cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2023-21974,https://securityvulnerability.io/vulnerability/CVE-2023-21974,User Account Vulnerability in Oracle Application Express Team Calendar Plugin,"A vulnerability exists in the Application Express Team Calendar Plugin from Oracle that allows a low-privileged attacker with network access via HTTP to compromise user accounts. Exploitation of this weakness necessitates human interaction from a user who is not the attacker. Though primarily affecting the Team Calendar Plugin, successful attacks could have downstream impacts on other associated products, leading to a potential takeover of the Application Express Team Calendar Plugin. This vulnerability highlights the critical need for organizations utilizing the plugin to bolster their security measures and stay informed about potential threats.",Oracle,Application Express (apex),9,CRITICAL,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-07-18T21:15:00.000Z,0
CVE-2023-21983,https://securityvulnerability.io/vulnerability/CVE-2023-21983,Vulnerability in Oracle Application Express Administration Allows Unauthorized Access,"A vulnerability in Oracle's Application Express Administration allows an unauthenticated attacker with network access via HTTP to potentially compromise system security. This vulnerability could enable unauthorized operations such as updates, inserts, or deletions of accessible data. Additionally, it could allow unauthorized read access to certain data subsets and even lead to a partial denial of service. Organizations utilizing affected versions of Application Express Administration should assess their exposure and apply appropriate security measures to mitigate risks.",Oracle,Application Express (apex),5.6,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-07-18T21:15:00.000Z,0
CVE-2023-21975,https://securityvulnerability.io/vulnerability/CVE-2023-21975,Application Express Customers Plugin Vulnerability in Oracle,"A vulnerability exists in the Oracle Application Express Customers Plugin that may allow a low-privileged attacker with network access to compromise user accounts. Exploitation requires interaction from a user other than the attacker, which could lead to unauthorized access and takeover of the Application Express Customers Plugin. This vulnerability impacts not only the plugin itself but might also affect additional products, indicating a significant security risk if exploited.",Oracle,Application Express (apex),9,CRITICAL,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-07-18T21:15:00.000Z,0
CVE-2021-2460,https://securityvulnerability.io/vulnerability/CVE-2021-2460,Vulnerability in Oracle Database Server's Application Express Data Reporter,"An exploitable vulnerability exists in the Oracle Application Express Data Reporter component of Oracle Database Server. This issue allows an attacker with valid user credentials and network access over HTTP to compromise the system. The vulnerability necessitates human interaction from an individual who is not the attacker. Successful exploitation can lead to unauthorized updates, insertion or deletion of data and unauthorized read access to certain data sets available within the Oracle Application Express Data Reporter. This could have broader implications for other dependent systems and data integrity.",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2021-07-21T00:15:00.000Z,0
CVE-2021-2116,https://securityvulnerability.io/vulnerability/CVE-2021-2116,Vulnerability in Oracle Application Express Opportunity Tracker Component,"A vulnerability exists in the Oracle Application Express Opportunity Tracker component of Oracle Database Server, affecting versions prior to 20.2. It can be exploited by low-privileged attackers who possess a valid user account, allowing them to gain unauthorized access to sensitive data. Successful exploitation of this vulnerability requires human interaction from an individual other than the attacker. Attackers can potentially manipulate data within the Opportunity Tracker, including unauthorized updates, insertions, and deletions, as well as reading of accessible data. This vulnerability may significantly impact not only the Opportunity Tracker but also other associated products within the Oracle ecosystem.",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2021-01-20T14:50:12.000Z,0
CVE-2021-2117,https://securityvulnerability.io/vulnerability/CVE-2021-2117,Vulnerability in Oracle Application Express Survey Builder Component,"A vulnerability exists in the Oracle Application Express Survey Builder component of Oracle Database Server, allowing low-privileged attackers with valid user accounts to exploit the system via HTTP. The attack requires human interaction from an external party. While the vulnerability is specific to the Survey Builder, successful exploits can disrupt additional products, allowing unauthorized access to sensitive data and potential alterations, including updates, inserts, or deletions to the accessible data. This highlights a critical need for robust security measures and user awareness to prevent potential data misuse.",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2021-01-20T14:50:12.000Z,0
CVE-2020-14900,https://securityvulnerability.io/vulnerability/CVE-2020-14900,Vulnerability in Oracle Database Server Group Calendar Component,"A vulnerability exists in the Oracle Application Express Group Calendar component of Oracle Database Server that allows a low privileged attacker with a valid user account to exploit the system via HTTP. Successful exploitation of this vulnerability requires interaction from a user other than the attacker, potentially leading to unauthorized updates, insertions, or deletions of accessible data within the Group Calendar. Moreover, it can also grant unauthorized read access to a portion of the data, affecting not only the Group Calendar component but potentially impacting additional connected products.",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2020-10-21T14:04:31.000Z,0
CVE-2020-14899,https://securityvulnerability.io/vulnerability/CVE-2020-14899,Vulnerability in Oracle Database Server's Application Express Data Reporter Component,"This vulnerability in the Oracle Application Express Data Reporter component can be exploited by low-privileged attackers with valid user accounts. By leveraging network access via HTTP, attackers can manipulate accessible data in ways that include unauthorized updates, deletions, or inserts. The attack requires human interaction, which adds a layer of complexity. Notably, while the vulnerability is centered on the Data Reporter, its exploitation can affect additional components or products within Oracle's ecosystem, potentially leading to significant data breaches.",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2020-10-21T14:04:31.000Z,0
CVE-2020-14898,https://securityvulnerability.io/vulnerability/CVE-2020-14898,Unauthorized Access Vulnerability in Oracle Application Express Packaged Apps,"A vulnerability exists within Oracle Application Express Packaged Apps of Oracle Database Server that can be exploited by low privileged attackers with a valid user account. This issue, present in versions prior to 20.2, allows attackers with network access via HTTP to manipulate accessible data within packaged applications. Successful exploitation necessitates human interaction from a source other than the attacker. Consequently, this vulnerability could lead to unauthorized updates, inserts, or deletions of data, as well as unauthorized reading of sensitive information within the Oracle Application Express Packaged Apps framework. Organizations should ensure they implement proper security measures to mitigate potential risks associated with this vulnerability.",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2020-10-21T14:04:31.000Z,0
CVE-2020-14762,https://securityvulnerability.io/vulnerability/CVE-2020-14762,Vulnerability in Oracle Application Express Affects Oracle Database Server,"A vulnerability exists in the Oracle Application Express component of Oracle Database Server, allowing low privileged attackers with SQL Workshop privilege to exploit this weakness via HTTP. This means that they can perform unauthorized actions such as updating, inserting, or deleting data accessible through the Oracle Application Express interface. The vulnerability necessitates human interaction, making it particularly concerning due to potential involvement from unsuspecting users. Compromises through this vulnerability can lead to significant impacts on data confidentiality and integrity, affecting not only the Application Express itself but potentially other connected products too.",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2020-10-21T14:04:24.000Z,0
CVE-2020-14763,https://securityvulnerability.io/vulnerability/CVE-2020-14763,Vulnerability in Oracle Application Express Quick Poll Component of Oracle Database Server,"A vulnerability exists in the Oracle Application Express Quick Poll component of Oracle Database Server that could allow a low privileged attacker with network access via HTTP to exploit the system. While primarily affecting the Quick Poll feature, successful exploitation can lead to unauthorized modifications of accessible data, including updates, inserts, and deletions. Additionally, attackers can gain unauthorized read access to certain data elements, posing significant risks to the integrity and confidentiality of the database environment. This vulnerability requires human interaction for successful exploitation but remains a serious threat to organizations utilizing affected versions of Oracle Application Express.",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2020-10-21T14:04:24.000Z,0
CVE-2007-3860,https://securityvulnerability.io/vulnerability/CVE-2007-3860,,"Unspecified vulnerability in Oracle Application Express (formerly Oracle HTML DB) 2.2.0.00.32 up to 3.0.0.00.20 allows developers to have an unknown impact via unknown attack vectors, aka APEX01.  NOTE: a reliable researcher states that this is SQL injection in the wwv_flow_security.check_db_password function due to insufficient checks for '""' characters.",Oracle,Apex,,,0.006850000005215406,false,,false,false,false,,,false,false,,2007-07-18T19:00:00.000Z,0
CVE-2007-3854,https://securityvulnerability.io/vulnerability/CVE-2007-3854,,"Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing component (DB02) and (2) MDSYS.MD in the Spatial component (DB12).  NOTE: Oracle has not disputed reliable researcher claims that DB02 is for SQL injection and DB12 is for a buffer overflow.",Oracle,"Database Server,Application Server,Peoplesoft Enterprise Customer Relationship Management,Peoplesoft Enterprise Peopletools,Peoplesoft Enterprise Human Capital Management,Secure Enterprise Search,Apex,E-business Suite,Collaboration Suite",,,0.022120000794529915,false,,false,false,false,,,false,false,,2007-07-18T19:00:00.000Z,0
CVE-2006-7138,https://securityvulnerability.io/vulnerability/CVE-2006-7138,,"SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by modifying the P_LOV parameter and calculating a matching MD5 checksum for the P_LOV_CHECKSUM parameter.  NOTE: it is likely that this issue is subsumed by CVE-2006-5351, but due to lack of details from Oracle, this cannot be proven.",Oracle,Apex,,,0.0020600000862032175,false,,false,false,false,,,false,false,,2007-03-07T20:00:00.000Z,0
CVE-2006-7158,https://securityvulnerability.io/vulnerability/CVE-2006-7158,,"Cross-site scripting (XSS) vulnerability in Oracle Application Express (APEX) before 2.2.1, aka Oracle HTML DB, allows remote attackers to inject arbitrary web script or HTML via the NOTIFICATION_MSG parameter.  NOTE: it is likely that this issue overlaps one of the identifiers in CVE-2006-5351.",Oracle,Apex,,,0.011749999597668648,false,,false,false,false,,,false,false,,2007-03-07T20:00:00.000Z,0
CVE-2006-5599,https://securityvulnerability.io/vulnerability/CVE-2006-5599,,Cross-site scripting (XSS) vulnerability in Oracle Application Express (formerly HTML DB) before 2.2.1 allows remote attackers to inject arbitrary HTML or web script via the WWV_FLOW_ITEM_HELP package.  NOTE: it is likely that this issue overlaps one of the Oracle VulnIDs covered by CVE-2006-5351. Oracle has not publicly disputed claims by a reliable researcher that this has been fixed by the October 2006 CPU.,Oracle,Apex,,,0.005760000087320805,false,,false,false,false,,,false,false,,2006-10-28T01:00:00.000Z,0
CVE-2006-5351,https://securityvulnerability.io/vulnerability/CVE-2006-5351,,"Multiple unspecified vulnerabilities in Oracle Application Express (formerly Oracle HTML DB) 1.5 up to 2.0 have unknown impact and remote attack vectors, aka Vuln# (1) APEX01, (2) APEX02, (3) APEX03, (4) APEX05, (5) APEX06, (6) APEX07, (7) APEX08, (8) APEX09, (9) APEX10, (10) APEX11, (11) APEX12, (12) APEX13, (13) APEX14, (14) APEX15, (15) APEX16, (16) APEX17, (17) APEX18, (18) APEX19, (19) APEX22, (20) APEX23, (21) APEX24, (22) APEX25, (23) APEX26, (24) APEX27, (25) APEX28, (26) APEX29, (27) APEX30, (28) APEX31, (29) APEX32, (30) APEX33, (31) APEX34, and (32) APEX35.  NOTE: as of 20061027, it is likely that some of these identifiers are associated with cross-site scripting (XSS) in WWV_FLOW_ITEM_HELP and NOTIFICATION_MSG, but these have been provided separate identifiers.",Oracle,Apex,,,0.01233999989926815,false,,false,false,false,,,false,false,,2006-10-18T01:00:00.000Z,0
CVE-2006-5352,https://securityvulnerability.io/vulnerability/CVE-2006-5352,,"Multiple unspecified vulnerabilities in Oracle Application Express 1.5 up to 1.6.1 have unknown impact and remote attack vectors, aka Vuln# (1) APEX04, (2) APEX20, and (3) APEX21.",Oracle,Apex,,,0.009730000048875809,false,,false,false,false,,,false,false,,2006-10-18T01:00:00.000Z,0