabilities

Oracle Communications Session Route Manager74 vulnerabilities

Oracle Agile Plm73 vulnerabilities

Oracle Communications Session Report Manager69 vulnerabilities

Oracle Instantis Enterprisetrack57 vulnerabilities

Oracle Flexcube Universal Banking57 vulnerabilities

Oracle Application Testing Suite56 vulnerabilities

Oracle Communications Instant Messaging Server55 vulnerabilities

Oracle Mysql Enterprise Monitor51 vulnerabilities

Oracle Mysql Cluster47 vulnerabilities

Oracle Communications Policy Management47 vulnerabilities

Oracle Retail Service Backbone44 vulnerabilities

Oracle Application Express44 vulnerabilities

Oracle Javafx44 vulnerabilities

Oracle Primavera P6 Enterprise Project Portfolio Management43 vulnerabilities

Oracle Marketing42 vulnerabilities

Oracle Jd Edwards Enterpriseone Orchestrator42 vulnerabilities

Oracle Blockchain Platform40 vulnerabilities

Oracle Retail Order Broker38 vulnerabilities

Oracle Bi Publisher37 vulnerabilities

Oracle Complex Maintenance Repair Overhaul35 vulnerabilities

Oracle Hyperion Infrastructure Technology35 vulnerabilities

Oracle Flexcube Investor Servicing34 vulnerabilities

Oracle Goldengate Application Adapters34 vulnerabilities

Oracle Istore34 vulnerabilities

Oracle Retail Predictive Application Server33 vulnerabilities

Oracle Webcenter Sites33 vulnerabilities

Oracle Business Process Management Suite32 vulnerabilities

Oracle Communications Cloud Native Core Network Exposure Function31 vulnerabilities

Oracle Crm Technical Foundation29 vulnerabilities

Oracle Trade Management28 vulnerabilities

Oracle Hospitality Guest Access27 vulnerabilities

Oracle Hospitality Simphony27 vulnerabilities

Oracle Peoplesoft Enterprise Pt Peopletools27 vulnerabilities

Recent Oracle Security Advisories

Advisory Title Published
CPUApr2026 Oracle Critical Patch Update Advisory - April 2026 April 21, 2026
alertcve202621992 Oracle Security Alert for CVE-2026-21992 - 19 March 2026 March 20, 2026
CPUJan2026 Oracle Critical Patch Update Advisory - January 2026 January 20, 2026
CPUOct2025 Oracle Critical Patch Update Advisory - October 2025 October 21, 2025
alertcve202561884 Oracle Security Alert for CVE-2025-61884 - 10 October 2025 October 12, 2025
alertcve202561882 Oracle Security Alert for CVE-2025-61882 - 4 October 2025 October 4, 2025
CPUJul2025 Oracle Critical Patch Update Advisory - July 2025 July 15, 2025
CPUApr2025 Oracle Critical Patch Update Advisory - April 2025 April 15, 2025
CPUJan2025 Oracle Critical Patch Update Advisory - January 2025 January 21, 2025
alertcve202421287 Oracle Security Alert for CVE-2024-21287 - 18 November 2024 November 18, 2024

Known Exploited Oracle Vulnerabilities

The following Oracle vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability Oracle Fusion Middleware contains a missing authentication for critical function vulnerability, allowing unauthenticated remote attackers to take over Identity Manager.
CVE-2025-61757 Exploit Probability: 88.1% 		November 21, 2025
Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability Oracle E-Business Suite contains a server-side request forgery (SSRF) vulnerability in the Runtime component of Oracle Configurator. This vulnerability is remotely exploitable without authentication.
CVE-2025-61884 Exploit Probability: 60.8% 		October 20, 2025
Oracle E-Business Suite Unspecified Vulnerability Oracle E-Business Suite contains an unspecified vulnerability in the BI Publisher Integration component. The vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks can result in takeover of Oracle Concurrent Processing.
CVE-2025-61882 Exploit Probability: 89.4% 		October 6, 2025
Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability Oracle Agile Product Lifecycle Management (PLM) contains a deserialization vulnerability that allows a low-privileged attacker with network access via HTTP to compromise the system.
CVE-2024-20953 Exploit Probability: 67.4% 		February 24, 2025
Oracle WebLogic Server Unspecified Vulnerability Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an unspecified vulnerability exploitable by an unauthenticated attacker with network access via IIOP or T3.
CVE-2020-2883 Exploit Probability: 94.4% 		January 7, 2025
Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability Oracle Agile Product Lifecycle Management (PLM) contains an incorrect authorization vulnerability in the Process Extension component of the Software Development Kit. Successful exploitation of this vulnerability may result in unauthenticated file disclosure.
CVE-2024-21287 Exploit Probability: 69.8% 		November 21, 2024
Oracle JDeveloper Remote Code Execution Vulnerability Oracle JDeveloper, a product within the Fusion Middleware suite, contains an deserialization vulnerability the ADF Faces component, leading to unauthenticated remote code execution.
CVE-2022-21445 Exploit Probability: 92.0% 		September 18, 2024
Oracle WebLogic Server Remote Code Execution Vulnerability Oracle WebLogic Server, a product within the Fusion Middleware suite, contains a deserialization vulnerability. Unauthenticated attackers with network access via T3 or IIOP can exploit this vulnerability to achieve remote code execution.
CVE-2020-14644 Exploit Probability: 93.6% 		September 18, 2024
Oracle WebLogic Server OS Command Injection Vulnerability Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an OS command injection vulnerability that allows an attacker to execute arbitrary code via a specially crafted HTTP request that includes a malicious XML document.
CVE-2017-3506 Exploit Probability: 94.4% 		June 3, 2024
Oracle Fusion Middleware Unspecified Vulnerability Oracle Fusion Middleware contains an unspecified vulnerability in the WLS Core Components that allows an unauthenticated attacker with network access via IIOP to compromise the WebLogic Server.
CVE-2020-2551 Exploit Probability: 94.4% 		November 16, 2023
Oracle Java SE and JRockit Unspecified Vulnerability Oracle Java SE and JRockit contains an unspecified vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Management Extensions (JMX). This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web servi
CVE-2016-3427 Exploit Probability: 93.9% 		May 12, 2023
Oracle WebLogic Server Unspecified Vulnerability Oracle WebLogic Server contains an unspecified vulnerability that allows an unauthenticated attacker with network access via T3, IIOP, to compromise Oracle WebLogic Server.
CVE-2023-21839 Exploit Probability: 94.1% 		May 1, 2023
Oracle E-Business Suite Unspecified Vulnerability Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator.
CVE-2022-21587 Exploit Probability: 94.4% 		February 2, 2023
Oracle Fusion Middleware Unspecified Vulnerability Oracle Fusion Middleware Access Manager allows an unauthenticated attacker with network access via HTTP to takeover the Access Manager product.
CVE-2021-35587 Exploit Probability: 94.2% 		November 28, 2022
Oracle WebLogic Server Unspecified Vulnerability Oracle WebLogic Server contains an unspecified vulnerability which can allow an unauthenticated attacker with T3 network access to compromise the server.
CVE-2018-2628 Exploit Probability: 94.4% 		September 8, 2022
Oracle JRE Remote Code Execution Vulnerability A vulnerability in the way Java restricts the permissions of Java applets could allow an attacker to execute commands on a vulnerable system.
CVE-2013-0422 Exploit Probability: 93.6% 		May 25, 2022
Oracle JRE Unspecified Vulnerability Unspecified vulnerability in hotspot for Java Runtime Environment (JRE) allows remote attackers to affect integrity.
CVE-2013-2423 Exploit Probability: 93.4% 		May 25, 2022
Oracle JRE Sandbox Bypass Vulnerability Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle allows remote attackers to bypass the Java security sandbox.
CVE-2013-0431 Exploit Probability: 91.6% 		May 25, 2022
Oracle Solaris Privilege Escalation Vulnerability Oracle Solaris component: XScreenSaver contains an unspecified vulnerability which allows for privilege escalation.
CVE-2019-3010 Exploit Probability: 50.2% 		May 25, 2022
Oracle Fusion Middleware Unspecified Vulnerability Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer.
CVE-2012-1710 Exploit Probability: 40.8% 		May 25, 2022

Of the known exploited vulnerabilities above, 15 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 5 known exploited Oracle vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

Top 10 Riskiest Oracle Vulnerabilities

Based on the current exploit probability, these Oracle vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.

Rank CVE EPSS Vulnerability
1 CVE-2019-2725 94.5% Oracle WebLogic Server, Injection
2 CVE-2020-14882 94.5% Oracle WebLogic Server Remote Code Execution Vulnerability
3 CVE-2020-14883 94.4% Oracle WebLogic Server Remote Code Execution Vulnerability
4 CVE-2017-10271 94.4% Oracle Corporation WebLogic Server Remote Code Execution Vulnerability
5 CVE-2020-14750 94.4% Oracle WebLogic Server Remote Code Execution Vulnerability
6 CVE-2018-2628 94.4% Oracle WebLogic Server Unspecified Vulnerability
7 CVE-2020-2551 94.4% Oracle Fusion Middleware Unspecified Vulnerability
8 CVE-2022-21587 94.4% Oracle E-Business Suite Unspecified Vulnerability
9 CVE-2017-3506 94.4% Oracle WebLogic Server OS Command Injection Vulnerability
10 CVE-2020-2883 94.4% Oracle WebLogic Server Unspecified Vulnerability

By the Year

In 2026 there have been 303 vulnerabilities in Oracle with an average score of 6.2 out of ten. Last year, in 2025 Oracle had 634 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Oracle in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.00




Year Vulnerabilities Average Score
2026 303 6.20
2025 634 6.20
2024 648 6.14
2023 426 5.97
2022 555 6.26
2021 880 6.59
2020 976 6.33
2019 772 6.27
2018 808 6.51

It may take a day or so for new Oracle vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Oracle Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-35252 Apr 21, 2026
Oracle SecSvc 12.2.1.4.0/12.1.3.0.0 Unauthorized Access via HTTPS (UIR) Vulnerability in the Oracle Security Service product of Oracle Fusion Middleware (component: C Oracle SSL API). Supported versions that are affected are 12.2.1.4.0 and 12.1.3.0.0. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Security Service. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Security Service accessible data as well as unauthorized access to critical data or complete access to all Oracle Security Service accessible data. CVSS 3.1 Base Score 6.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N).
Security Service
CVE-2026-35250 Apr 21, 2026
Oracle VirtualBox 7.2.6 Core Partial DOS Vulnerability Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 2.3 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).
VM VirtualBox
CVE-2026-35251 Apr 21, 2026
Oracle VM VirtualBox 7.2.6 (CVE-2026-35251) Core Local Privilege Escalation Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
VM VirtualBox
CVE-2026-35249 Apr 21, 2026
Oracle VM VirtualBox 7.2.6 Core Privileged Mod Vulnerability (CVE-2026-35249) Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.2 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:N).
VM VirtualBox
CVE-2026-35248 Apr 21, 2026
CVE-2026-35248: Oracle VM VirtualBox Core v7.2.6 Priv Escalation Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle VM VirtualBox accessible data as well as unauthorized read access to a subset of Oracle VM VirtualBox accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 5.0 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:L).
VM VirtualBox
CVE-2026-35247 Apr 21, 2026
Oracle VM VirtualBox 7.2.6 Core Privilege Escalation Vulnerability Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).
VM VirtualBox
CVE-2026-35246 Apr 21, 2026
Oracle VM VirtualBox 7.2.6 Core Privilege Escalation (Scope Change) Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
VM VirtualBox
CVE-2026-35244 Apr 21, 2026
Oracle Hyperion Infrastructure Tech 11.2.24.0.000 LCM HTTP Privilege Escalation Vulnerability in the Oracle Hyperion Infrastructure Technology product of Oracle Hyperion (component: Lifecycle Management). The supported version that is affected is 11.2.24.0.000. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Hyperion Infrastructure Technology. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Hyperion Infrastructure Technology accessible data as well as unauthorized read access to a subset of Oracle Hyperion Infrastructure Technology accessible data. CVSS 3.1 Base Score 5.2 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:H/A:N).
Hyperion Infrastructure Technology
CVE-2026-35245 Apr 21, 2026
Oracle VM VirtualBox 7.2.6 Core RDP Affects Availability (DoS) Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via RDP to compromise Oracle VM VirtualBox. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
VM VirtualBox
CVE-2026-35242 Apr 21, 2026
Oracle VM VirtualBox 7.2.6 Core Priv Escal Allowing Full Control Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
VM VirtualBox
CVE-2026-35243 Apr 21, 2026
Low-Priv Exploit: Oracle ADF Faces (12.2.1.4.0/14.1.2.0.0) Takeover Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Application Development Framework (ADF) executes to compromise Oracle Application Development Framework (ADF). Successful attacks of this vulnerability can result in takeover of Oracle Application Development Framework (ADF). CVSS 3.1 Base Score 7.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Application Development Framework
CVE-2026-35241 Apr 21, 2026
Oracle PeopleSoft Enterprise CS Student Records v9.2 Research Tracking HTTP Exploit Vulnerability in the PeopleSoft Enterprise CS Student Records product of Oracle PeopleSoft (component: Research Tracking). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CS Student Records. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise CS Student Records accessible data. CVSS 3.1 Base Score 5.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N).
Peoplesoft Enterprise Cs Student Records
CVE-2026-35240 Apr 21, 2026
High Priv MySQL Optimizer DoS 8.0.0-8.0.45,8.4.0-8.4.8,9.0.0-9.6.0 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
MySQL
CVE-2026-35239 Apr 21, 2026
Oracle MySQL Server DML DoS (8.0.08.0.45, 8.4.08.4.8, 9.0.09.6.0) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
MySQL
CVE-2026-35238 Apr 21, 2026
Oracle MySQL InnoDB DoS (high) - 8.0.0-8.0.45, 8.4.0-8.4.8, 9.0.0-9.6.0 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
MySQL
CVE-2026-35237 Apr 21, 2026
Oracle MySQL InnoDB DoS via Network (pre8.0.46/8.4.99.6.0) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
MySQL
CVE-2026-35236 Apr 21, 2026
Oracle MySQL InnoDB DoS in 8.0.0-8.0.45, 8.4.0-8.4.8, 9.0.0-9.6.0 Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
MySQL
CVE-2026-35234 Apr 21, 2026
MySQL Server Partition Module DoS (9.0.09.6.0) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Partition). Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
MySQL
CVE-2026-35235 Apr 21, 2026
Oracle MySQL Server GIS 9.0.09.6.0 Network DoS Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: GIS). Supported versions that are affected are 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
MySQL
CVE-2026-35231 Apr 21, 2026
Unauth HTTP UI RCE in OFSTF v8.1.2.8.0 Vulnerability in the Oracle Financial Services Transaction Filtering product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Transaction Filtering. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Transaction Filtering accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Financial Services Transaction Filtering
CVE-2026-35232 Apr 21, 2026
Oracle Fusion Middleware (12.2.1.4.0/14.1.2.0) HTTP Low-Privilege Access (DMS) Vulnerability in Oracle Fusion Middleware (component: Dynamic Monitoring Service). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Fusion Middleware. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Fusion Middleware, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Fusion Middleware accessible data as well as unauthorized read access to a subset of Oracle Fusion Middleware accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).
Fusion Middleware
CVE-2026-35230 Apr 21, 2026
Oracle VM VirtualBox 7.2.6 Local Priv Esc via Core | CVE-2026-35230 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.6. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
VM VirtualBox
CVE-2026-35229 Apr 21, 2026
Oracle DB Server Java VM Vulnerability (Affects 19.319.30 & 21.321.21) Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.30 and 21.3-21.21. Easily exploitable vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Java VM accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Database Java Vm
CVE-2026-34325 Apr 21, 2026
Oracle FSA Infra 8.x UI: Low-Priv Exec by Loggedin User Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Financial Services Analytical Applications Infrastructure executes to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized update, insert or delete access to some of Oracle Financial Services Analytical Applications Infrastructure accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 6.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:L/A:H).
Financial Services Analytical Applications Infrastructure
CVE-2026-34324 Apr 21, 2026
Oracle InForm App Server 7.0.1.0-7.0.1.1 Unauth HTTP CVE-2026-34324 Vulnerability in the Oracle Life Sciences InForm product of Oracle Life Science Applications (component: App Server). Supported versions that are affected are 7.0.1.0 and 7.0.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life Sciences InForm. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Life Sciences InForm accessible data as well as unauthorized read access to a subset of Oracle Life Sciences InForm accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N).
Life Sciences Inform
CVE-2026-34323 Apr 21, 2026
Oracle Life Sciences InForm IDM Auth (7.0.1.0-7.0.1.1) Unauth HTTP Vulnerability Vulnerability in the Oracle Life Sciences InForm product of Oracle Life Science Applications (component: IDM Authentication). Supported versions that are affected are 7.0.1.0 and 7.0.1.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life Sciences InForm. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Life Sciences InForm accessible data as well as unauthorized read access to a subset of Oracle Life Sciences InForm accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Life Sciences InForm. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L).
Life Sciences Inform
CVE-2026-34320 Apr 21, 2026
Oracle FSS Customer Screening 8.1.2.8.0 UI unauth HTTP access Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Customer Screening. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Customer Screening accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Financial Services Customer Screening
CVE-2026-34321 Apr 21, 2026
Oracle FSA Application Infra UI Remote Exploit 8.0.7.98.1.2.5 (CVE202634321) Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: User Interface). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N).
Financial Services Analytical Applications Infrastructure
CVE-2026-34318 Apr 21, 2026
CVE-2026-34318: MySQL Shell Prior to 9.6.1 Priv Esc via Core Client Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Shell. While the vulnerability is in MySQL Shell, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Shell accessible data. CVSS 3.1 Base Score 5.8 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N).
Mysql Shell
CVE-2026-34319 Apr 21, 2026
MySQL Shell DoS via CoreClient (8.0-8.0.45, 8.4-8.4.8, 9.0-9.6) Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes to compromise MySQL Shell. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Shell. CVSS 3.1 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H).
Mysql Shell
CVE-2026-34317 Apr 21, 2026
MySQL Shell Core Client DOS 8.0-45, 8.4-8, 9.0-9.6 Vulnerability in the MySQL Shell product of Oracle MySQL (component: Shell: Core Client). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where MySQL Shell executes to compromise MySQL Shell. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Shell. CVSS 3.1 Base Score 5.0 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H).
Mysql Shell
CVE-2026-34315 Apr 21, 2026
Oracle WebLogic WS Vulnerability 12.2.1.4.015.1.1.0.0 Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 6.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N).
Weblogic Server
CVE-2026-34313 Apr 21, 2026
Oracle FSAA Infra Platform: Vulnerability before v8.1.2.5 (CVE-2026-34313) Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
Financial Services Analytical Applications Infrastructure
CVE-2026-34314 Apr 21, 2026
Oracle FSAA Infra v8.0.7.9-8.1.2.5: Low-Priv Network HTTP Escalation Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 6.8 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N).
Financial Services Analytical Applications Infrastructure
CVE-2026-34312 Apr 21, 2026
Oracle DB 19.319.30 RDBMS Privilege Escalation via Row Access Vulnerability in the RDBMS component of Oracle Database Server. Supported versions that are affected are 19.3-19.30. Easily exploitable vulnerability allows high privileged attacker having Row Access Method privilege with network access via multiple protocols to compromise RDBMS. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized read access to a subset of RDBMS accessible data. CVSS 3.1 Base Score 2.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:N/A:N).
Database Rdbms
CVE-2026-34310 Apr 21, 2026
Oracle FSAA Infra before 8.1.2.5: unauth RCE via HTTP Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Financial Services Analytical Applications Infrastructure
CVE-2026-34308 Apr 21, 2026
Oracle MySQL 8.x/8.4/9.6 JSON Component DoS via Network (CVE-2026-34308) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: JSON). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
MySQL
CVE-2026-34309 Apr 21, 2026
Oracle PeopleSoft PeopleTools Security Data Breach 8.61-8.62 via HTTP Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Security). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
Peoplesoft Enterprise Peopletools
CVE-2026-34307 Apr 21, 2026
Oracle PeopleSoft PWSE PeopleTools Workflow 8.61-8.62 Low-Privilege Web Exploit Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Workflow). Supported versions that are affected are 8.61-8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).
Peoplesoft Enterprise Peopletools
CVE-2026-34306 Apr 21, 2026
PeopleSoft FIN Project Costing 9.2 Auth Bypass (Low AV) Vulnerability in the PeopleSoft Enterprise FIN Project Costing product of Oracle PeopleSoft (component: Projects). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Project Costing. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise FIN Project Costing accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
Peoplesoft Enterprise Fin Project Costing
CVE-2026-34305 Apr 21, 2026
Oracle WebLogic Server <15.1.1.0.0 Unauth HTTP RCE Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Weblogic Server
CVE-2026-34304 Apr 21, 2026
Oracle MySQL 8/8.4/9 InnoDB DoS via Network Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
MySQL
CVE-2026-34303 Apr 21, 2026
MySQL Server Optimizer DoS (8.08.0.45, 8.48.4.8, 9.09.6) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H).
MySQL
CVE-2026-34301 Apr 21, 2026
Oracle PeopleSoft FIN WM Exploit v9.2 - LowPriv HTTP Hijack Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft (component: Work Order Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Maintenance Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise FIN Maintenance Management accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
Peoplesoft Enterprise Fin Maintenance Management
CVE-2026-34302 Apr 21, 2026
Oracle Workflow Loader 12.2.15: HTTP High-Priv Escalation Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Workflow Loader). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Workflow. While the vulnerability is in Oracle Workflow, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Workflow accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Workflow. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L).
Workflow
CVE-2026-34299 Apr 21, 2026
Oracle PeopleSoft FIN Maintenance: Low-Privilege HTTP Unauthorized Access (9.2) Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft (component: Work Order Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Maintenance Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise FIN Maintenance Management accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
Peoplesoft Enterprise Fin Maintenance Management
CVE-2026-34300 Apr 21, 2026
Oracle PeopleSoft 9.2 Contracts HTTP Low-Priv RCE Vulnerability in the PeopleSoft Enterprise FIN Contracts product of Oracle PeopleSoft (component: Contracts). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Contracts. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise FIN Contracts accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
Peoplesoft Enterprise Fin Contracts
CVE-2026-34297 Apr 21, 2026
Oracle HCM Common Architecture 12.2.312.2.15 Unauth HTTP Remote Code Exec Vulnerability in the Oracle HCM Common Architecture product of Oracle E-Business Suite (component: Knowledge Integration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle HCM Common Architecture. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle HCM Common Architecture accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Hcm Common Architecture
CVE-2026-34298 Apr 21, 2026
Oracle App Framework 12.2.9-12.2.15: High-priv HTTP R/W/partial DOS Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions that are affected are 12.2.9-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data as well as unauthorized read access to a subset of Oracle Applications Framework accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Applications Framework. CVSS 3.1 Base Score 4.7 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L).
Applications Framework
CVE-2026-34296 Apr 21, 2026
Oracle Agile PPM Process PQM 6.2.4 HTTP Low-Priv Read Vulnerability Vulnerability in the Oracle Agile Product Lifecycle Management for Process product of Oracle Supply Chain (component: Product Quality Management). The supported version that is affected is 6.2.4. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile Product Lifecycle Management for Process. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Agile Product Lifecycle Management for Process accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
Agile Product Lifecycle Management Process
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.