Lucene search
K

22 matches found

Tenable Nessus
Tenable Nessus
added 2026/01/30 12:0 a.m.6 views

Oracle APEX Sample Applications (Brookstrut) (CVE-2026-21931)

The remote host is affected by a vulnerability in the Oracle APEX Sample Applications product of Oracle APEX component: Brookstrut Sample App as referenced in the January 2026 Oracle Critical Patch Update CPU advisory. - Vulnerability in the Oracle APEX Sample Applications product of Oracle APEX...

5.4CVSS7.2AI score0.0018EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/21 12:31 a.m.5 views

EUVD-2026-3578

Vulnerability in the Oracle APEX Sample Applications product of Oracle APEX component: Brookstrut Sample App. Supported versions that are affected are 23.2.0, 23.2.1, 24.1.0, 24.2.0 and 24.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

5.4CVSS5.5AI score0.0018EPSS
Exploits0References2
NVD
NVD
added 2026/01/20 10:15 p.m.7 views

CVE-2026-21931

Vulnerability in the Oracle APEX Sample Applications product of Oracle APEX component: Brookstrut Sample App. Supported versions that are affected are 23.2.0, 23.2.1, 24.1.0, 24.2.0 and 24.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

5.4CVSS0.0018EPSS
Exploits0References1
OSV
OSV
added 2026/01/20 10:15 p.m.6 views

CVE-2026-21931

Vulnerability in the Oracle APEX Sample Applications product of Oracle APEX component: Brookstrut Sample App. Supported versions that are affected are 23.2.0, 23.2.1, 24.1.0, 24.2.0 and 24.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

5.4CVSS5.8AI score0.0018EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/20 9:56 p.m.3 views

CVE-2026-21931

Vulnerability in the Oracle APEX Sample Applications product of Oracle APEX component: Brookstrut Sample App. Supported versions that are affected are 23.2.0, 23.2.1, 24.1.0, 24.2.0 and 24.2.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

5.4CVSS5.4AI score0.0018EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/01/20 12:0 a.m.8 views

Oracle APEX security vulnerabilities

Oracle APEX is a low-code development platform provided by Oracle, a company based in the United States. There are security vulnerabilities in the Oracle APEX Sample Applications versions 23.2.0, 23.2.1, 24.1.0, 24.2.0, and 24.2.1. These vulnerabilities allow attackers with low privileges to acce...

5.4CVSS7.1AI score0.0018EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2006-7120

Malware in sbrugna...

6CVSS6.4AI score0.01281EPSS
Exploits1References7
Packet Storm
Packet Storm
added 2023/10/03 12:0 a.m.376 views

openVIVA c2 20220101 Cross Site Scripting

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Stored Cross-Site Scripting product: mb Support broker management solution openVIVA c2 vulnerable version: 20220801 CVE number: CVE-2022-39172 impact: Medium homepage:...

7.1AI score0.00628EPSS
Exploits2
OSV
OSV
added 2023/07/18 9:15 p.m.4 views

CVE-2023-21974

Vulnerability in the Application Express Team Calendar Plugin product of Oracle Application Express component: User Account. Supported versions that are affected are Application Express Team Calendar Plugin: 18.2-22.1. Easily exploitable vulnerability allows low privileged attacker with network...

9CVSS7.3AI score0.00521EPSS
Exploits0References1
Hacker One
Hacker One
added 2023/05/18 12:11 a.m.16 views

U.S. Dept Of Defense: Endpoint Redirects to Admin Page and Provides Admin role

The web application running on Oracle Apex Express platform was found to have an endpoint that redirected users to the admin page and provided them with admin privileges, bypassing access control restrictions. The vulnerability was discovered by navigating to a specific page within the applicatio...

6.8AI score
Exploits0
Hacker One
Hacker One
added 2018/09/05 1:49 a.m.50 views

Node.js third-party modules: [apex-publish-static-files] Command Injection on connectString

I would like to report a command injection vulnerability in the apex-publish-static-files npm module. It allows arbitrary shell command execution through a maliciously crafted argument. Module module name: apex-publish-static-files version: 2.0.0 npm page:...

10CVSS0.6AI score0.06991EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2013/02/20 12:0 a.m.37 views

Oracle Application Express (Apex) CVE-2010-0892

An unspecified vulnerability in version 3.2 of the Application Express component of Oracle Database Server allows remote attackers to affect integrity via unknown vectors. --------------------------------------------------------------------------------- c Recx Ltd 2009-2012 http://www.recx.co.uk/...

4.3CVSS5.6AI score0.00941EPSS
Exploits0References4
seebug.org
seebug.org
added 2009/04/17 12:0 a.m.48 views

Oracle APEX 3.2 Unprivileged DB users can see APEX password hashes

No description provided by source. Unprivileged DB users can see APEX password hashes in FLOWS030000.WWVFLOWUSER CVE-2009-0981 Name Unprivileged DB users can see APEX password hashes in FLOWS030000.WWVFLOWUSER CVE-2009-0981 Systems Affected APEX 3.0 optional component of 11.1.0.7 installation...

4CVSS6.5AI score0.05281EPSS
Exploits6
securityvulns
securityvulns
added 2009/04/16 12:0 a.m.77 views

Unprivileged DB users can see APEX password hashes

Name Unprivileged DB users can see APEX password hashes Systems Affected APEX 3.0 optional component of 11.1.0.7 installation Severity High Risk Category Password Disclosure Vendor URL http://www.oracle.com/ Author Alexander Kornbrust ak at red-database-security.com CVE CVE-2009-0981 Advisory 14...

4CVSS0.5AI score0.05281EPSS
Exploits6
exploitpack
exploitpack
added 2009/04/16 12:0 a.m.53 views

Oracle APEX 3.2 - Unprivileged DB users can see APEX Password hashes

Oracle APEX 3.2 - Unprivileged DB users can see APEX Password hashes Unprivileged DB users can see APEX password hashes in FLOWS030000.WWVFLOWUSER CVE-2009-0981 Name Unprivileged DB users can see APEX password hashes in FLOWS030000.WWVFLOWUSER CVE-2009-0981 Systems Affected APEX 3.0 optional...

4CVSS0.4AI score0.05281EPSS
Exploits6
0day.today
0day.today
added 2009/04/16 12:0 a.m.78 views

Oracle APEX 3.2 Unprivileged DB users can see APEX password hashes

Exploit for multiple platform in category local exploits ================================================================== Oracle APEX 3.2 Unprivileged DB users can see APEX password hashes ================================================================== Unprivileged DB users can see APEX...

6.9AI score0.05281EPSS
Exploits6
Exploit DB
Exploit DB
added 2009/04/16 12:0 a.m.67 views

Oracle APEX 3.2 - Unprivileged DB users can see APEX Password hashes

Unprivileged DB users can see APEX password hashes in FLOWS030000.WWVFLOWUSER CVE-2009-0981 Name Unprivileged DB users can see APEX password hashes in FLOWS030000.WWVFLOWUSER CVE-2009-0981 Systems Affected APEX 3.0 optional component of 11.1.0.7 installation Severity High Risk Category Password...

4CVSS6.4AI score0.05281EPSS
Exploits6
NVD
NVD
added 2007/03/07 8:19 p.m.16 views

CVE-2006-7138

SQL injection vulnerability in wwvflowutilities.genpopuplist in the WWVFLOWUTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the PLOV parameter and calculating a matching MD5 checksum for the PLOVCHECKSUM parameter. NOTE: i...

6CVSS7.2AI score0.01281EPSS
Exploits1References6
NVD
NVD
added 2007/03/07 8:19 p.m.16 views

CVE-2006-7158

Cross-site scripting XSS vulnerability in Oracle Application Express APEX before 2.2.1, aka Oracle HTML DB, allows remote attackers to inject arbitrary web script or HTML via the NOTIFICATIONMSG parameter. NOTE: it is likely that this issue overlaps one of the identifiers in CVE-2006-5351...

4.3CVSS5.2AI score0.01108EPSS
Exploits0References5
Cvelist
Cvelist
added 2007/03/07 8:0 p.m.18 views

CVE-2006-7138

SQL injection vulnerability in wwvflowutilities.genpopuplist in the WWVFLOWUTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the PLOV parameter and calculating a matching MD5 checksum for the PLOVCHECKSUM parameter. NOTE: i...

7.2AI score0.01281EPSS
Exploits1References6
Rows per page
Query Builder