Oracle Oracle Software Giant

  1. Vendors
  2. Oracle

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Oracle product.

RSS Feeds for Oracle security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Oracle products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Oracle Sorted by Most Security Vulnerabilities since 2018

Oracle1994 vulnerabilities

Oracle MySQL1290 vulnerabilities
Open Source Database Engine

Oracle Java739 vulnerabilities

Oracle Jdk727 vulnerabilities

Oracle VM VirtualBox346 vulnerabilities

Oracle Solaris328 vulnerabilities

Oracle Weblogic Server287 vulnerabilities
Java EE server

Oracle Peoplesoft Enterprise Peopletools262 vulnerabilities

Oracle GraalVM195 vulnerabilities

Oracle Linux160 vulnerabilities

Oracle Outside In Technology155 vulnerabilities

Oracle Database Server153 vulnerabilities
Oracle Database Server

Oracle Jd Edwards Enterpriseone Tools149 vulnerabilities

Oracle Enterprise Manager Base Platform130 vulnerabilities

Oracle Communications Cloud Native Core Policy125 vulnerabilities

Oracle Retail Xstore Point Of Service118 vulnerabilities

Oracle Zfs Storage Appliance Kit117 vulnerabilities

Oracle Enterprise Manager Ops Center101 vulnerabilities

Oracle Webcenter Portal99 vulnerabilities

Oracle E Business Suite95 vulnerabilities

Oracle Financial Services Analytical Applications Infrastructure91 vulnerabilities

Oracle Http Server84 vulnerabilities

Oracle Business Intelligence76 vulnerabilities

Oracle Communications Cloud Native Core Binding Support Function75 vulnerabilities

Oracle Communications Session Route Manager74 vulnerabilities

Oracle Agile Plm74 vulnerabilities

Oracle Communications Session Report Manager69 vulnerabilities

Oracle Flexcube Universal Banking57 vulnerabilities

Oracle Instantis Enterprisetrack57 vulnerabilities

Oracle Application Testing Suite56 vulnerabilities

Oracle Communications Instant Messaging Server55 vulnerabilities

Oracle Mysql Enterprise Monitor51 vulnerabilities

Oracle Mysql Cluster48 vulnerabilities

Oracle Communications Policy Management47 vulnerabilities

Oracle Retail Service Backbone44 vulnerabilities

Oracle Application Express44 vulnerabilities

Oracle Javafx44 vulnerabilities

Oracle Webcenter Sites44 vulnerabilities

Oracle Primavera P6 Enterprise Project Portfolio Management43 vulnerabilities

Oracle Jd Edwards Enterpriseone Orchestrator42 vulnerabilities

Oracle Marketing42 vulnerabilities

Oracle Blockchain Platform40 vulnerabilities

Oracle Retail Order Broker38 vulnerabilities

Oracle Complex Maintenance Repair Overhaul38 vulnerabilities

Oracle Bi Publisher37 vulnerabilities

Oracle Data Integrator35 vulnerabilities

Oracle Webcenter Content35 vulnerabilities

Oracle Hyperion Infrastructure Technology35 vulnerabilities

Oracle Peoplesoft Enterprise Pt Peopletools35 vulnerabilities

Oracle Istore34 vulnerabilities

Oracle Goldengate Application Adapters34 vulnerabilities

Oracle Flexcube Investor Servicing34 vulnerabilities

Oracle Rest Data Services34 vulnerabilities

Oracle Retail Predictive Application Server33 vulnerabilities

Oracle Business Process Management Suite32 vulnerabilities

Oracle Communications Cloud Native Core Network Exposure Function31 vulnerabilities

Oracle Crm Technical Foundation29 vulnerabilities

Oracle Trade Management28 vulnerabilities

Oracle Hospitality Guest Access27 vulnerabilities

Oracle Hospitality Simphony27 vulnerabilities

Recent Oracle Security Advisories

Advisory Title Published
CSPUJun2026 Critical Security Patch Update Advisory - June 2026 June 16, 2026
alertcve202635273 Oracle Security Alert Advisory - CVE-2026-35273 June 11, 2026
CSPUMay2026 Critical Security Patch Update Advisory - May 2026 May 28, 2026
CPUApr2026 Oracle Critical Patch Update Advisory - April 2026 April 21, 2026
alertcve202621992 Oracle Security Alert for CVE-2026-21992 - 19 March 2026 March 20, 2026
CPUJan2026 Oracle Critical Patch Update Advisory - January 2026 January 20, 2026
CPUOct2025 Oracle Critical Patch Update Advisory - October 2025 October 21, 2025
alertcve202561884 Oracle Security Alert for CVE-2025-61884 - 10 October 2025 October 12, 2025
alertcve202561882 Oracle Security Alert for CVE-2025-61882 - 4 October 2025 October 4, 2025
CPUJul2025 Oracle Critical Patch Update Advisory - July 2025 July 15, 2025

Known Exploited Oracle Vulnerabilities

The following Oracle vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability Oracle PeopleSoft Enterprise PeopleTools contains a missing authentication for critical function vulnerability which could allow an unauthenticated attacker to obtain takeover of PeopleSoft Enterprise PeopleTools.
CVE-2026-35273 		June 12, 2026
Oracle WebLogic Server Unspecified Vulnerability Oracle WebLogic contains an unspecified vulnerability that could allow an unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data.
CVE-2024-21182 Exploit Probability: 48.2% 		June 1, 2026
Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability Oracle Fusion Middleware contains a missing authentication for critical function vulnerability, allowing unauthenticated remote attackers to take over Identity Manager.
CVE-2025-61757 Exploit Probability: 88.1% 		November 21, 2025
Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability Oracle E-Business Suite contains a server-side request forgery (SSRF) vulnerability in the Runtime component of Oracle Configurator. This vulnerability is remotely exploitable without authentication.
CVE-2025-61884 Exploit Probability: 97.6% 		October 20, 2025
Oracle E-Business Suite Unspecified Vulnerability Oracle E-Business Suite contains an unspecified vulnerability in the BI Publisher Integration component. The vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks can result in takeover of Oracle Concurrent Processing.
CVE-2025-61882 Exploit Probability: 99.7% 		October 6, 2025
Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability Oracle Agile Product Lifecycle Management (PLM) contains a deserialization vulnerability that allows a low-privileged attacker with network access via HTTP to compromise the system.
CVE-2024-20953 Exploit Probability: 3.4% 		February 24, 2025
Oracle WebLogic Server Unspecified Vulnerability Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an unspecified vulnerability exploitable by an unauthenticated attacker with network access via IIOP or T3.
CVE-2020-2883 Exploit Probability: 94.9% 		January 7, 2025
Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability Oracle Agile Product Lifecycle Management (PLM) contains an incorrect authorization vulnerability in the Process Extension component of the Software Development Kit. Successful exploitation of this vulnerability may result in unauthenticated file disclosure.
CVE-2024-21287 Exploit Probability: 1.5% 		November 21, 2024
Oracle WebLogic Server Remote Code Execution Vulnerability Oracle WebLogic Server, a product within the Fusion Middleware suite, contains a deserialization vulnerability. Unauthenticated attackers with network access via T3 or IIOP can exploit this vulnerability to achieve remote code execution.
CVE-2020-14644 Exploit Probability: 94.5% 		September 18, 2024
Oracle JDeveloper Remote Code Execution Vulnerability Oracle JDeveloper, a product within the Fusion Middleware suite, contains an deserialization vulnerability the ADF Faces component, leading to unauthenticated remote code execution.
CVE-2022-21445 Exploit Probability: 62.0% 		September 18, 2024
Oracle WebLogic Server OS Command Injection Vulnerability Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an OS command injection vulnerability that allows an attacker to execute arbitrary code via a specially crafted HTTP request that includes a malicious XML document.
CVE-2017-3506 Exploit Probability: 96.0% 		June 3, 2024
Oracle Fusion Middleware Unspecified Vulnerability Oracle Fusion Middleware contains an unspecified vulnerability in the WLS Core Components that allows an unauthenticated attacker with network access via IIOP to compromise the WebLogic Server.
CVE-2020-2551 Exploit Probability: 93.2% 		November 16, 2023
Oracle Java SE and JRockit Unspecified Vulnerability Oracle Java SE and JRockit contains an unspecified vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Management Extensions (JMX). This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web servi
CVE-2016-3427 Exploit Probability: 92.3% 		May 12, 2023
Oracle WebLogic Server Unspecified Vulnerability Oracle WebLogic Server contains an unspecified vulnerability that allows an unauthenticated attacker with network access via T3, IIOP, to compromise Oracle WebLogic Server.
CVE-2023-21839 Exploit Probability: 99.8% 		May 1, 2023
Oracle E-Business Suite Unspecified Vulnerability Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator.
CVE-2022-21587 Exploit Probability: 98.3% 		February 2, 2023
Oracle Fusion Middleware Unspecified Vulnerability Oracle Fusion Middleware Access Manager allows an unauthenticated attacker with network access via HTTP to takeover the Access Manager product.
CVE-2021-35587 Exploit Probability: 96.3% 		November 28, 2022
Oracle WebLogic Server Unspecified Vulnerability Oracle WebLogic Server contains an unspecified vulnerability which can allow an unauthenticated attacker with T3 network access to compromise the server.
CVE-2018-2628 Exploit Probability: 99.4% 		September 8, 2022
Oracle JRE Remote Code Execution Vulnerability A vulnerability in the way Java restricts the permissions of Java applets could allow an attacker to execute commands on a vulnerable system.
CVE-2013-0422 Exploit Probability: 97.6% 		May 25, 2022
Oracle JRE Sandbox Bypass Vulnerability Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle allows remote attackers to bypass the Java security sandbox.
CVE-2013-0431 Exploit Probability: 90.0% 		May 25, 2022
Oracle JRE Unspecified Vulnerability Unspecified vulnerability in hotspot for Java Runtime Environment (JRE) allows remote attackers to affect integrity.
CVE-2013-2423 Exploit Probability: 85.3% 		May 25, 2022

Of the known exploited vulnerabilities above, 16 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. The vulnerability CVE-2024-21182: Oracle WebLogic Server Unspecified Vulnerability is in the top 5% of the currently known exploitable vulnerabilities.

Top 10 Riskiest Oracle Vulnerabilities

Based on the current exploit probability, these Oracle vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.

Rank CVE EPSS Vulnerability
1 CVE-2020-14882 100.0% Oracle WebLogic Server Remote Code Execution Vulnerability
2 CVE-2019-2725 100.0% Oracle WebLogic Server, Injection
3 CVE-2017-10271 99.9% Oracle Corporation WebLogic Server Remote Code Execution Vulnerability
4 CVE-2023-21839 99.8% Oracle WebLogic Server Unspecified Vulnerability
5 CVE-2025-61882 99.7% Oracle E-Business Suite Unspecified Vulnerability
6 CVE-2018-2628 99.4% Oracle WebLogic Server Unspecified Vulnerability
7 CVE-2020-14750 99.3% Oracle WebLogic Server Remote Code Execution Vulnerability
8 CVE-2013-2465 98.7% Oracle Java SE Unspecified Vulnerability
9 CVE-2012-3152 98.7% Oracle Reports Developer Arbitrary File Read and Upload vulnerability
10 CVE-2012-4681 98.5% Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability

By the Year

In 2026 there have been 611 vulnerabilities in Oracle with an average score of 7.4 out of ten. Last year, in 2025 Oracle had 634 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in Oracle in 2026 could surpass last years number. However, the average CVE base score of the vulnerabilities in 2026 is greater by 1.20.




Year Vulnerabilities Average Score
2026 611 7.41
2025 634 6.21
2024 648 6.14
2023 426 5.97
2022 555 6.26
2021 880 6.59
2020 976 6.33
2019 772 6.27
2018 808 6.51

It may take a day or so for new Oracle vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Oracle Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2026-46978 Jun 16, 2026
Oracle Solaris 11.4 RDA Remote Admin Daemon CVE-2026-46978: Unauth HTTPS Exploit Vulnerability in the Oracle Solaris product of Oracle Systems (component: Remote Administration Daemon). The supported version that is affected is 11.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data as well as unauthorized access to critical data or complete access to all Oracle Solaris accessible data. CVSS 3.1 Base Score 10.0 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N).
Solaris
CVE-2026-46977 Jun 16, 2026
Oracle VM VirtualBox 7.2.8 VMSVGA Device Info Disclosure Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: VMSVGA device). The supported version that is affected is 7.2.8. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 3.2 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N).
VM VirtualBox
CVE-2026-46979 Jun 16, 2026
PeopleSoft CS Campus Community: High-Priv Interface CVE-2026-46979 (9.2.38) Vulnerability in the PeopleSoft Enterprise CS Campus Community product of Oracle PeopleSoft (component: Integration and Interfaces). The supported version that is affected is 9.2.38. Easily exploitable vulnerability allows high privileged attacker with network access via HTTPS to compromise PeopleSoft Enterprise CS Campus Community. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all PeopleSoft Enterprise CS Campus Community accessible data as well as unauthorized access to critical data or complete access to all PeopleSoft Enterprise CS Campus Community accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N).
Peoplesoft Enterprise Cs Campus Community
CVE-2026-46976 Jun 16, 2026
Oracle Public Sector Payroll 12.2.x Internal Ops HTTP PrivEsc CVSS 7.2 Vulnerability in the Oracle Public Sector Payroll product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Public Sector Payroll. Successful attacks of this vulnerability can result in takeover of Oracle Public Sector Payroll. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Public Sector Payroll
CVE-2026-46972 Jun 16, 2026
Oracle Outsourced Mfg for Discrete Industries 12.2.312.2.15 Internal Ops RCE Vulnerability in the Oracle Outsourced Mfg for Discrete Industries product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Outsourced Mfg for Discrete Industries. Successful attacks of this vulnerability can result in takeover of Oracle Outsourced Mfg for Discrete Industries. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Outsourced Mfg Discrete Industries
CVE-2026-46973 Jun 16, 2026
Oracle EBS Outsourced Mfg for Discrete Industries 12.2.312.2.15 Remote HTTP Exploit Vulnerability in the Oracle Outsourced Mfg for Discrete Industries product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Outsourced Mfg for Discrete Industries. Successful attacks of this vulnerability can result in takeover of Oracle Outsourced Mfg for Discrete Industries. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Outsourced Mfg Discrete Industries
CVE-2026-46974 Jun 16, 2026
Oracle VM VirtualBox <7.2.8 Core Privilege Escalation via Local Exploit Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.2.8. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H).
VM VirtualBox
CVE-2026-46971 Jun 16, 2026
Oracle HR Int 12.2.3-12.2.15: Low-Priv Net HTTP Exploit Compromise Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle HR Intelligence. Successful attacks of this vulnerability can result in takeover of Oracle HR Intelligence. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).
Hr Intelligence
CVE-2026-46969 Jun 16, 2026
Oracle Financials EMEA HTTP RCE v12.2.3-12.2.15 Vulnerability in the Oracle Financials for EMEA product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Financials for EMEA. Successful attacks of this vulnerability can result in takeover of Oracle Financials for EMEA. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Financials For Emea
CVE-2026-46970 Jun 16, 2026
Oracle HR Intelligence 12.2.3-12.2.15 - High Privilege HTTP Exploit Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle HR Intelligence. Successful attacks of this vulnerability can result in takeover of Oracle HR Intelligence. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Hr Intelligence
CVE-2026-46967 Jun 16, 2026
Oracle EBS Public Sector Financials Auth. Escalation (12.2.312.2.15) Vulnerability in the Oracle Public Sector Financials (International) product of Oracle E-Business Suite (component: Authorization). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Public Sector Financials (International). Successful attacks of this vulnerability can result in takeover of Oracle Public Sector Financials (International). CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Public Sector Financials
CVE-2026-46965 Jun 16, 2026
Oracle Universal Work Queue 12.2.3-12.2.15 HTTP Low-Priv RCE Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Universal Work Queue. Successful attacks of this vulnerability can result in takeover of Oracle Universal Work Queue. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Universal Work Queue
CVE-2026-46966 Jun 16, 2026
Oracle UWQ 12.2.3-12.2.15: Low-Priv Network Exploit Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Universal Work Queue. Successful attacks of this vulnerability can result in takeover of Oracle Universal Work Queue. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).
Universal Work Queue
CVE-2026-46964 Jun 16, 2026
Oracle Universal Work Queue 12.2.3-12.2.15: Unauth HTTP Remote Code Exec Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Universal Work Queue. While the vulnerability is in Oracle Universal Work Queue, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Universal Work Queue. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Universal Work Queue
CVE-2026-46963 Jun 16, 2026
Oracle Universal Work Queue 12.2.x Exploitable Low-Priv Web Admin Leaks Vulnerability in the Oracle Universal Work Queue product of Oracle E-Business Suite (component: Work Provider Site Level Administration). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Universal Work Queue. While the vulnerability is in Oracle Universal Work Queue, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Universal Work Queue. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Universal Work Queue
CVE-2026-46961 Jun 16, 2026
Oracle Project Portfolio Analysis Internal Ops RCE (12.2.3-12.2.15) Vulnerability in the Oracle Project Portfolio Analysis product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Project Portfolio Analysis. Successful attacks of this vulnerability can result in takeover of Oracle Project Portfolio Analysis. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Project Portfolio Analysis
CVE-2026-46962 Jun 16, 2026
Oracle PPA Internal Ops CVE-2026-46962: Low-Priv HTTP RCE (v12.2.3-12.2.15) Vulnerability in the Oracle Project Portfolio Analysis product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Project Portfolio Analysis. Successful attacks of this vulnerability can result in takeover of Oracle Project Portfolio Analysis. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Project Portfolio Analysis
CVE-2026-46958 Jun 16, 2026
Oracle Subledger Accounting 12.2.3-12.2.15 Internal Ops Priv Esc via HTTP Vulnerability in the Oracle Subledger Accounting product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Subledger Accounting. Successful attacks of this vulnerability can result in takeover of Oracle Subledger Accounting. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).
Subledger Accounting
CVE-2026-46959 Jun 16, 2026
Oracle Subledger Accounting 12.2.x Remote HTTP RCE via Internal Operations Vulnerability in the Oracle Subledger Accounting product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Subledger Accounting. Successful attacks of this vulnerability can result in takeover of Oracle Subledger Accounting. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).
Subledger Accounting
CVE-2026-46960 Jun 16, 2026
Oracle Project Portfolio Analysis (12.2.3-12.2.15) RCE via HTTP Vulnerability in the Oracle Project Portfolio Analysis product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Project Portfolio Analysis. Successful attacks of this vulnerability can result in takeover of Oracle Project Portfolio Analysis. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Project Portfolio Analysis
CVE-2026-46955 Jun 16, 2026
Oracle HR 12.2.3-12.2.15 Person Component Unauth HTTP Exploit Vulnerability in the Oracle Human Resources product of Oracle E-Business Suite (component: Person). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Human Resources. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in takeover of Oracle Human Resources. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H).
Human Resources
CVE-2026-46957 Jun 16, 2026
Oracle iSupplier Portal 12.2.3-12.2.15 Low-Pri LPE via HTTP Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iSupplier Portal. Successful attacks of this vulnerability can result in takeover of Oracle iSupplier Portal. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).
Isupplier Portal
CVE-2026-46956 Jun 16, 2026
Oracle EBS Property Manager 12.2.3-12.2.15 Internal Ops High Priv Esc via HTTP Vulnerability in the Oracle Property Manager product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Property Manager. Successful attacks of this vulnerability can result in takeover of Oracle Property Manager. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Property Manager
CVE-2026-46951 Jun 16, 2026
Oracle EBS Quality 12.2.x LPE via HTTP to Compromise Vulnerability in the Oracle Quality product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Quality. Successful attacks of this vulnerability can result in takeover of Oracle Quality. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Quality
CVE-2026-46952 Jun 16, 2026
Oracle EBS Oracle Quality 12.2.3-12.2.15 Low-Privilege HTTP RCE (CVE-2026-46952) Vulnerability in the Oracle Quality product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Quality. Successful attacks of this vulnerability can result in takeover of Oracle Quality. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Quality
CVE-2026-46953 Jun 16, 2026
Oracle HRMS (UK) UK Payroll v12.2.312.2.15 HTTP RCE Vulnerability in the Oracle HRMS (UK) product of Oracle E-Business Suite (component: UK Payroll). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle HRMS (UK). Successful attacks of this vulnerability can result in takeover of Oracle HRMS (UK). CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Hrms
CVE-2026-46949 Jun 16, 2026
Oracle EBS Advanced Outbound Telephony RCE via HTTP (12.2.3-12.2.15) Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Advanced Outbound Telephony accessible data as well as unauthorized access to critical data or complete access to all Oracle Advanced Outbound Telephony accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
Advanced Outbound Telephony
CVE-2026-46946 Jun 16, 2026
Oracle iSupport 12.2.312.2.15 High Privileged HTTP Exploit (Internal Operations) Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle iSupport. While the vulnerability is in Oracle iSupport, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle iSupport. CVSS 3.1 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Isupport
CVE-2026-46947 Jun 16, 2026
Oracle AOT RCE via HTTP (12.2.3-12.2.15) Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks of this vulnerability can result in takeover of Oracle Advanced Outbound Telephony. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Advanced Outbound Telephony
CVE-2026-46950 Jun 16, 2026
High Impact Oracle AO Telephony v12.2.315 RCE via HTTP Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Advanced Outbound Telephony. Successful attacks of this vulnerability can result in takeover of Oracle Advanced Outbound Telephony. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Advanced Outbound Telephony
CVE-2026-46942 Jun 16, 2026
Oracle EBS Process-Mfg P Planning 12.2.3-12.2.15 LPriv Exploitable Vulnerability Vulnerability in the Oracle Process Manufacturing Process Planning product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Process Manufacturing Process Planning. Successful attacks of this vulnerability can result in takeover of Oracle Process Manufacturing Process Planning. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Process Manufacturing Process Planning
CVE-2026-46944 Jun 16, 2026
Oracle iSupport 12.2.3-12.2.15 Internal Ops RCE via HTTP Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle iSupport. While the vulnerability is in Oracle iSupport, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle iSupport. CVSS 3.1 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Isupport
CVE-2026-46945 Jun 16, 2026
Oracle iSupport Internal Ops Remote Priv Escalation (12.2.312.2.15) Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle iSupport. While the vulnerability is in Oracle iSupport, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle iSupport. CVSS 3.1 Base Score 9.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
Isupport
CVE-2026-46938 Jun 16, 2026
Oracle Cost Management 12.2.312.2.15 HTTP RCE High Privilege, Takeover Vulnerability in the Oracle Cost Management product of Oracle E-Business Suite (component: Cost Planning). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Cost Management. Successful attacks of this vulnerability can result in takeover of Oracle Cost Management. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Cost Management
CVE-2026-46939 Jun 16, 2026
Oracle Configure to Order HTTP Exploit: Supply to Order Workbench 12.2.3-12.2.15 Vulnerability in the Oracle Configure to Order product of Oracle E-Business Suite (component: Supply to Order Workbench). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Configure to Order. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Configure to Order accessible data as well as unauthorized access to critical data or complete access to all Oracle Configure to Order accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
Configure To Order
CVE-2026-46940 Jun 16, 2026
Oracle Cost Management 12.2.3-12.2.15 Cost Planning LP RCE (CVE-2026-46940) Vulnerability in the Oracle Cost Management product of Oracle E-Business Suite (component: Cost Planning). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Cost Management. Successful attacks of this vulnerability can result in takeover of Oracle Cost Management. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Cost Management
CVE-2026-46935 Jun 16, 2026
Oracle CMO 12.2.3-12.2.15 HTTP LPR Exploit CVSS7.5 Vulnerability in the Oracle Complex Maintenance, Repair and Overhaul product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair and Overhaul. Successful attacks of this vulnerability can result in takeover of Oracle Complex Maintenance, Repair and Overhaul. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).
Complex Maintenance Repair Overhaul
CVE-2026-46937 Jun 16, 2026
Oracle iSetup 12.2.3-12.2.15 RCE via HTTP in General Ledger Update Transform Vulnerability in the Oracle iSetup product of Oracle E-Business Suite (component: General Ledger Update Transform, Reports). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iSetup. Successful attacks of this vulnerability can result in takeover of Oracle iSetup. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Isetup
CVE-2026-46934 Jun 16, 2026
CVE-2026-46934: HTTP Exploit in Oracle CMRO 12.2.3-12.2.15 (Internal Ops) Vulnerability in the Oracle Complex Maintenance, Repair and Overhaul product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Complex Maintenance, Repair and Overhaul. Successful attacks of this vulnerability can result in takeover of Oracle Complex Maintenance, Repair and Overhaul. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H).
Complex Maintenance Repair Overhaul
CVE-2026-46933 Jun 16, 2026
Oracle Apps Mgmt 12.2.x Internal Ops Remote Exploit Vulnerability in the Oracle Applications Manager product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Manager. While the vulnerability is in Oracle Applications Manager, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Applications Manager. CVSS 3.1 Base Score 9.9 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Applications Manager
CVE-2026-46931 Jun 16, 2026
Oracle EAM 12.2.6-15 Internal Ops: HTTP RCE (8.8 CVSS) Vulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.6-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Asset Management. Successful attacks of this vulnerability can result in takeover of Oracle Enterprise Asset Management. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Enterprise Asset Management
CVE-2026-46932 Jun 16, 2026
Oracle EBS Enterprise Asset Mgmt: Internal Ops HTTP RCE (12.2.3-12.2.15) Vulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Asset Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Asset Management accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Enterprise Asset Management. CVSS 3.1 Base Score 7.1 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L).
Enterprise Asset Management
CVE-2026-46929 Jun 16, 2026
Oracle Cost Management (Cost Planning) (12.2.3-12.2.15) CVE-2026-46929 Vulnerability in the Oracle Cost Management product of Oracle E-Business Suite (component: Cost Planning). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Cost Management. Successful attacks of this vulnerability can result in takeover of Oracle Cost Management. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Cost Management
CVE-2026-46928 Jun 16, 2026
Oracle Spares Management 12.2.3-12.2.15 Internal Ops RCE via HTTPS Vulnerability in the Oracle Spares Management product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows low privileged attacker with network access via HTTPS to compromise Oracle Spares Management. Successful attacks of this vulnerability can result in takeover of Oracle Spares Management. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Spares Management
CVE-2026-46927 Jun 16, 2026
Oracle Receivables 12.2.3-12.2.15 SOAP RCE Vulnerability in the Oracle Receivables product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via SOAP to compromise Oracle Receivables. Successful attacks of this vulnerability can result in takeover of Oracle Receivables. CVSS 3.1 Base Score 8.1 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H).
Receivables
CVE-2026-46930 Jun 16, 2026
Oracle In-Memory Cost Mgmt DIC 12.2.1212.2.15 Unauth HTTPS Exploit Vulnerability in the Oracle In-Memory Cost Management for Discrete Industries product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.12-12.2.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTPS to compromise Oracle In-Memory Cost Management for Discrete Industries. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle In-Memory Cost Management for Discrete Industries accessible data as well as unauthorized access to critical data or complete access to all Oracle In-Memory Cost Management for Discrete Industries accessible data. CVSS 3.1 Base Score 9.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N).
Memory Cost Management Discrete Industries
CVE-2026-46925 Jun 16, 2026
Siebel CRM Cloud Apps v17.0-26.5 Siebel Cloud Manager Physical Layer Attacks Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager). Supported versions that are affected are 17.0-26.5. Difficult to exploit vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Siebel CRM Cloud Applications executes to compromise Siebel CRM Cloud Applications. While the vulnerability is in Siebel CRM Cloud Applications, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Siebel CRM Cloud Applications. CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H).
Siebel Crm Cloud Applications
CVE-2026-46922 Jun 16, 2026
Oracle HR Intelligence, Internal Ops before 12.2.15 HTTP Priv Escalation Vulnerability in the Oracle HR Intelligence product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle HR Intelligence. Successful attacks of this vulnerability can result in takeover of Oracle HR Intelligence. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Hr Intelligence
CVE-2026-46926 Jun 16, 2026
Oracle Siebel CRM 17.0-26.5 CVE-2026-46926: Cloud Manager LPE Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Siebel CRM Cloud Applications executes to compromise Siebel CRM Cloud Applications. While the vulnerability is in Siebel CRM Cloud Applications, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Siebel CRM Cloud Applications. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H).
Siebel Crm Cloud Applications
CVE-2026-46921 Jun 16, 2026
Oracle Siebel CRM 17.0-26.5 Cloud Manager Remote RCE Vulnerability (CVE-2026-46921) Vulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager). Supported versions that are affected are 17.0-26.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Siebel CRM Cloud Applications. Successful attacks of this vulnerability can result in takeover of Siebel CRM Cloud Applications. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).
Siebel Crm Cloud Applications
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.