4430 matches found
CVE-2021-2258
Vulnerability in the Oracle Projects product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Projects...
CVE-2021-2096
Vulnerability in the Oracle iStore product of Oracle E-Business Suite component: Shopping Cart. Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle iStore...
Security Bulletin: JSSE Vulnerability in Oracle Java SE and GraalVM Products, affects watsonx.data
Summary Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: JSSE. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 a...
mysql: mariadb: mysqldump unspecified vulnerability (CPU Apr 2025)
Vulnerability in the MySQL Client product of Oracle MySQL component: Client: mysqldump. Supported versions that are affected are 8.0.0-8.0.41, 8.4.0-8.4.4 and 9.0.0-9.2.0. Difficult to exploit vulnerability allows low privileged attacker with network access via multiple protocols to compromise...
PT-2026-34072
Name of the Vulnerable Software and Affected Versions Oracle Java SE versions 8u481 and 8u481-b50 Oracle GraalVM Enterprise Edition version 21.3.17 Description An issue in the Hotspot component allows a low privileged attacker with logon access to the infrastructure to compromise the system...
PT-2026-34165
Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.2.6 Description An issue in the Core component allows a high privileged attacker with logon access to the infrastructure where the software executes to compromise the system. Successful exploitation can lead to...
CVE-2025-62519 phpMyFAQ has Authenticated SQL Injection in Configuration Update Functionality
phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ allows a privileged user with 'Configuration Edit' permissions to execute arbitrary SQL commands. Successful exploitatio...
CVE-2025-62519 phpMyFAQ has Authenticated SQL Injection in Configuration Update Functionality
phpMyFAQ is an open source FAQ web application. Prior to version 4.0.14, an authenticated SQL injection vulnerability in the main configuration update functionality of phpMyFAQ allows a privileged user with 'Configuration Edit' permissions to execute arbitrary SQL commands. Successful exploitatio...
openjdk: Enhance String handling (Oracle CPU 2025-10)
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Libraries. Supported versions that are affected are Oracle Java SE: 21.0.8 and 25; Oracle GraalVM for JDK: 21.0.8; Oracle GraalVM Enterprise Edition: 21.3.15...
openjdk: Enhance certificate handling (Oracle CPU 2025-10)
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracl...
CVE-2025-56385
A SQL injection vulnerability exists in the login functionality of WellSky Harmony version 4.1.0.2.83 within the 'xmHarmony.asp' endpoint. User-supplied input to the 'TXTUSERID' parameter is not properly sanitized before being incorporated into a SQL query. Successful authentication may lead to...
Amazon Linux 2023 : java-1.8.0-amazon-corretto, java-1.8.0-amazon-corretto-devel (ALAS2023-2025-1244)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1244 advisory. Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Ja...
Medium: java-21-amazon-corretto
Issue Overview: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 a...
Oracle Essbase Multiple Vulnerabilities (October 2025 CPU)
The version of Oracle Essbase installed on the remote host is missing a security patch from the October 2025 Critical Patch Update CPU. It is, therefore, affected by: - Vulnerability in Oracle Essbase component: Security and Provisioning Bouncy Castle Java Library. The supported version that is...
Vulnerabilities fixed in Oracle JD Edwards EnterpriseOne Tools
Oracle has fixed vulnerabilities in JD Edwards EnterpriseOne Tools Specifically for versions 9.2.0.0 to 9.2.9.4. The vulnerabilities in JD Edwards EnterpriseOne Tools allow unauthenticated attackers to compromise the system via HTTP, which can lead to unauthorized access and modification of...
Vulnerabilities fixed in Oracle Java
Oracle has fixed vulnerabilities in Oracle Java SE and Oracle GraalVM Specifically for versions 21.0.8 and 25 of Oracle Java SE, and version 21.3.15 of Oracle GraalVM Enterprise Edition. The vulnerabilities allow unauthenticated attackers with network access to compromise systems, which can lead ...
openjdk: Enhance certificate handling (Oracle CPU 2025-10)
Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u461, 8u461-perf, 11.0.28, 17.0.16, 21.0.8, 25; Oracle GraalVM for JDK: 17.0.16 and 21.0.8; Oracl...
Duplicate
This advisory duplicates another...
CVE-2025-62592
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...
CVE-2025-53043
Vulnerability in the Oracle Product Hub product of Oracle E-Business Suite component: Item Catalog. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Product Hub. Successful...