Lucene search
K

334 matches found

NVD
NVD
added 2024/10/15 8:15 p.m.29 views

CVE-2024-21261

Vulnerability in Oracle Application Express component: General. Supported versions that are affected are 23.2 and 24.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Express. While the vulnerability is in Oracle...

4.9CVSS0.00322EPSS
Exploits0References1
CVE
CVE
added 2024/10/15 7:52 p.m.78 views

CVE-2024-21261

Oracle Application Express (APEX) General component is affected in versions 23.2 and 24.1. The issue stems from insufficient input validation in the General component, allowing a low-privileged, network-accessible attacker (via HTTP) to perform unauthorized updates, inserts, deletes, and read acc...

4.9CVSS4.5AI score0.00322EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/10/15 12:0 a.m.7 views

PT-2024-7157 · Oracle · Oracle Application Express

Name of the Vulnerable Software and Affected Versions: Oracle Application Express versions 23.2 through 24.1 Description: The issue is related to insufficient input validation in the General component of Oracle Application Express. It allows a low-privileged attacker with network access via HTTP ...

4.9CVSS7.3AI score0.00322EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/10/15 12:0 a.m.4 views

Oracle Application Express 安全漏洞

Oracle Application Express is a low-code development platform from Oracle Corporation USA. A security vulnerability exists in Oracle Application Express versions 23.2 and 24.1. An attacker could exploit the vulnerability to update, insert, or delete accessible data...

4.9CVSS7.8AI score0.00322EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/07/24 12:0 a.m.6 views

The vulnerability of the Application Express component in the Oracle Application Express development environment allows a hacker to gain full control over the application.

The vulnerability of the Application Express development environment for Oracle Application Express is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to gain full control over the application using the HTTP protocol...

9CVSS7.7AI score0.00521EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/07/24 12:0 a.m.7 views

The vulnerability of the Application Express component in the Oracle Application Express development environment allows access to data modification, addition, deletion, or partial service disruption.

The vulnerability of the Application Express development environment for Oracle Application Express is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker operating remotely to gain access to modify, add, or delete data, or cause a partial service...

5.6CVSS6.7AI score0.00321EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2023/07/20 12:0 a.m.12 views

Unspecified Vulnerability in Oracle Application Expresses

Oracle Application Express is the United States Oracle Oracle, a low-code development platform. A security vulnerability exists in the Application Express Customers Plugin for Oracle Application Express, which can be exploited by an attacker to cause the Application Express Customers Plugin to be...

9CVSS6.5AI score0.00521EPSS
Exploits0References1
CNVD
CNVD
added 2023/07/20 12:0 a.m.19 views

Unspecified Vulnerability in Oracle Application Expresses (CNVD-2023-78671)

Oracle Application Express is the United States Oracle Oracle, a low-code development platform. A security vulnerability in Application Express Administration in Oracle Application Express can be exploited by an attacker to cause unauthorized update, insertion, or deletion access to certain...

5.6CVSS6.2AI score0.00321EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/07/20 12:0 a.m.9 views

The vulnerability of the Application Express Customers Plugin component in the Oracle Application Express development environment allows a attacker to read data and modify it.

The vulnerability of the Application Express Customers Plugin component in the Oracle Application Express development environment exists due to insufficient validation of input data. Exploiting this vulnerability could allow an attacker, operating remotely, to gain access to modify, add, or delet...

9CVSS7.7AI score0.00521EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/07/18 9:15 p.m.4 views

CVE-2023-21983

Vulnerability in the Application Express Administration product of Oracle Application Express component: None. Supported versions that are affected are Application Express Administration: 18.2-22.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to...

5.6CVSS7.3AI score0.00321EPSS
Exploits0References1
OSV
OSV
added 2023/07/18 9:15 p.m.5 views

CVE-2023-21975

Vulnerability in the Application Express Customers Plugin product of Oracle Application Express component: User Account. Supported versions that are affected are Application Express Customers Plugin: 18.2-22.2. Easily exploitable vulnerability allows low privileged attacker with network access vi...

9CVSS7.3AI score0.00521EPSS
Exploits0References1
NVD
NVD
added 2023/07/18 9:15 p.m.22 views

CVE-2023-21975

Vulnerability in the Application Express Customers Plugin product of Oracle Application Express component: User Account. Supported versions that are affected are Application Express Customers Plugin: 18.2-22.2. Easily exploitable vulnerability allows low privileged attacker with network access vi...

9CVSS0.00521EPSS
Exploits0References1
NVD
NVD
added 2023/07/18 9:15 p.m.13 views

CVE-2023-21983

Vulnerability in the Application Express Administration product of Oracle Application Express component: None. Supported versions that are affected are Application Express Administration: 18.2-22.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to...

5.6CVSS0.00321EPSS
Exploits0References1
Prion
Prion
added 2023/07/18 9:15 p.m.23 views

Code injection

Vulnerability in the Application Express Team Calendar Plugin product of Oracle Application Express component: User Account. Supported versions that are affected are Application Express Team Calendar Plugin: 18.2-22.1. Easily exploitable vulnerability allows low privileged attacker with network...

6CVSS8.5AI score0.00521EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/07/18 9:15 p.m.22 views

Code injection

Vulnerability in the Application Express Customers Plugin product of Oracle Application Express component: User Account. Supported versions that are affected are Application Express Customers Plugin: 18.2-22.2. Easily exploitable vulnerability allows low privileged attacker with network access vi...

6CVSS8.5AI score0.00521EPSS
Exploits0References1Affected Software1
Prion
Prion
added 2023/07/18 9:15 p.m.23 views

Code injection

Vulnerability in the Application Express Administration product of Oracle Application Express component: None. Supported versions that are affected are Application Express Administration: 18.2-22.2. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to...

5.1CVSS5.5AI score0.00321EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/07/18 8:18 p.m.99 views

CVE-2023-21983

Oracle Application Express (APEX) Application Express Administration is affected for versions 18.2–22.2. The vulnerability allows an unauthenticated attacker over HTTP with network access to force unauthorized updates/deletes/inserts to certain Administration data, read access to a subset of data...

5.6CVSS5.2AI score0.00321EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/07/18 8:18 p.m.92 views

CVE-2023-21975

The CVE-2023-21975 affects Oracle Application Express, specifically the Application Express Customers Plugin (component: User Account) with vulnerable versions 18.2–22.2. The root cause is insufficient input validation in the Customers Plugin, enabling a remote attacker to modify, add, or delete ...

9CVSS8.8AI score0.00521EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/07/18 8:18 p.m.86 views

CVE-2023-21974

The CVE-2023-21974 entry maps to Oracle Application Express Team Calendar Plugin (versions 18.2–22.1). The vulnerability stems from insufficient input validation in the plugin’s User Account component, allowing a low-privileged attacker with network access via HTTP to compromise the plugin, with ...

9CVSS8.8AI score0.00521EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2023/07/18 12:0 a.m.5 views

Oracle Application Express 安全漏洞

Oracle Application Express is the United States Oracle Oracle, a low-code development platform. A security vulnerability in Application Express Administration in Oracle Application Express can be exploited by an attacker to cause unauthorized update, insertion, or deletion access to certain...

5.6CVSS6.1AI score0.00321EPSS
Exploits0References2
Rows per page
Query Builder