cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-21557,https://securityvulnerability.io/vulnerability/CVE-2025-21557,Vulnerability in Oracle Application Express Affects Multiple Versions,"An exploitable vulnerability in Oracle Application Express allows a low privileged attacker with network access via HTTP to manipulate the application. Successful exploitation requires human interaction from an entity other than the attacker. While the vulnerability resides in Oracle Application Express, its repercussions may extend to other products, leading to unauthorized updates, inserts, or deletions of accessible data within the application. Furthermore, unauthorized read access to specific data sets within Oracle Application Express is also possible.",Oracle,Oracle Application Express,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:18.920Z,0
CVE-2024-21261,https://securityvulnerability.io/vulnerability/CVE-2024-21261,Oracle Application Express Vulnerability Affects 23.2 and 24.1 Versions,"Vulnerability in Oracle Application Express (component: General).  Supported versions that are affected are 23.2 and  24.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Express.  While the vulnerability is in Oracle Application Express, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as  unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N).",Oracle,Oracle Application Express,4.9,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-15T19:52:54.588Z,0
CVE-2023-21974,https://securityvulnerability.io/vulnerability/CVE-2023-21974,User Account Vulnerability in Oracle Application Express Team Calendar Plugin,"A vulnerability exists in the Application Express Team Calendar Plugin from Oracle that allows a low-privileged attacker with network access via HTTP to compromise user accounts. Exploitation of this weakness necessitates human interaction from a user who is not the attacker. Though primarily affecting the Team Calendar Plugin, successful attacks could have downstream impacts on other associated products, leading to a potential takeover of the Application Express Team Calendar Plugin. This vulnerability highlights the critical need for organizations utilizing the plugin to bolster their security measures and stay informed about potential threats.",Oracle,Application Express (apex),9,CRITICAL,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-07-18T21:15:00.000Z,0
CVE-2023-21975,https://securityvulnerability.io/vulnerability/CVE-2023-21975,Application Express Customers Plugin Vulnerability in Oracle,"A vulnerability exists in the Oracle Application Express Customers Plugin that may allow a low-privileged attacker with network access to compromise user accounts. Exploitation requires interaction from a user other than the attacker, which could lead to unauthorized access and takeover of the Application Express Customers Plugin. This vulnerability impacts not only the plugin itself but might also affect additional products, indicating a significant security risk if exploited.",Oracle,Application Express (apex),9,CRITICAL,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-07-18T21:15:00.000Z,0
CVE-2023-21983,https://securityvulnerability.io/vulnerability/CVE-2023-21983,Vulnerability in Oracle Application Express Administration Allows Unauthorized Access,"A vulnerability in Oracle's Application Express Administration allows an unauthenticated attacker with network access via HTTP to potentially compromise system security. This vulnerability could enable unauthorized operations such as updates, inserts, or deletions of accessible data. Additionally, it could allow unauthorized read access to certain data subsets and even lead to a partial denial of service. Organizations utilizing affected versions of Application Express Administration should assess their exposure and apply appropriate security measures to mitigate risks.",Oracle,Application Express (apex),5.6,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-07-18T21:15:00.000Z,0
CVE-2021-2460,https://securityvulnerability.io/vulnerability/CVE-2021-2460,Vulnerability in Oracle Database Server's Application Express Data Reporter,"An exploitable vulnerability exists in the Oracle Application Express Data Reporter component of Oracle Database Server. This issue allows an attacker with valid user credentials and network access over HTTP to compromise the system. The vulnerability necessitates human interaction from an individual who is not the attacker. Successful exploitation can lead to unauthorized updates, insertion or deletion of data and unauthorized read access to certain data sets available within the Oracle Application Express Data Reporter. This could have broader implications for other dependent systems and data integrity.",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2021-07-21T00:15:00.000Z,0
CVE-2021-2116,https://securityvulnerability.io/vulnerability/CVE-2021-2116,Vulnerability in Oracle Application Express Opportunity Tracker Component,"A vulnerability exists in the Oracle Application Express Opportunity Tracker component of Oracle Database Server, affecting versions prior to 20.2. It can be exploited by low-privileged attackers who possess a valid user account, allowing them to gain unauthorized access to sensitive data. Successful exploitation of this vulnerability requires human interaction from an individual other than the attacker. Attackers can potentially manipulate data within the Opportunity Tracker, including unauthorized updates, insertions, and deletions, as well as reading of accessible data. This vulnerability may significantly impact not only the Opportunity Tracker but also other associated products within the Oracle ecosystem.",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2021-01-20T14:50:12.000Z,0
CVE-2021-2117,https://securityvulnerability.io/vulnerability/CVE-2021-2117,Vulnerability in Oracle Application Express Survey Builder Component,"A vulnerability exists in the Oracle Application Express Survey Builder component of Oracle Database Server, allowing low-privileged attackers with valid user accounts to exploit the system via HTTP. The attack requires human interaction from an external party. While the vulnerability is specific to the Survey Builder, successful exploits can disrupt additional products, allowing unauthorized access to sensitive data and potential alterations, including updates, inserts, or deletions to the accessible data. This highlights a critical need for robust security measures and user awareness to prevent potential data misuse.",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2021-01-20T14:50:12.000Z,0
CVE-2020-14900,https://securityvulnerability.io/vulnerability/CVE-2020-14900,Vulnerability in Oracle Database Server Group Calendar Component,"A vulnerability exists in the Oracle Application Express Group Calendar component of Oracle Database Server that allows a low privileged attacker with a valid user account to exploit the system via HTTP. Successful exploitation of this vulnerability requires interaction from a user other than the attacker, potentially leading to unauthorized updates, insertions, or deletions of accessible data within the Group Calendar. Moreover, it can also grant unauthorized read access to a portion of the data, affecting not only the Group Calendar component but potentially impacting additional connected products.",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2020-10-21T14:04:31.000Z,0
CVE-2020-14899,https://securityvulnerability.io/vulnerability/CVE-2020-14899,Vulnerability in Oracle Database Server's Application Express Data Reporter Component,"This vulnerability in the Oracle Application Express Data Reporter component can be exploited by low-privileged attackers with valid user accounts. By leveraging network access via HTTP, attackers can manipulate accessible data in ways that include unauthorized updates, deletions, or inserts. The attack requires human interaction, which adds a layer of complexity. Notably, while the vulnerability is centered on the Data Reporter, its exploitation can affect additional components or products within Oracle's ecosystem, potentially leading to significant data breaches.",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2020-10-21T14:04:31.000Z,0
CVE-2020-14898,https://securityvulnerability.io/vulnerability/CVE-2020-14898,Unauthorized Access Vulnerability in Oracle Application Express Packaged Apps,"A vulnerability exists within Oracle Application Express Packaged Apps of Oracle Database Server that can be exploited by low privileged attackers with a valid user account. This issue, present in versions prior to 20.2, allows attackers with network access via HTTP to manipulate accessible data within packaged applications. Successful exploitation necessitates human interaction from a source other than the attacker. Consequently, this vulnerability could lead to unauthorized updates, inserts, or deletions of data, as well as unauthorized reading of sensitive information within the Oracle Application Express Packaged Apps framework. Organizations should ensure they implement proper security measures to mitigate potential risks associated with this vulnerability.",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2020-10-21T14:04:31.000Z,0
CVE-2020-14763,https://securityvulnerability.io/vulnerability/CVE-2020-14763,Vulnerability in Oracle Application Express Quick Poll Component of Oracle Database Server,"A vulnerability exists in the Oracle Application Express Quick Poll component of Oracle Database Server that could allow a low privileged attacker with network access via HTTP to exploit the system. While primarily affecting the Quick Poll feature, successful exploitation can lead to unauthorized modifications of accessible data, including updates, inserts, and deletions. Additionally, attackers can gain unauthorized read access to certain data elements, posing significant risks to the integrity and confidentiality of the database environment. This vulnerability requires human interaction for successful exploitation but remains a serious threat to organizations utilizing affected versions of Oracle Application Express.",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2020-10-21T14:04:24.000Z,0
CVE-2020-14762,https://securityvulnerability.io/vulnerability/CVE-2020-14762,Vulnerability in Oracle Application Express Affects Oracle Database Server,"A vulnerability exists in the Oracle Application Express component of Oracle Database Server, allowing low privileged attackers with SQL Workshop privilege to exploit this weakness via HTTP. This means that they can perform unauthorized actions such as updating, inserting, or deleting data accessible through the Oracle Application Express interface. The vulnerability necessitates human interaction, making it particularly concerning due to potential involvement from unsuspecting users. Compromises through this vulnerability can lead to significant impacts on data confidentiality and integrity, affecting not only the Application Express itself but potentially other connected products too.",Oracle,Application Express (apex),5.4,MEDIUM,0.0005699999746866524,false,,false,false,false,,,false,false,,2020-10-21T14:04:24.000Z,0
CVE-2020-2513,https://securityvulnerability.io/vulnerability/CVE-2020-2513,SQL Injection Vulnerability in Oracle Application Express Component of Oracle Database Server,"A vulnerability exists in Oracle Application Express, part of the Oracle Database Server, that can be exploited by a low privileged attacker with network access via HTTP. The attacker must engage a third party to facilitate the attack, allowing unauthorized access to update, insert, or delete data within Oracle Application Express. Furthermore, attackers may gain unauthorized read access to certain data, potentially impacting other connected products. The affected versions range from 5.1 to 19.2, and organizations using these versions are advised to implement necessary security measures to mitigate risks.",Oracle,Application Express,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-07-15T17:34:36.000Z,0
CVE-2020-2972,https://securityvulnerability.io/vulnerability/CVE-2020-2972,SQL Injection Vulnerability in Oracle Application Express by Oracle,"The vulnerability in Oracle Application Express allows attackers with SQL Workshop privileges to manipulate data through SQL injection. This occurs via network access through HTTP, requiring human interaction from the target user to exploit effectively. While primarily affecting Oracle Application Express, successful exploitation can lead to unauthorized changes to data, including updates, inserts, and deletions, along with unauthorized read access to sensitive information. As such, the impact extends beyond the application itself, potentially affecting associated products.",Oracle,Application Express,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-07-15T17:34:36.000Z,0
CVE-2020-2975,https://securityvulnerability.io/vulnerability/CVE-2020-2975,Vulnerability in Oracle Application Express of Oracle Database Server,"A vulnerability exists in the Oracle Application Express component of Oracle Database Server, affecting versions 5.1 through 19.2. This issue allows a low-privilege attacker with SQL Workshop access and network capabilities via HTTP to compromise the application. While exploitation requires human interaction from a third party, successful attacks can lead to unauthorized updates, inserts, or deletions of accessible data within Oracle Application Express. Moreover, attackers may gain unauthorized read access to sensitive information, potentially impacting additional associated products.",Oracle,Application Express,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-07-15T17:34:36.000Z,0
CVE-2020-2976,https://securityvulnerability.io/vulnerability/CVE-2020-2976,Unauthorized Access Vulnerability in Oracle Application Express by Oracle,"Oracle Application Express in the Oracle Database Server is susceptible to an improper authentication vulnerability that allows an attacker with SQL Workshop privileges to gain unauthorized access to sensitive data. This flaw can be exploited through user interaction and may lead to unauthorized updates, inserts, or deletions of accessible data. Attackers can compromise user data integrity and confidentiality, affecting the overall security of applications built on Oracle Application Express.",Oracle,Application Express,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-07-15T17:34:36.000Z,0
CVE-2020-2977,https://securityvulnerability.io/vulnerability/CVE-2020-2977,Vulnerability in Oracle Application Express Affects Oracle Database Server,"This vulnerability in the Oracle Application Express component of Oracle Database Server allows a low-privileged attacker with valid network access via HTTP to exploit the system. Successful exploitation requires human interaction from a third party, enabling unauthorized update, insert, or deletion of data. Additionally, it permits unauthorized read access to a limited subset of data accessible within Oracle Application Express. This flaw highlights critical risks in data security and emphasizes the importance of ensuring all users adhere to stringent access controls.",Oracle,Application Express,4.6,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-07-15T17:34:36.000Z,0
CVE-2020-2974,https://securityvulnerability.io/vulnerability/CVE-2020-2974,Vulnerability in Oracle Application Express Affects Oracle Database Server,"A vulnerability exists in the Oracle Application Express component of Oracle Database Server, affecting versions 5.1 through 19.2. This issue can be exploited by low-privileged attackers with SQL Workshop privileges who have network access via HTTP. While attackers must rely on human interaction to execute their malicious activities, the fallout can affect various applications utilizing Oracle Application Express. Successful exploitation can lead to unauthorized updates, inserts, or deletions of accessible data, as well as unauthorized reading of specific subsets of this data, putting sensitive information at risk.",Oracle,Application Express,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-07-15T17:34:36.000Z,0
CVE-2020-2971,https://securityvulnerability.io/vulnerability/CVE-2020-2971,SQL Injection Vulnerability in Oracle Application Express of Oracle Database Server,"A vulnerability exists in the Oracle Application Express component of Oracle Database Server, allowing low-privileged attackers with SQL Workshop privileges to exploit it. This exploit requires human interaction from a third party, potentially compromising accessible data. Attackers may gain unauthorized access to update, insert, or delete data, as well as read a limited subset of this data, posing significant risks to data integrity and confidentiality.",Oracle,Application Express,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-07-15T17:34:36.000Z,0
CVE-2020-2973,https://securityvulnerability.io/vulnerability/CVE-2020-2973,SQL Injection Vulnerability in Oracle Database Server's Application Express Component,"A vulnerability exists in the Oracle Application Express component of Oracle Database Server that allows a low-privileged attacker, with SQL Workshop privileges, to exploit the system through network access via HTTP. This easily exploitable vulnerability requires human interaction from an external user, raising the risk of unauthorized access. Successful exploitation may enable the attacker to perform unauthorized updates, inserts, or deletions of data accessible through Oracle Application Express, as well as to retrieve confidential information. While the primary target is the Application Express component, the effects may extend to other products within the Oracle ecosystem, increasing the overall risk to database integrity and confidentiality.",Oracle,Application Express,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-07-15T17:34:36.000Z,0
CVE-2020-2514,https://securityvulnerability.io/vulnerability/CVE-2020-2514,Vulnerability in Oracle Application Express of Oracle Database Server,"A vulnerability in the Oracle Application Express component of Oracle Database Server allows a low privileged attacker with End User Role privileges to exploit the application, provided they have network access via HTTPS. The attack requires engagement from an unsuspecting user, which increases the risk profile. Successful exploitation can lead to unauthorized modifications including updates, inserts, and deletions of data within Oracle Application Express. Furthermore, attackers could initiate a partial denial of service, affecting the availability of the service.",Oracle,Application Express,4.6,MEDIUM,0.0005300000193528831,false,,false,false,false,,,false,false,,2020-04-15T13:29:43.000Z,0
CVE-2019-2484,https://securityvulnerability.io/vulnerability/CVE-2019-2484,Application Express Vulnerability in Oracle Database Server,"A vulnerability has been identified in the Application Express component of Oracle Database Server that allows a low privileged attacker with a valid account to compromise the Application Express environment. This security flaw requires human interaction from a user not associated with the attacker, which can result in unauthorized data manipulation or access. Affected versions include Oracle Database Server 5.1 and 18.2, and exploitation may lead to significant security repercussions for related data. Organizations using these versions should apply recommended security measures to mitigate potential risks.",Oracle,Application Express,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-07-23T23:15:00.000Z,0
CVE-2018-2699,https://securityvulnerability.io/vulnerability/CVE-2018-2699,,"Vulnerability in the Application Express component of Oracle Database Server. The supported version that is affected is Prior to 5.1.4.00.08. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Application Express, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Application Express accessible data as well as unauthorized read access to a subset of Application Express accessible data. CVSS 3.0 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",Oracle,Application Express,6.1,MEDIUM,0.001290000043809414,false,,false,false,false,,,false,false,,2018-01-18T02:00:00.000Z,0
CVE-2016-3448,https://securityvulnerability.io/vulnerability/CVE-2016-3448,,Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect confidentiality and integrity via unknown vectors.,Oracle,Application Express,6.1,MEDIUM,0.0016199999954551458,false,,false,false,false,,,false,false,,2016-07-21T10:00:00.000Z,0