cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-21563,https://securityvulnerability.io/vulnerability/CVE-2025-21563,Vulnerability in Oracle PeopleSoft Enterprise CC Run Control Management,"A vulnerability has been identified in the Run Control Management component of Oracle PeopleSoft Enterprise CC Common Application Objects, which could allow a low-privileged attacker with network access via HTTP to manipulate the application. This exploitation can lead to unauthorized updates, inserts, or deletions of data within some application objects, impacting the integrity of the data being processed.",Oracle,Peoplesoft Enterprise Cc Common Application Objects,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:21.250Z,0
CVE-2025-21562,https://securityvulnerability.io/vulnerability/CVE-2025-21562,Low Privilege Vulnerability in Oracle PeopleSoft Enterprise CC Application,"A vulnerability exists in Oracle People's PeopleSoft Enterprise CC Common Application Objects, specifically in the Run Control Management component. This flaw allows low-privileged attackers with network access via HTTP to exploit the system. Successful exploitation can lead to unauthorized read access to a portion of the accessible data within the PeopleSoft system, which can have implications for data confidentiality. Consequently, organizations using this version should take measures to mitigate potential breaches and secure their applications.",Oracle,Peoplesoft Enterprise Cc Common Application Objects,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:20.855Z,0
CVE-2025-21557,https://securityvulnerability.io/vulnerability/CVE-2025-21557,Vulnerability in Oracle Application Express Affects Multiple Versions,"An exploitable vulnerability in Oracle Application Express allows a low privileged attacker with network access via HTTP to manipulate the application. Successful exploitation requires human interaction from an entity other than the attacker. While the vulnerability resides in Oracle Application Express, its repercussions may extend to other products, leading to unauthorized updates, inserts, or deletions of accessible data within the application. Furthermore, unauthorized read access to specific data sets within Oracle Application Express is also possible.",Oracle,Oracle Application Express,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:18.920Z,0
CVE-2024-21270,https://securityvulnerability.io/vulnerability/CVE-2024-21270,Oracle Common Applications Calendar Vulnerability,"A vulnerability exists within the Oracle Common Applications Calendar component of the Oracle E-Business Suite, specifically impacting versions 12.2.6 to 12.2.13. This vulnerability allows an attacker with low privileges and network access via HTTP to compromise the Oracle Common Applications Calendar, potentially leading to unauthorized actions such as the creation, deletion, or modification of critical data. Successful exploitation can result in complete access to all data stored in the Oracle Common Applications Calendar, heightening the risk of data breaches and integrity losses. Organizations using supported versions should take immediate measures to mitigate the risk associated with this vulnerability.",Oracle,Oracle Common Applications Calendar,8.1,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-10-15T19:52:57.740Z,0
CVE-2024-21268,https://securityvulnerability.io/vulnerability/CVE-2024-21268,Vulnerability in Oracle Applications Manager Affects Oracle E-Business Suite,"A significant security vulnerability has been identified in the Oracle Applications Manager component of the Oracle E-Business Suite, specifically affecting versions 12.2.11 through 12.2.13. This vulnerability can be easily exploited by low privileged attackers with HTTP network access to compromise the Oracle Applications Manager environment. Successful exploitation can lead to unauthorized actions, including the creation, deletion, or modification of critical data. Attackers may gain complete access to all data managed by the Oracle Applications Manager, posing severe risks to data confidentiality and integrity. Organizations utilizing affected versions should take immediate steps to remediate this vulnerability to protect against potential data breaches and unauthorized access.",Oracle,Oracle Applications Manager,8.1,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-10-15T19:52:57.090Z,0
CVE-2024-21264,https://securityvulnerability.io/vulnerability/CVE-2024-21264,Low-privileged attacker can compromise data in PeopleSoft Enterprise CC Common Application Objects,"Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Activity Guide Composer).   The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise CC Common Application Objects.  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of PeopleSoft Enterprise CC Common Application Objects accessible data as well as  unauthorized read access to a subset of PeopleSoft Enterprise CC Common Application Objects accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N).",Oracle,Peoplesoft Enterprise Cc Common Application Objects,5.4,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-15T19:52:55.591Z,0
CVE-2024-21261,https://securityvulnerability.io/vulnerability/CVE-2024-21261,Oracle Application Express Vulnerability Affects 23.2 and 24.1 Versions,"Vulnerability in Oracle Application Express (component: General).  Supported versions that are affected are 23.2 and  24.1. Difficult to exploit vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Express.  While the vulnerability is in Oracle Application Express, attacks may significantly impact additional products (scope change).  Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Application Express accessible data as well as  unauthorized read access to a subset of Oracle Application Express accessible data. CVSS 3.1 Base Score 4.9 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N).",Oracle,Oracle Application Express,4.9,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-10-15T19:52:54.588Z,0
CVE-2024-21148,https://securityvulnerability.io/vulnerability/CVE-2024-21148,Oracle Applications Framework Vulnerability Affects Confidentiality and Integrity,"Vulnerability in the Oracle Applications Framework product of Oracle E-Business Suite (component: Personalization).  Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle Applications Framework.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Applications Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Applications Framework accessible data as well as  unauthorized read access to a subset of Oracle Applications Framework accessible data. CVSS 3.1 Base Score 4.8 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N).",Oracle,Applications Framework,4.8,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-07-16T23:15:00.000Z,0
CVE-2024-21128,https://securityvulnerability.io/vulnerability/CVE-2024-21128,Vulnerability in Oracle E-Business Suite APIs by Oracle,"This vulnerability affects the Oracle Application Object Library within the Oracle E-Business Suite APIs, allowing low-privileged attackers with HTTP network access to potentially compromise the library. The attack necessitates human interaction, which makes exploitation simpler. While primarily targeting the Application Object Library, the potential consequences of successful attacks can extend to other connected components, enabling unauthorized data manipulation such as updates, insertions, or deletions. Additionally, attackers may gain unauthorized read access to sensitive data contained within the library.",Oracle,Application Object Library,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-16T23:15:00.000Z,0
CVE-2024-20990,https://securityvulnerability.io/vulnerability/CVE-2024-20990,Vulnerability in Oracle E-Business Suite Affecting Oracle Applications Technology,"This vulnerability in Oracle Applications Technology within the Oracle E-Business Suite allows an unauthenticated attacker with network access to potentially gain unauthorized read access to sensitive data. The issue affects various versions of the software, specifically versions 12.2.3 through 12.2.13, making it crucial for users and administrators to apply necessary patches and mitigations to protect against possible data breaches.",Oracle,Applications Technology Stack,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-16T22:15:00.000Z,0
CVE-2024-21048,https://securityvulnerability.io/vulnerability/CVE-2024-21048,XML Input Vulnerability in Oracle Web Applications Desktop Integrator,"An XML input vulnerability exists in the Oracle Web Applications Desktop Integrator component of Oracle E-Business Suite, affecting versions 12.2.3 through 12.2.13. This flaw allows low privileged attackers to exploit the system with network access via HTTP. Successful exploitation may lead to unauthorized read access, exposing sensitive data within the Oracle Web Applications Desktop Integrator. Organizations using the affected versions should implement the necessary mitigations as soon as possible to protect their systems.",Oracle,Web Applications Desktop Integrator,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-16T22:15:00.000Z,0
CVE-2024-21080,https://securityvulnerability.io/vulnerability/CVE-2024-21080,Unauthorized Access Vulnerability in Oracle E-Business Suite REST Services,"The vulnerability in Oracle E-Business Suite's REST Services component exposes the system to unauthorized access by low privileged attackers. Through network access via HTTP, an attacker can exploit this flaw to gain access to critical data, which can lead to unauthorized manipulation of data within the Oracle Applications Framework. The supported versions ranging from 12.2.9 to 12.2.13 are particularly at risk, necessitating immediate evaluation and remediation to prevent potential data breaches.",Oracle,Applications Framework,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-04-16T22:15:00.000Z,0
CVE-2024-20907,https://securityvulnerability.io/vulnerability/CVE-2024-20907,Oracle Web Applications Desktop Integrator Vulnerability Affects Multiple Products,"Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: File download).  Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Web Applications Desktop Integrator, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Web Applications Desktop Integrator accessible data as well as  unauthorized read access to a subset of Oracle Web Applications Desktop Integrator accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).",Oracle,Web Applications Desktop Integrator,6.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-17T02:15:00.000Z,0
CVE-2024-20947,https://securityvulnerability.io/vulnerability/CVE-2024-20947,Oracle Common Applications Vulnerability Affects CRM User Management Framework,"Vulnerability in the Oracle Common Applications product of Oracle E-Business Suite (component: CRM User Management Framework).  Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Common Applications.  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Common Applications, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Common Applications accessible data as well as  unauthorized read access to a subset of Oracle Common Applications accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).",Oracle,Common Applications,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-17T01:50:15.825Z,0
CVE-2024-20929,https://securityvulnerability.io/vulnerability/CVE-2024-20929,Unauthorized Access to Sensitive Data via HTTP,"A vulnerability exists in the Oracle Application Object Library component of the Oracle E-Business Suite, specifically concerning database privileges. It affects versions 12.2.3 through 12.2.13. An unauthenticated attacker can exploit this vulnerability over HTTP, enabling them to perform unauthorized actions such as updates, inserts, or deletes on accessible data within the Application Object Library. Additionally, attackers may gain unauthorized read access to specific subsets of data. The impact includes potential compromises to data integrity and confidentiality within affected systems.",Oracle,Application Object Library,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-17T01:50:12.419Z,0
CVE-2024-20915,https://securityvulnerability.io/vulnerability/CVE-2024-20915,Oracle Application Object Library Vulnerability Could Lead to Partial Denial of Service,Vulnerability in the Oracle Application Object Library product of Oracle E-Business Suite (component: Login - SSO).  Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Application Object Library.  Successful attacks of this vulnerability can result in unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Application Object Library. CVSS 3.1 Base Score 5.3 (Availability impacts).  CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L).,Oracle,Application Object Library,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-02-17T01:50:09.593Z,0
CVE-2023-21901,https://securityvulnerability.io/vulnerability/CVE-2023-21901,Vulnerability in Oracle Financial Services Analytical Applications Infrastructure,"A vulnerability exists within the Oracle Financial Services Analytical Applications Infrastructure that can be exploited by low-privileged attackers with network access via HTTP. This weakness may allow unauthorized actions such as updates, inserts, or deletions to data that the Infrastructure has access to. Additionally, it poses a risk of unauthorized read access to certain data and potentially leads to a partial denial of service situation. While specifically affecting the Infrastructure component, the implications of these attacks may extend to other associated products, thereby increasing the overall impact on an organization's operational capabilities.",Oracle,Financial Services Analytical Applications Infrastructure,7.4,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-01-16T21:39:38.605Z,0
CVE-2023-22090,https://securityvulnerability.io/vulnerability/CVE-2023-22090,Vulnerability in PeopleSoft Enterprise CC and Oracle,"The vulnerability in Oracle's PeopleSoft Enterprise CC Common Application Objects product affects version 9.2 and allows a low-privileged attacker to exploit network access via HTTP. This flaw can lead to unauthorized access to sensitive data, posing significant risks of data breaches and compromising the integrity of the affected system. Organizations using this product must take immediate action to mitigate the risks associated with this vulnerability.",Oracle,Peoplesoft Enterprise Cc Common Application Objects,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-10-17T22:15:00.000Z,0
CVE-2023-22076,https://securityvulnerability.io/vulnerability/CVE-2023-22076,Unauthorized Data Access Vulnerability in Oracle E-Business Suite,"A vulnerability exists in the Oracle Applications Framework of the Oracle E-Business Suite, primarily affecting versions 12.2.3 through 12.2.12. This vulnerability allows unauthenticated access to be exploited via HTTP, potentially leading to unauthorized updates, inserts, or deletions of available data. Although exploit attempts may require human interaction, the implications can extend beyond the framework, affecting other interconnected products. Security measures should be taken to prevent unauthorized reading of sensitive data accessible through the framework.",Oracle,Applications Framework,6.1,MEDIUM,0.0006099999882280827,false,,false,false,false,,,false,false,,2023-10-17T22:15:00.000Z,0
CVE-2023-21975,https://securityvulnerability.io/vulnerability/CVE-2023-21975,Application Express Customers Plugin Vulnerability in Oracle,"A vulnerability exists in the Oracle Application Express Customers Plugin that may allow a low-privileged attacker with network access to compromise user accounts. Exploitation requires interaction from a user other than the attacker, which could lead to unauthorized access and takeover of the Application Express Customers Plugin. This vulnerability impacts not only the plugin itself but might also affect additional products, indicating a significant security risk if exploited.",Oracle,Application Express (apex),9,CRITICAL,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-07-18T21:15:00.000Z,0
CVE-2023-22042,https://securityvulnerability.io/vulnerability/CVE-2023-22042,Unauthenticated Vulnerability in Oracle E-Business Suite's Applications Framework,"A vulnerability exists in the Oracle Applications Framework of Oracle E-Business Suite, allowing unauthenticated attackers with network access to compromise the application. Attackers must manipulate human interaction to exploit this flaw. Successful exploitation can lead to unauthorized data alterations, including updates, inserts, or deletions, and unauthorized read access to sensitive data. While the vulnerability is confined to the Applications Framework, it has the potential to impact broader systems within the Oracle E-Business Suite.",Oracle,Applications Framework,6.1,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-07-18T21:15:00.000Z,0
CVE-2023-21983,https://securityvulnerability.io/vulnerability/CVE-2023-21983,Vulnerability in Oracle Application Express Administration Allows Unauthorized Access,"A vulnerability in Oracle's Application Express Administration allows an unauthenticated attacker with network access via HTTP to potentially compromise system security. This vulnerability could enable unauthorized operations such as updates, inserts, or deletions of accessible data. Additionally, it could allow unauthorized read access to certain data subsets and even lead to a partial denial of service. Organizations utilizing affected versions of Application Express Administration should assess their exposure and apply appropriate security measures to mitigate risks.",Oracle,Application Express (apex),5.6,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-07-18T21:15:00.000Z,0
CVE-2023-22037,https://securityvulnerability.io/vulnerability/CVE-2023-22037,Remote Code Execution Vulnerability in Oracle E-Business Suite Web Applications,"A vulnerability exists in the Oracle Web Applications Desktop Integrator component of the Oracle E-Business Suite that permits a low-privileged attacker with network access to potentially compromise the system. This exploitation requires the interaction of another individual, leading to unauthorized updates, inserts, or deletions of accessible data. Furthermore, the attacker may gain unauthorized read access to certain data and inflict a partial denial of service on the application. The scope of the attack may extend beyond the Web Applications Desktop Integrator to impact additional products.",Oracle,Web Applications Desktop Integrator,6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-07-18T21:15:00.000Z,0
CVE-2023-21974,https://securityvulnerability.io/vulnerability/CVE-2023-21974,User Account Vulnerability in Oracle Application Express Team Calendar Plugin,"A vulnerability exists in the Application Express Team Calendar Plugin from Oracle that allows a low-privileged attacker with network access via HTTP to compromise user accounts. Exploitation of this weakness necessitates human interaction from a user who is not the attacker. Though primarily affecting the Team Calendar Plugin, successful attacks could have downstream impacts on other associated products, leading to a potential takeover of the Application Express Team Calendar Plugin. This vulnerability highlights the critical need for organizations utilizing the plugin to bolster their security measures and stay informed about potential threats.",Oracle,Application Express (apex),9,CRITICAL,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-07-18T21:15:00.000Z,0
CVE-2023-21978,https://securityvulnerability.io/vulnerability/CVE-2023-21978,Vulnerability in Oracle E-Business Suite's Application Object Library,"This vulnerability presents a security concern within the Oracle Application Object Library of the Oracle E-Business Suite, affecting multiple versions from 12.2.3 to 12.2.11. It allows a low-privileged attacker with network access via HTTP to compromise sensitive components of the application. Successfully carrying out an attack necessitates user interaction from an individual unrelated to the attacker, indicating potential social engineering vectors. The exploit may lead to unauthorized modifications or deletions of data, unauthorized reads of sensitive information, and could cause a partial denial of service for the Application Object Library. This vulnerability highlights the importance of maintaining secure practices, as the impacts extend beyond the affected product to potentially other systems relying on the library.",Oracle,Application Object Library,6.5,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2023-04-18T20:15:00.000Z,0