cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-21571,https://securityvulnerability.io/vulnerability/CVE-2025-21571,Unauthorized Access Vulnerability in Oracle VM VirtualBox by Oracle,"Oracle VM VirtualBox is susceptible to a vulnerability that enables a high-privileged user with logon access to the infrastructure to compromise the application. Attackers can potentially create, delete, or modify critical data, while also gaining unauthorized read access to a subset of data. This vulnerability may lead to partial denial of service, impacting various functionalities. Users of affected versions prior to 7.0.24 and 7.1.6 should implement necessary updates to mitigate the risks associated with this vulnerability.",Oracle,Oracle Vm Virtualbox,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:24.368Z,0
CVE-2025-21565,https://securityvulnerability.io/vulnerability/CVE-2025-21565,Unauthenticated Network Access Vulnerability in Oracle Agile PLM Framework by Oracle,"The vulnerability within the Oracle Agile PLM Framework allows unauthenticated attackers with network access through HTTP to exploit the system, potentially compromising sensitive data. Attackers can gain unauthorized access to all accessible information within Oracle Agile PLM Framework, raising significant security concerns for users relying on this product. It is crucial for organizations utilizing the affected version to apply recommended security updates to mitigate the associated risks.",Oracle,Oracle Agile Plm Framework,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:22.045Z,0
CVE-2025-21564,https://securityvulnerability.io/vulnerability/CVE-2025-21564,Vulnerability in Oracle Agile PLM Framework Affects Data Security,"A vulnerability in the Oracle Agile PLM Framework's Agile Integration Services component allows attackers with low privileges and network access via HTTP to exploit the system. Successful exploitation can result in unauthorized access to sensitive data and potentially lead to a denial-of-service, causing unacceptable downtime. This flaw poses significant risks to data confidentiality and system availability, highlighting the need for immediate patching and safeguarding measures.",Oracle,Oracle Agile Plm Framework,8.1,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:21.675Z,0
CVE-2025-21556,https://securityvulnerability.io/vulnerability/CVE-2025-21556,Vulnerability in Oracle Agile PLM Framework by Oracle affecting Integration Services,"A vulnerability exists in Oracle's Agile PLM Framework affecting version 9.3.6, specifically within Agile Integration Services. This flaw allows a low privileged attacker with network access via HTTP to potentially compromise the system. While primarily associated with the Agile PLM Framework, exploitation could also affect related products, highlighting the vulnerability's broader impact. Successful exploitation can lead to complete takeover of the Agile PLM Framework, undermining confidentiality, integrity, and availability.",Oracle,Oracle Agile Plm Framework,9.9,CRITICAL,0.0004299999854993075,false,,true,false,true,2025-01-22T07:25:35.000Z,false,false,false,,2025-01-21T20:53:18.494Z,0
CVE-2025-21549,https://securityvulnerability.io/vulnerability/CVE-2025-21549,Denial of Service Vulnerability in Oracle WebLogic Server by Oracle,"A vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware enables unauthenticated attackers with network access via HTTP/2 to exploit the server. An attacker can easily compromise the Oracle WebLogic Server, leading to impacts such as server hangs or repeatable crashes, effectively resulting in a Denial of Service (DOS) condition. This flaw affects supported version 14.1.1.0.0 of the software.",Oracle,Oracle Weblogic Server,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:15.813Z,0
CVE-2025-21547,https://securityvulnerability.io/vulnerability/CVE-2025-21547,Unauthenticated Access Vulnerability in Oracle Hospitality OPERA 5 by Oracle,"An unauthenticated remote access vulnerability exists in Oracle Hospitality OPERA 5, allowing attackers with network access via HTTP to exploit the system. Affected versions include 5.6.19.20, 5.6.25.8, 5.6.26.6, and 5.6.27.1. Successful exploitation can lead to unauthorized access to critical data and the potential for Denial of Service, where the application may hang or experience frequent crashes. This poses significant risks to data confidentiality and system availability.",Oracle,Oracle Hospitality Opera 5,9.1,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:15.077Z,0
CVE-2025-21545,https://securityvulnerability.io/vulnerability/CVE-2025-21545,Remote Denial of Service Vulnerability in Oracle PeopleSoft Enterprise PeopleTools,"An exploitable vulnerability exists in the OpenSearch component of Oracle PeopleSoft Enterprise PeopleTools, affecting versions 8.60 and 8.61. This flaw enables unauthenticated attackers to gain network access via HTTP, potentially leading to a denial of service. Attackers can leverage this vulnerability to disrupt service, causing frequent crashes or system hangs without any authentication requirement.",Oracle,Peoplesoft Enterprise Peopletools,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:14.338Z,0
CVE-2025-21535,https://securityvulnerability.io/vulnerability/CVE-2025-21535,Vulnerability in Oracle WebLogic Server Affects Fusion Middleware,"An unauthenticated access vulnerability exists in the Oracle WebLogic Server component of Oracle Fusion Middleware. This easily exploitable flaw allows an attacker with network access via T3 or IIOP to compromise the server. Successful exploitation can lead to a complete takeover of the Oracle WebLogic Server, potentially compromising confidentiality, integrity, and availability of server resources.",Oracle,Oracle Weblogic Server,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:10.239Z,518
CVE-2025-21532,https://securityvulnerability.io/vulnerability/CVE-2025-21532,Oracle Analytics Desktop Vulnerability in Oracle Analytics Product,"A vulnerability exists in Oracle Analytics Desktop that could allow an attacker with low privileges to compromise the system. This issue affects all versions prior to 8.1.0. By exploiting this vulnerability, attackers can gain control over Oracle Analytics Desktop, impacting confidentiality, integrity, and availability of the data processed. Organizations using vulnerable versions are advised to upgrade to mitigate potential risks. For detailed information, refer to the Oracle advisory.",Oracle,Oracle Analytics Desktop,7.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:09.111Z,0
CVE-2025-21524,https://securityvulnerability.io/vulnerability/CVE-2025-21524,Unauthenticated Remote Code Execution in JD Edwards EnterpriseOne Tools from Oracle,"A significant vulnerability exists in Oracle's JD Edwards EnterpriseOne Tools, specifically concerning its Monitoring and Diagnostics SEC component. This vulnerability allows an unauthenticated attacker with network access through HTTP to potentially compromise the system. If exploited, attackers can gain control of JD Edwards EnterpriseOne Tools, posing serious risks to data confidentiality, integrity, and availability. The affected versions are those prior to 9.2.9.0. Organizations using this software should review their security posture and apply necessary updates to mitigate risks.",Oracle,Jd Edwards Enterpriseone Tools,9.8,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:05.881Z,0
CVE-2025-21521,https://securityvulnerability.io/vulnerability/CVE-2025-21521,Denial of Service Vulnerability in MySQL Server by Oracle,"A vulnerability in Oracle's MySQL Server, specifically within the Thread Pooling component, allows an unauthenticated attacker to exploit the server over multiple network protocols. This can lead to significant disruptions, including the potential for repeated system crashes, resulting in a denial of service. Affected versions include MySQL Server 8.0.39 and earlier, 8.4.2 and earlier, and 9.0.1 and earlier, necessitating immediate attention and patching to ensure system stability and security.",Oracle,Mysql Server,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:04.705Z,0
CVE-2025-21516,https://securityvulnerability.io/vulnerability/CVE-2025-21516,Vulnerability in Oracle E-Business Suite's Customer Care Component,"A vulnerability exists in the Oracle Customer Care component of the Oracle E-Business Suite, affecting versions 12.2.5 through 12.2.13. This security flaw can be exploited by low-privileged attackers with network access, allowing them to perform unauthorized actions such as creating, deleting, or modifying critical data. By exploiting this vulnerability, attackers can gain complete access to all data within Oracle Customer Care, potentially leading to significant data compromise.",Oracle,Oracle Customer Care,8.1,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:02.395Z,0
CVE-2025-21515,https://securityvulnerability.io/vulnerability/CVE-2025-21515,Critical Vulnerability in JD Edwards EnterpriseOne Tools by Oracle,"This vulnerability affects Oracle's JD Edwards EnterpriseOne Tools, specifically the Web Runtime SEC component. When exploited, it allows low-privileged attackers with network access via HTTP to take control of the JD Edwards EnterpriseOne Tools software. All versions prior to 9.2.9.0 are at risk, making it crucial for organizations using this software to assess their exposure and promptly implement security updates.",Oracle,Jd Edwards Enterpriseone Tools,8.8,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:01.910Z,0
CVE-2025-21511,https://securityvulnerability.io/vulnerability/CVE-2025-21511,Unauthorized Access Vulnerability in Oracle JD Edwards EnterpriseOne Tools,"A vulnerability exists in Oracle JD Edwards EnterpriseOne Tools, specifically within the Web Runtime SEC component. This weakness allows unauthenticated attackers with network access via HTTP to gain unauthorized access to sensitive data. If exploited, it could lead to significant data breaches, granting an attacker complete control over the accessible data for JD Edwards EnterpriseOne Tools. It is crucial for organizations using affected versions prior to 9.2.9.0 to take preventive measures against potential exploitation.",Oracle,Jd Edwards Enterpriseone Tools,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:00.184Z,0
CVE-2025-21510,https://securityvulnerability.io/vulnerability/CVE-2025-21510,Web Runtime Security Flaw in JD Edwards EnterpriseOne Tools by Oracle,"An exploitable security vulnerability exists in JD Edwards EnterpriseOne Tools, specifically affecting versions prior to 9.2.9.0. This flaw allows unauthenticated attackers with network access via HTTP to gain unauthorized access to sensitive data. Successful exploitation could lead to complete access to all information within the JD Edwards EnterpriseOne Tools environment, compromising the integrity and confidentiality of critical data assets.",Oracle,Jd Edwards Enterpriseone Tools,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:52:59.628Z,0
CVE-2025-21506,https://securityvulnerability.io/vulnerability/CVE-2025-21506,Improper Access Control in Oracle E-Business Suite Technology Foundation,"A vulnerability in the Oracle Project Foundation component of Oracle E-Business Suite allows an unauthorized user with minimal privileges to manipulate sensitive data. Exploiting this vulnerability can lead to unauthorized creation, deletion, or modification of accessible data, as well as the potential for full access to critical data within the affected system. This poses significant risks to data integrity and confidentiality for organizations using the affected versions.",Oracle,Oracle Project Foundation,8.1,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:52:58.034Z,0
CVE-2019-2483,https://securityvulnerability.io/vulnerability/CVE-2019-2483,Vulnerability in Oracle iStore Affecting Oracle E-Business Suite,"The vulnerability within Oracle iStore, part of the Oracle E-Business Suite, poses a significant risk by allowing unauthenticated attackers with network access via HTTP to compromise the system. The vulnerability can be exploited through user interaction with a malicious link or scripted payload, requiring engagement from a targeted individual. While it primarily affects Oracle iStore, successful exploitation can lead to unauthorized access to critical data files and manipulation of accessible Oracle iStore data. Affected versions include 12.1.1 through 12.2.8, highlighting the urgent need for security updates to mitigate potential risks associated with this vulnerability.",Oracle,Oracle Istore,8.2,HIGH,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-12-24T19:00:09.862Z,0
CVE-2024-21287,https://securityvulnerability.io/vulnerability/CVE-2024-21287,Oracle Agile PLM Framework Vulnerability Affects 9.3.6 Version,"CVE-2024-21287 is a critical vulnerability in the Oracle Agile PLM Framework affecting version 9.3.6. The flaw allows for unauthorized access to sensitive data and file disclosure, with a high CVSS score of 7.5. The vulnerability has been actively exploited in the wild, potentially allowing threat actors to download files from targeted systems. It was discovered by security researchers from CrowdStrike, and Oracle has urged users to apply the latest patches for protection. The impact of exploitation could lead to unauthorized access to critical data, emphasizing the need for swift mitigation measures. While it's unclear who the perpetrators are and their targets, the urgency of addressing this issue is highlighted by the active exploitation and potential for significant impact.",Oracle,Oracle Agile Plm Framework,7.5,HIGH,0.016340000554919243,true,2024-11-21T00:00:00.000Z,true,false,true,2024-11-19T16:51:34.000Z,,false,false,,2024-11-18T22:15:00.000Z,0
CVE-2024-21285,https://securityvulnerability.io/vulnerability/CVE-2024-21285,Oracle Banking Liquidity Management Vulnerability,"A vulnerability in the Oracle Banking Liquidity Management product facilitates remote exploitation by low privileged attackers with network access through HTTP. Exploitation requires interaction from an external user, creating a risk for system integrity and possible unauthorized takeover of the application. Protection strategies should focus on mitigating risks associated with unauthorized access and ensuring robust network security.",Oracle,Oracle Banking Liquidity Management,7.1,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-10-15T19:53:03.465Z,0
CVE-2024-21284,https://securityvulnerability.io/vulnerability/CVE-2024-21284,Oracle Banking Liquidity Management Vulnerability Allows Low Privileged Attackers to Compromise System,"A vulnerability exists in Oracle Banking Liquidity Management, specifically in the Reports component. This security flaw has the potential to be exploited by a low-privileged attacker who has network access via HTTP. Notably, this exploitation requires human interaction from a person other than the attacker, which adds a layer of complexity to the attack. If successfully exploited, this vulnerability could allow unauthorized access leading to a potential takeover of the Oracle Banking Liquidity Management system. Users and administrators of affected versions should be aware of this risk and take appropriate measures to secure their applications.",Oracle,Oracle Banking Liquidity Management,7.1,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-10-15T19:53:03.156Z,0
CVE-2024-21283,https://securityvulnerability.io/vulnerability/CVE-2024-21283,Vulnerability in Oracle PeopleSoft Global Payroll Core,"A critical vulnerability has been identified in Oracle's PeopleSoft Enterprise HCM Global Payroll Core product, specifically within the Global Payroll for Core component. This vulnerability impacts versions 9.2.48 through 9.2.50 and allows attackers with low-level privileges and network access via HTTP to exploit it. Successful exploitation can lead to unauthorized creation, deletion, or modification of critical data. Attackers could potentially gain complete access to all data within the PeopleSoft Enterprise HCM Global Payroll Core, jeopardizing the integrity and confidentiality of sensitive information. Organizations using the affected versions should prioritize applying the necessary patches to safeguard against these risks.",Oracle,Peoplesoft Enterprise Hcm Global Payroll Core,8.1,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-10-15T19:53:02.811Z,0
CVE-2024-21282,https://securityvulnerability.io/vulnerability/CVE-2024-21282,Vulnerability in Oracle Financials of Oracle E-Business Suite,"A critical vulnerability has been identified in the Oracle Financials component of Oracle E-Business Suite, specifically impacting versions 12.2.3 through 12.2.13. This vulnerability can be exploited by low-privileged attackers with network access via HTTP, allowing them to potentially compromise sensitive financial data. Successful exploitation can lead to unauthorized creation, deletion, or modification of critical data, posing significant risks to the confidentiality and integrity of Oracle Financials data. Organizations utilizing these versions should take immediate action to mitigate the risks associated with this vulnerability. For further details, refer to the official Oracle advisory.",Oracle,Oracle Financials,8.1,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-10-15T19:53:02.474Z,0
CVE-2024-21280,https://securityvulnerability.io/vulnerability/CVE-2024-21280,Oracle Service Contracts Vulnerability: Confidentiality and Integrity at Risk,"This vulnerability resides within the Oracle Service Contracts component of the Oracle E-Business Suite, impacting versions 12.2.5 through 12.2.13. It enables low-privileged attackers with network access via HTTP to exploit weaknesses in the system. This could lead to unauthorized creation, deletion, or modification of critical data associated with all Oracle Service Contracts. Successful exploitation permits attackers to gain complete access to sensitive data stored in the affected product, posing significant risks to data confidentiality and integrity.",Oracle,Oracle Service Contracts,8.1,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-10-15T19:53:01.851Z,0
CVE-2024-21279,https://securityvulnerability.io/vulnerability/CVE-2024-21279,Information Disclosure Vulnerability in Oracle Sourcing Product,"A security vulnerability exists in the Oracle Sourcing component of the Oracle E-Business Suite, specifically affecting versions 12.2.3 through 12.2.13. This easily exploitable vulnerability allows attackers with low privileges and network access via HTTP to manipulate the application's functionality. Successful exploitation may lead to unauthorized creation, modification, or deletion of critical data within Oracle Sourcing. Attackers may gain critical access to all data accessible by the application, significantly impacting the confidentiality and integrity of sensitive business information. Organizations using affected versions are advised to review the Oracle security advisory for mitigation strategies.",Oracle,Oracle Sourcing,8.1,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-10-15T19:53:01.330Z,0
CVE-2024-21278,https://securityvulnerability.io/vulnerability/CVE-2024-21278,Vulnerability in Oracle E-Business Suite Contract Lifecycle Management Affecting Data Security,"A significant vulnerability has been identified in the Oracle Contract Lifecycle Management for Public Sector, part of the Oracle E-Business Suite. This vulnerability impacts versions 12.2.3 through 12.2.13 and poses a risk to organizations using this software. The flaw allows low privileged attackers to exploit the system remotely via HTTP, potentially granting them unauthorized capabilities such as the creation, deletion, or alteration of critical data. Effective exploitation may lead to complete unauthorized access to all data managed by the Oracle Contract Lifecycle Management for Public Sector. Organizations are urged to assess their current versions and apply necessary updates to safeguard against potential breaches. Refer to Oracle's official advisory for further details and mitigation steps.",Oracle,Oracle Contract Lifecycle Management For Public Sector,8.1,HIGH,0.0004799999878741801,false,,false,false,false,,,false,false,,2024-10-15T19:53:00.988Z,0