CVE-2025-30692

Vulnerability in the Oracle iSupplier Portal product of Oracle E-Business Suite component: Attachments. Supported versions that are affected are 12.2.7-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle iSupplier Portal...

Oracle E-Business Suite (April 2025 CPU)

The versions of Oracle E-Business Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2025 CPU advisory. - Vulnerability in the Oracle Scripting product of Oracle E-Business Suite component: iSurvey Module. Supported versions that are affected ar...

CVE-2025-30735

Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft component: Page and Field Configuration. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise...

CVE-2025-30732

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite component: Core. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object...

CVE-2025-30726

Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite component: Core. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object...

CVE-2025-30728

Vulnerability in the Oracle Configurator product of Oracle E-Business Suite component: Core. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful attacks...

CVE-2025-30727

Vulnerability in the Oracle Scripting product of Oracle E-Business Suite component: iSurvey Module. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Scripting. Successful...

CVE-2025-30717

Vulnerability in the Oracle Teleservice product of Oracle E-Business Suite component: Service Diagnostics Scripts. Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Teleservice...

CVE-2025-30713

Vulnerability in the PeopleSoft Enterprise HCM Talent Acquisition Manager product of Oracle PeopleSoft component: Job Opening. The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft...

CVE-2025-30686

Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications component: EMC. Supported versions that are affected are 19.1-19.7. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Hospitality...

CVE-2025-21586

Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards component: Web Runtime SEC. Supported versions that are affected are 9.2.0.0-9.2.9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOn...

CVE-2025-21573

Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications component: Chatbot. Supported versions that are affected are 5.1.0.0.0, 6.1.0.0.0 and 7.0.0.0.0. Difficult to exploit vulnerability allows high privileged attacker with...

CVE-2025-21573

Vulnerability in the Oracle Financial Services Revenue Management and Billing product of Oracle Financial Services Applications component: Chatbot. Supported versions that are affected are 5.1.0.0.0, 6.1.0.0.0 and 7.0.0.0.0. Difficult to exploit vulnerability allows high privileged attacker with...

Oracle Analytics 安全漏洞

Oracle Analytics is an enterprise analytics solution from Oracle Corporation USA. A security vulnerability exists in Oracle BI Publisher version 7.6.0.0.0 and version 12.2.1.4.0 for Oracle Analytics, which originates from an attack by a low-privileged attacker with HTTP web access, and could resu...

PT-2025-16426 · Oracle · Oracle E-Business Suite

Name of the Vulnerable Software and Affected Versions: Oracle E-Business Suite versions 12.2.7 through 12.2.14 Description: The issue allows a low-privileged attacker with network access via HTTP to compromise the Oracle iSupplier Portal, resulting in unauthorized access to critical data or...

PT-2025-16458 · Oracle · Oracle Bi Publisher

Name of the Vulnerable Software and Affected Versions: Oracle BI Publisher versions 7.6.0.0.0 through 12.2.1.4.0 Description: The issue allows an unauthenticated attacker with network access via HTTP to compromise Oracle BI Publisher, resulting in unauthorized access to critical data or complete...

PT-2025-16471 · Oracle · Jd Edwards Enterpriseone Tools

Name of the Vulnerable Software and Affected Versions: JD Edwards EnterpriseOne Tools versions 9.2.0.0 through 9.2.9.2 Description: The issue allows a low-privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Tools, resulting in unauthorized access to critical da...

CVE-2025-31161

CrushFTP 10 before 10.8.4 and 11 before 11.3.1 allows authentication bypass and takeover of the crushadmin account unless a DMZ proxy instance is used, as exploited in the wild in March and April 2025, aka “Unauthenticated HTTPS port access.” A race condition exists in the AWS4-HMAC compatible wi...

Azure Linux 3.0 Security Update: cmake / curl / mysql / rust (CVE-2024-9681)

The version of cmake / curl / mysql / rust installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-9681 advisory. - When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent...

EulerOS 2.0 SP12 : curl (EulerOS-SA-2025-1170)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than...