Oracle Oracle Software Giant

  1. Vendors
  2. Oracle

Don't miss out!

Thousands of developers use stack.watch to stay informed.
Get an email whenever new security vulnerabilities are reported in any Oracle product.

RSS Feeds for Oracle security vulnerabilities

Create a CVE RSS feed including security vulnerabilities found in Oracle products with stack.watch. Just hit watch, then grab your custom RSS feed url.

Products by Oracle Sorted by Most Security Vulnerabilities since 2018

Oracle1462 vulnerabilities

Oracle MySQL1253 vulnerabilities
Open Source Database Engine

Oracle Jdk727 vulnerabilities

Oracle Java724 vulnerabilities

Oracle Solaris321 vulnerabilities

Oracle VM VirtualBox313 vulnerabilities

Oracle Weblogic Server271 vulnerabilities
Java EE server

Oracle Peoplesoft Enterprise Peopletools254 vulnerabilities

Oracle GraalVM183 vulnerabilities

Oracle Linux157 vulnerabilities

Oracle Outside In Technology155 vulnerabilities

Oracle Database Server153 vulnerabilities
Oracle Database Server

Oracle Jd Edwards Enterpriseone Tools134 vulnerabilities

Oracle Communications Cloud Native Core Policy125 vulnerabilities

Oracle Retail Xstore Point Of Service118 vulnerabilities

Oracle Zfs Storage Appliance Kit116 vulnerabilities

Oracle Enterprise Manager Base Platform115 vulnerabilities

Oracle Enterprise Manager Ops Center101 vulnerabilities

Oracle E Business Suite95 vulnerabilities

Oracle Webcenter Portal89 vulnerabilities

Oracle Financial Services Analytical Applications Infrastructure84 vulnerabilities

Oracle Http Server83 vulnerabilities

Oracle Business Intelligence75 vulnerabilities

Oracle Communications Cloud Native Core Binding Support Function75 vulnerabilities

Oracle Communications Session Route Manager74 vulnerabilities

Oracle Agile Plm72 vulnerabilities

Oracle Communications Session Report Manager69 vulnerabilities

Oracle Instantis Enterprisetrack57 vulnerabilities

Oracle Application Testing Suite56 vulnerabilities

Oracle Communications Instant Messaging Server55 vulnerabilities

Oracle Mysql Enterprise Monitor51 vulnerabilities

Oracle Communications Policy Management47 vulnerabilities

Oracle Mysql Cluster46 vulnerabilities

Oracle Javafx44 vulnerabilities

Oracle Application Express43 vulnerabilities

Oracle Primavera P6 Enterprise Project Portfolio Management43 vulnerabilities

Oracle Jd Edwards Enterpriseone Orchestrator42 vulnerabilities

Oracle Marketing41 vulnerabilities

Oracle Blockchain Platform40 vulnerabilities

Oracle Retail Order Broker38 vulnerabilities

Oracle Bi Publisher37 vulnerabilities

Oracle Complex Maintenance Repair Overhaul35 vulnerabilities

Oracle Goldengate Application Adapters34 vulnerabilities

Oracle Retail Predictive Application Server33 vulnerabilities

Oracle Istore33 vulnerabilities

Oracle Webcenter Sites33 vulnerabilities

Oracle Communications Cloud Native Core Network Exposure Function31 vulnerabilities

Oracle Trade Management28 vulnerabilities

Oracle Hospitality Simphony27 vulnerabilities

Oracle Hospitality Guest Access27 vulnerabilities

Oracle Commerce Platform26 vulnerabilities

Recent Oracle Security Advisories

Advisory Title Published
CPUOct2025 Oracle Critical Patch Update Advisory - October 2025 October 21, 2025
alertcve202561884 Oracle Security Alert for CVE-2025-61884 - 10 October 2025 October 12, 2025
alertcve202561882 Oracle Security Alert for CVE-2025-61882 - 4 October 2025 October 4, 2025
CPUJul2025 Oracle Critical Patch Update Advisory - July 2025 July 15, 2025
CPUApr2025 Oracle Critical Patch Update Advisory - April 2025 April 15, 2025
CPUJan2025 Oracle Critical Patch Update Advisory - January 2025 January 21, 2025
alertcve202421287 Oracle Security Alert for CVE-2024-21287 - 18 November 2024 November 18, 2024
CPUJul2024 Oracle Critical Patch Update Advisory - July 2024 July 16, 2024
CPUApr2024 Oracle Critical Patch Update Advisory - April 2024 April 16, 2024
CPUJan2024 Oracle Critical Patch Update Advisory - January 2024 January 16, 2024

Known Exploited Oracle Vulnerabilities

The following Oracle vulnerabilities have recently been marked by CISA as Known to be Exploited by threat actors.

Title Description Added
Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability Oracle Fusion Middleware contains a missing authentication for critical function vulnerability, allowing unauthenticated remote attackers to take over Identity Manager.
CVE-2025-61757 Exploit Probability: 82.2% 		November 21, 2025
Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability Oracle E-Business Suite contains a server-side request forgery (SSRF) vulnerability in the Runtime component of Oracle Configurator. This vulnerability is remotely exploitable without authentication.
CVE-2025-61884 Exploit Probability: 41.8% 		October 20, 2025
Oracle E-Business Suite Unspecified Vulnerability Oracle E-Business Suite contains an unspecified vulnerability in the BI Publisher Integration component. The vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Concurrent Processing. Successful attacks can result in takeover of Oracle Concurrent Processing.
CVE-2025-61882 Exploit Probability: 78.5% 		October 6, 2025
Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability Oracle Agile Product Lifecycle Management (PLM) contains a deserialization vulnerability that allows a low-privileged attacker with network access via HTTP to compromise the system.
CVE-2024-20953 Exploit Probability: 69.0% 		February 24, 2025
Oracle WebLogic Server Unspecified Vulnerability Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an unspecified vulnerability exploitable by an unauthenticated attacker with network access via IIOP or T3.
CVE-2020-2883 Exploit Probability: 94.4% 		January 7, 2025
Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability Oracle Agile Product Lifecycle Management (PLM) contains an incorrect authorization vulnerability in the Process Extension component of the Software Development Kit. Successful exploitation of this vulnerability may result in unauthenticated file disclosure.
CVE-2024-21287 Exploit Probability: 69.8% 		November 21, 2024
Oracle JDeveloper Remote Code Execution Vulnerability Oracle JDeveloper, a product within the Fusion Middleware suite, contains an deserialization vulnerability the ADF Faces component, leading to unauthenticated remote code execution.
CVE-2022-21445 Exploit Probability: 92.2% 		September 18, 2024
Oracle WebLogic Server Remote Code Execution Vulnerability Oracle WebLogic Server, a product within the Fusion Middleware suite, contains a deserialization vulnerability. Unauthenticated attackers with network access via T3 or IIOP can exploit this vulnerability to achieve remote code execution.
CVE-2020-14644 Exploit Probability: 93.6% 		September 18, 2024
Oracle WebLogic Server OS Command Injection Vulnerability Oracle WebLogic Server, a product within the Fusion Middleware suite, contains an OS command injection vulnerability that allows an attacker to execute arbitrary code via a specially crafted HTTP request that includes a malicious XML document.
CVE-2017-3506 Exploit Probability: 94.4% 		June 3, 2024
Oracle Fusion Middleware Unspecified Vulnerability Oracle Fusion Middleware contains an unspecified vulnerability in the WLS Core Components that allows an unauthenticated attacker with network access via IIOP to compromise the WebLogic Server.
CVE-2020-2551 Exploit Probability: 94.4% 		November 16, 2023
Oracle Java SE and JRockit Unspecified Vulnerability Oracle Java SE and JRockit contains an unspecified vulnerability that allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Java Management Extensions (JMX). This vulnerability can be exploited through sandboxed Java Web Start applications and sandboxed Java applets. It can also be exploited by supplying data to APIs in the specified component without using sandboxed Java Web Start applications or sandboxed Java applets, such as through a web servi
CVE-2016-3427 Exploit Probability: 93.6% 		May 12, 2023
Oracle WebLogic Server Unspecified Vulnerability Oracle WebLogic Server contains an unspecified vulnerability that allows an unauthenticated attacker with network access via T3, IIOP, to compromise Oracle WebLogic Server.
CVE-2023-21839 Exploit Probability: 94.2% 		May 1, 2023
Oracle E-Business Suite Unspecified Vulnerability Oracle E-Business Suite contains an unspecified vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator.
CVE-2022-21587 Exploit Probability: 94.4% 		February 2, 2023
Oracle Fusion Middleware Unspecified Vulnerability Oracle Fusion Middleware Access Manager allows an unauthenticated attacker with network access via HTTP to takeover the Access Manager product.
CVE-2021-35587 Exploit Probability: 94.2% 		November 28, 2022
Oracle WebLogic Server Unspecified Vulnerability Oracle WebLogic Server contains an unspecified vulnerability which can allow an unauthenticated attacker with T3 network access to compromise the server.
CVE-2018-2628 Exploit Probability: 94.4% 		September 8, 2022
Oracle JRE Remote Code Execution Vulnerability A vulnerability in the way Java restricts the permissions of Java applets could allow an attacker to execute commands on a vulnerable system.
CVE-2013-0422 Exploit Probability: 93.8% 		May 25, 2022
Oracle JRE Unspecified Vulnerability Unspecified vulnerability in hotspot for Java Runtime Environment (JRE) allows remote attackers to affect integrity.
CVE-2013-2423 Exploit Probability: 93.2% 		May 25, 2022
Oracle JRE Sandbox Bypass Vulnerability Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle allows remote attackers to bypass the Java security sandbox.
CVE-2013-0431 Exploit Probability: 91.6% 		May 25, 2022
Oracle Solaris Privilege Escalation Vulnerability Oracle Solaris component: XScreenSaver contains an unspecified vulnerability which allows for privilege escalation.
CVE-2019-3010 Exploit Probability: 47.6% 		May 25, 2022
Oracle Fusion Middleware Unspecified Vulnerability Unspecified vulnerability in the Oracle WebCenter Forms Recognition component in Oracle Fusion Middleware allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Designer.
CVE-2012-1710 Exploit Probability: 70.4% 		May 25, 2022

Of the known exploited vulnerabilities above, 14 are in the top 1%, or the 99th percentile of the EPSS exploit probability rankings. 6 known exploited Oracle vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.

Top 10 Riskiest Oracle Vulnerabilities

Based on the current exploit probability, these Oracle vulnerabilities are on CISA's Known Exploited vulnerabilities list (KEV) and are ranked by the current EPSS exploit probability.

Rank CVE EPSS Vulnerability
1 CVE-2019-2725 94.5% Oracle WebLogic Server, Injection
2 CVE-2020-14882 94.5% Oracle WebLogic Server Remote Code Execution Vulnerability
3 CVE-2020-14883 94.4% Oracle WebLogic Server Remote Code Execution Vulnerability
4 CVE-2020-14750 94.4% Oracle WebLogic Server Remote Code Execution Vulnerability
5 CVE-2018-2628 94.4% Oracle WebLogic Server Unspecified Vulnerability
6 CVE-2020-2551 94.4% Oracle Fusion Middleware Unspecified Vulnerability
7 CVE-2017-10271 94.4% Oracle Corporation WebLogic Server Remote Code Execution Vulnerability
8 CVE-2022-21587 94.4% Oracle E-Business Suite Unspecified Vulnerability
9 CVE-2017-3506 94.4% Oracle WebLogic Server OS Command Injection Vulnerability
10 CVE-2020-2883 94.4% Oracle WebLogic Server Unspecified Vulnerability

By the Year

In 2026 there have been 0 vulnerabilities in Oracle. Last year, in 2025 Oracle had 508 security vulnerabilities published. Right now, Oracle is on track to have less security vulnerabilities in 2026 than it did last year.




Year Vulnerabilities Average Score
2026 0 0.00
2025 508 6.12
2024 642 6.14
2023 417 5.96
2022 550 6.25
2021 877 6.59
2020 976 6.42
2019 772 6.41
2018 808 6.57

It may take a day or so for new Oracle vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Oracle Security Vulnerabilities

CVE Date Vulnerability Products
CVE-2025-61756 Oct 21, 2025
OSFA Infrastructure 8.x System Configuration DoS via HTTP (Unauth) Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: System Configuration). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Financial Services Analytical Applications Infrastructure. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
Financial Services Analytical Applications Infrastructure
CVE-2025-62591 Oct 21, 2025
CVE202562591 Oracle VM VirtualBox Core Priv Escal 7.1.127.2.2 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).
VM VirtualBox
CVE-2025-62641 Oct 21, 2025
Oracle VM VirtualBox 7.x Core Local Privilege Escalation (CVE-2025-62641) Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
VM VirtualBox
CVE-2025-62592 Oct 21, 2025
Oracle VBox Core 7.1.12/7.2.2 LPE (CVE-2025-62592) Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.0 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N).
VM VirtualBox
CVE-2025-62588 Oct 21, 2025
Oracle VM VirtualBox Core CVE (7.1.12,7.2.2) Priv Esc Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
VM VirtualBox
CVE-2025-62589 Oct 21, 2025
Oracle VM VirtualBox Core Component Vulnerability 7.1.127.2.2 Allows Privileged Takeover Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
VM VirtualBox
CVE-2025-62590 Oct 21, 2025
Oracle VM VirtualBox 7.1.12/7.2.2 Core Elevation of Privilege Vulnerability Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
VM VirtualBox
CVE-2025-62480 Oct 21, 2025
Oracle ZFS Storage Appliance Kit 8.8 Naming Subsystem Partial DOS Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Naming Subsystem). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).
Zfs Storage Appliance Kit
CVE-2025-62481 Oct 21, 2025
Oracle Marketing 12.2.3-12.2.14 Unauth Remote OTW via HTTP Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in takeover of Oracle Marketing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Marketing
CVE-2025-62587 Oct 21, 2025
Oracle VM VirtualBox Core Privilege Escalation in 7.1.12/7.2.2 Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 8.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H).
VM VirtualBox
CVE-2025-62477 Oct 21, 2025
Oracle ZFS Storage Appliance Kit 8.8 RRep Remote DoS CVE-2025-62477 Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Remote Replication). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Zfs Storage Appliance Kit
CVE-2025-62478 Oct 21, 2025
Oracle ZFS Storage Appliance Kit 8.8 Object Store DoS via HTTP Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Object Store). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Zfs Storage Appliance Kit
CVE-2025-62479 Oct 21, 2025
Oracle ZFS SAKit 8.8 Block Storage HTTP Priv Esc Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Block Storage). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 2.7 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L).
Zfs Storage Appliance Kit
CVE-2025-62475 Oct 21, 2025
Oracle ZFS SA Kit Core HTTP DoS Vulnerability (8.8) Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Core). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Zfs Storage Appliance Kit
CVE-2025-62476 Oct 21, 2025
Oracle ZFS Storage Appliance Kit 8.8 Remote Replication DOS via HTTP Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Remote Replication). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Zfs Storage Appliance Kit
CVE-2025-62288 Oct 21, 2025
Oracle Health Sciences DMW Logger Remote Privilege Escalation (3.4.0.1.33.4.1.0.10) Vulnerability in the Oracle Health Sciences Data Management Workbench product of Oracle Health Sciences Applications (component: Logger). Supported versions that are affected are 3.4.0.1.3 and 3.4.1.0.10. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Health Sciences Data Management Workbench. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Health Sciences Data Management Workbench accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).
Health Sciences Data Management Workbench
CVE-2025-62289 Oct 21, 2025
Oracle ZFS Storage AppKit 8.8 Filesystems HTTP DOS (High Avail) Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Filesystems). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
Zfs Storage Appliance Kit
CVE-2025-62290 Oct 21, 2025
Oracle ZFS Storage Appliance Kit 8.8 Block Storage HTTP RCE (CVSS 7.2) Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems (component: Block Storage). The supported version that is affected is 8.8. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle ZFS Storage Appliance Kit. Successful attacks of this vulnerability can result in takeover of Oracle ZFS Storage Appliance Kit. CVSS 3.1 Base Score 7.2 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H).
Zfs Storage Appliance Kit
CVE-2025-61885 Oct 21, 2025
Oracle InForm 7.0.1.0 Web Server CVE: Low-Priv Read Access Vulnerability in the Oracle Life Sciences InForm product of Oracle Health Sciences Applications (component: Web Server). The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Life Sciences InForm. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Life Sciences InForm accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
Life Sciences Inform
CVE-2025-62287 Oct 21, 2025
Oracle InForm 7.0.1.0 Web Server: Unauthenticated HTTP Exploit (CVSS 6.1) Vulnerability in the Oracle Life Sciences InForm product of Oracle Health Sciences Applications (component: Web Server). The supported version that is affected is 7.0.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Life Sciences InForm. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Life Sciences InForm, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Life Sciences InForm accessible data as well as unauthorized read access to a subset of Oracle Life Sciences InForm accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
Life Sciences Inform
CVE-2025-61763 Oct 21, 2025
Oracle Essbase v21.7.3.0.0 Web Platform: HTTP Low-Priv RCE, CVE-2025-61763 Vulnerability in Oracle Essbase (component: Essbase Web Platform). The supported version that is affected is 21.7.3.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Essbase. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Essbase accessible data as well as unauthorized access to critical data or complete access to all Oracle Essbase accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
Essbase
CVE-2025-61764 Oct 21, 2025
Oracle WebLogic Core 12.2.1.4.0/14.1.1.0.0/14.1.2.0.0 HTTP Data Leak Unauth Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N).
Weblogic Server
CVE-2025-61881 Oct 21, 2025
Unauth Java VM Exploit in Oracle DB Server 19c-23c Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.28, 21.3-21.19 and 23.4-23.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N).
Database Java Vm
Database Server
CVE-2025-61761 Oct 21, 2025
Oracle PeopleSoft FIN Maint. Work Order Mgt: L Privilege HTTP Mod (9.2) Vulnerability in the PeopleSoft Enterprise FIN Maintenance Management product of Oracle PeopleSoft (component: Work Order Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Maintenance Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN Maintenance Management accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise FIN Maintenance Management accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).
Peoplesoft Enterprise Fin Maintenance Management
CVE-2025-61762 Oct 21, 2025
Oracle PeopleSoft Payables 9.2 Unauth Access via HTTP (CVE-2025-61762) Vulnerability in the PeopleSoft Enterprise FIN Payables product of Oracle PeopleSoft (component: Payables). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN Payables. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise FIN Payables accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise FIN Payables accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of PeopleSoft Enterprise FIN Payables. CVSS 3.1 Base Score 6.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).
Peoplesoft Enterprise Fin Payables
CVE-2025-61758 Oct 21, 2025
PeopleSoft EXPLOIT: Low-Priv Net Attacks via HTTP in 9.2 IT Asset Management Vulnerability in the PeopleSoft Enterprise FIN IT Asset Management product of Oracle PeopleSoft (component: IT Asset Management). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise FIN IT Asset Management. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise FIN IT Asset Management accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
Peoplesoft Enterprise Fin It Asset Management
CVE-2025-61759 Oct 21, 2025
Oracle VM VirtualBox Core 7.1.x/7.2.x Vulnerability (Before 7.1.13/7.2.3) Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. While the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle VM VirtualBox accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N).
VM VirtualBox
CVE-2025-61760 Oct 21, 2025
Oracle VM VirtualBox Core RCE (v7.1.12-7.2.2) Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are 7.1.12 and 7.2.2. Difficult to exploit vulnerability allows low privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromise Oracle VM VirtualBox. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle VM VirtualBox, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle VM VirtualBox. CVSS 3.1 Base Score 7.5 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H).
VM VirtualBox
CVE-2025-61755 Oct 21, 2025
Oracle GraalVM JDK 17.0.16/21.0.8 Compiler: Unauth Read via Network Vulnerability in the Oracle GraalVM for JDK product of Oracle Java SE (component: Compiler). Supported versions that are affected are Oracle GraalVM for JDK: 17.0.16 and 21.0.8. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle GraalVM for JDK. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle GraalVM for JDK accessible data. CVSS 3.1 Base Score 3.7 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N).
GraalVM
CVE-2025-61757 Oct 21, 2025
Oracle Fusion IAM REST WebSvc RCE 12.2.1.4.0/14.1.2.1.0 Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager. Successful attacks of this vulnerability can result in takeover of Identity Manager. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Identity Manager
CVE-2025-61752 Oct 21, 2025
Oracle WLS Core (v14.1.1-14.1.2) Unauth HTTP/2 DoS Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
Weblogic Server
CVE-2025-61753 Oct 21, 2025
Oracle Scripting 12.2.312.2.14 Unauth HTTP Access (CVE202561753) Vulnerability in the Oracle Scripting product of Oracle E-Business Suite (component: Miscellaneous). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Scripting, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Scripting accessible data as well as unauthorized read access to a subset of Oracle Scripting accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
Scripting
E Business Suite
CVE-2025-61754 Oct 21, 2025
Oracle BI Publisher Web API Low-Priv Access (7.6.0.0.0, 8.2.0.0.0) Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Service API). Supported versions that are affected are 7.6.0.0.0 and 8.2.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle BI Publisher. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle BI Publisher accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
Bi Publisher
CVE-2025-61750 Oct 21, 2025
PeopleTools Query CVE-2025-61750: Low-Priv Network Exploit before 8.63 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Query). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 4.3 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).
Peoplesoft Enterprise Peopletools
CVE-2025-61751 Oct 21, 2025
Oracle FSAI Infra 8.x: LowPriv HTTP Exploit Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (component: Platform). Supported versions that are affected are 8.0.7.9, 8.0.8.7 and 8.1.2.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Financial Services Analytical Applications Infrastructure. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Financial Services Analytical Applications Infrastructure accessible data as well as unauthorized access to critical data or complete access to all Oracle Financial Services Analytical Applications Infrastructure accessible data. CVSS 3.1 Base Score 8.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N).
Financial Services Analytical Applications Infrastructure
CVE-2025-53072 Oct 21, 2025
Oracle EBS Marketing Admin: 12.2.3-12.2.14 Unauth RCE via HTTP Vulnerability in the Oracle Marketing product of Oracle E-Business Suite (component: Marketing Administration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Marketing. Successful attacks of this vulnerability can result in takeover of Oracle Marketing. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Marketing
E Business Suite
CVE-2025-61748 Oct 21, 2025
Oracle Java SE 21.0.8 / GraalVM 21.0.8 Vulnerable Libraries: Unauth API Exploit Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Libraries). Supported versions that are affected are Oracle Java SE: 21.0.8 and 25; Oracle GraalVM for JDK: 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 3.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N).
Java
GraalVM
CVE-2025-61749 Oct 21, 2025
Oracle Database Server 23.x: Unified Audit Priv Escal via Oracle Net Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 23.4-23.9. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Unified Audit accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N).
Database Unified Audit
Database Server
CVE-2025-53069 Oct 21, 2025
Oracle MySQL Server 8.x-9.x DoS via Components Services (CVE-2025-53069) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
MySQL
CVE-2025-53070 Oct 21, 2025
Oracle Solaris 11 FS Crash (DOS) via Vulnerable Component Vulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystem). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 5.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:N/I:N/A:H).
Solaris
CVE-2025-53071 Oct 21, 2025
Oracle Apps Framework Upload CVE-2025-53071 12.2.3-12.2.14 Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Upload Attachments). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
Applications Framework
CVE-2025-53068 Oct 21, 2025
Oracle Solaris 11 Kernel DoS Vulnerability (CVE-2025-53068) Vulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11. Easily exploitable vulnerability allows low privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. While the vulnerability is in Oracle Solaris, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle Solaris. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H).
Solaris
CVE-2025-53067 Oct 21, 2025
MySQL Server Optimizer DoS (9.0.09.4.0) Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
MySQL
CVE-2025-53066 Oct 21, 2025
Oracle JAXP RCE in Java SE and GraalVM Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: JAXP). Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition accessible data. Note: This vulnerability can be exploited by using APIs in the specified Component, e.g., through a web service which supplies data to the APIs. This vulnerability also applies to Java deployments, typically in clients running sandboxed Java Web Start applications or sandboxed Java applets, that load and run untrusted code (e.g., code that comes from the internet) and rely on the Java sandbox for security. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Java
GraalVM
CVE-2025-53065 Oct 21, 2025
Unauthenticated Data Modification in Oracle PeopleSoft PeopleTools 8.60-8.62 PIA Core Tech Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).
Peoplesoft Enterprise Peopletools
CVE-2025-53062 Oct 21, 2025
Oracle MySQL InnoDB DoS (8.4.6) Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).
MySQL
CVE-2025-53063 Oct 21, 2025
PeopleSoft 8.60-8.62 PeopleTools PIA Core: HTTP Unauthorized R/W Low-Priv Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).
Peoplesoft Enterprise Peopletools
CVE-2025-53064 Oct 21, 2025
Oracle Applications Framework Personalization RCE 12.2.3-12.2.14 Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Applications Framework. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 4.3 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N).
Applications Framework
CVE-2025-53061 Oct 21, 2025
High-privilege HTTP Remote Auth Bypass in PeopleSoft PIA-Core 8.60-8.62 Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. While the vulnerability is in PeopleSoft Enterprise PeopleTools, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise PeopleTools accessible data as well as unauthorized read access to a subset of PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 5.5 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N).
Peoplesoft Enterprise Peopletools
CVE-2025-53059 Oct 21, 2025
Oracle PeopleSoft PeoTools 8.6062 OSD Privileged Access Flaw Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: OpenSearch Dashboards). Supported versions that are affected are 8.60, 8.61 and 8.62. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all PeopleSoft Enterprise PeopleTools accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).
Peoplesoft Enterprise Peopletools
Built by Foundeo Inc., with data from the National Vulnerability Database (NVD). Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.