cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2025-21571,https://securityvulnerability.io/vulnerability/CVE-2025-21571,Unauthorized Access Vulnerability in Oracle VM VirtualBox by Oracle,"Oracle VM VirtualBox is susceptible to a vulnerability that enables a high-privileged user with logon access to the infrastructure to compromise the application. Attackers can potentially create, delete, or modify critical data, while also gaining unauthorized read access to a subset of data. This vulnerability may lead to partial denial of service, impacting various functionalities. Users of affected versions prior to 7.0.24 and 7.1.6 should implement necessary updates to mitigate the risks associated with this vulnerability.",Oracle,Oracle Vm Virtualbox,7.3,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:24.368Z,0
CVE-2025-21570,https://securityvulnerability.io/vulnerability/CVE-2025-21570,Unauthenticated Access Vulnerability in Oracle Life Sciences Argus Safety,"An unauthenticated access vulnerability exists in the Oracle Life Sciences Argus Safety product, which is part of Oracle Health Sciences Applications. This vulnerability can be exploited by an attacker with network access via HTTP to compromise the application. The attack requires human interaction from a third-party user, potentially leading to unauthorized updates, inserts, or deletions of accessible data. Additionally, there is a risk of unauthorized read access to certain sensitive data within Oracle Life Sciences Argus Safety. While the vulnerability is specific to this product, its implications may extend to other products in its ecosystem.",Oracle,Oracle Life Sciences Argus Safety,6.1,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:24.000Z,0
CVE-2025-21569,https://securityvulnerability.io/vulnerability/CVE-2025-21569,Web Services Vulnerability in Oracle Hyperion Data Relationship Management,"A vulnerability exists in the Web Services component of Oracle Hyperion Data Relationship Management, affecting version 11.2.19.0.000. This vulnerability can be exploited by an attacker with high privileges and network access via HTTP. Successful exploitation may allow an attacker to take control of the Oracle Hyperion Data Relationship Management product, potentially compromising confidentiality, integrity, and availability of sensitive data managed by the system.",Oracle,Oracle Hyperion Data Relationship Management,6.6,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:23.520Z,0
CVE-2025-21568,https://securityvulnerability.io/vulnerability/CVE-2025-21568,Access and Security Vulnerability in Oracle Hyperion Data Relationship Management,"A vulnerability within the Access and Security component of Oracle Hyperion Data Relationship Management version 11.2.19.0.000 allows high-privileged attackers with network access via HTTP to compromise the system. Successful exploitation of this vulnerability necessitates human interaction from someone other than the attacker's party, potentially leading to unauthorized access to critical data or comprehensive access to all data within Oracle Hyperion Data Relationship Management.",Oracle,Oracle Hyperion Data Relationship Management,4.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:23.155Z,0
CVE-2025-21567,https://securityvulnerability.io/vulnerability/CVE-2025-21567,MySQL Server Vulnerability in Oracle MySQL Product,"A vulnerability exists in the MySQL Server component of Oracle MySQL, making versions 9.1.0 and prior susceptible to exploitation. An attacker with low privileges and network access can exploit this vulnerability through multiple protocols. Successful exploitation can lead to unauthorized read access to sensitive data within MySQL Server. Organizations using affected versions should apply security patches promptly to mitigate potential risks associated with this vulnerability.",Oracle,Mysql Server,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:22.751Z,0
CVE-2025-21566,https://securityvulnerability.io/vulnerability/CVE-2025-21566,Denial of Service Vulnerability in MySQL Server by Oracle,"A vulnerability has been identified in Oracle's MySQL Server that allows a low-privileged attacker with network access to exploit the system using multiple protocols. The flaw can lead to unauthorized actions, resulting in a denial of service condition characterized by a hang or repeatable crash of the MySQL Server product. This critical aspect of the vulnerability emphasizes the need for immediate attention and remediation in affected versions to maintain system integrity and availability.",Oracle,Mysql Server,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:22.396Z,0
CVE-2025-21565,https://securityvulnerability.io/vulnerability/CVE-2025-21565,Unauthenticated Network Access Vulnerability in Oracle Agile PLM Framework by Oracle,"The vulnerability within the Oracle Agile PLM Framework allows unauthenticated attackers with network access through HTTP to exploit the system, potentially compromising sensitive data. Attackers can gain unauthorized access to all accessible information within Oracle Agile PLM Framework, raising significant security concerns for users relying on this product. It is crucial for organizations utilizing the affected version to apply recommended security updates to mitigate the associated risks.",Oracle,Oracle Agile Plm Framework,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:22.045Z,0
CVE-2025-21564,https://securityvulnerability.io/vulnerability/CVE-2025-21564,Vulnerability in Oracle Agile PLM Framework Affects Data Security,"A vulnerability in the Oracle Agile PLM Framework's Agile Integration Services component allows attackers with low privileges and network access via HTTP to exploit the system. Successful exploitation can result in unauthorized access to sensitive data and potentially lead to a denial-of-service, causing unacceptable downtime. This flaw poses significant risks to data confidentiality and system availability, highlighting the need for immediate patching and safeguarding measures.",Oracle,Oracle Agile Plm Framework,8.1,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:21.675Z,0
CVE-2025-21563,https://securityvulnerability.io/vulnerability/CVE-2025-21563,Vulnerability in Oracle PeopleSoft Enterprise CC Run Control Management,"A vulnerability has been identified in the Run Control Management component of Oracle PeopleSoft Enterprise CC Common Application Objects, which could allow a low-privileged attacker with network access via HTTP to manipulate the application. This exploitation can lead to unauthorized updates, inserts, or deletions of data within some application objects, impacting the integrity of the data being processed.",Oracle,Peoplesoft Enterprise Cc Common Application Objects,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:21.250Z,0
CVE-2025-21562,https://securityvulnerability.io/vulnerability/CVE-2025-21562,Low Privilege Vulnerability in Oracle PeopleSoft Enterprise CC Application,"A vulnerability exists in Oracle People's PeopleSoft Enterprise CC Common Application Objects, specifically in the Run Control Management component. This flaw allows low-privileged attackers with network access via HTTP to exploit the system. Successful exploitation can lead to unauthorized read access to a portion of the accessible data within the PeopleSoft system, which can have implications for data confidentiality. Consequently, organizations using this version should take measures to mitigate potential breaches and secure their applications.",Oracle,Peoplesoft Enterprise Cc Common Application Objects,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:20.855Z,0
CVE-2025-21561,https://securityvulnerability.io/vulnerability/CVE-2025-21561,Vulnerability in Oracle PeopleSoft Enterprise SCM Purchasing 9.2,"A vulnerability exists in Oracle PeopleSoft Enterprise SCM Purchasing 9.2 that allows low privileged attackers with network access via HTTP to manipulate accessible data. This flaw can lead to unauthorized updates, insertions, or deletions, as well as unauthorized read access to a subset of data within the system. The issue arises from improper access controls, making it easy for attackers to exploit the system and potentially compromise data integrity and confidentiality.",Oracle,Peoplesoft Enterprise Scm Purchasing,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:20.489Z,0
CVE-2025-21560,https://securityvulnerability.io/vulnerability/CVE-2025-21560,Vulnerability in Oracle Agile PLM Framework of Oracle Supply Chain,"A vulnerability exists within the Oracle Agile PLM Framework that allows low privileged attackers with network access via HTTP to exploit the system. The flaw specifically impacts version 9.3.6, potentially giving unauthorized users access to sensitive data and compromising the integrity of the data managed within the Oracle Agile PLM Framework. This poses a significant risk to users relying on this platform for data security.",Oracle,Oracle Agile Plm Framework,6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:20.101Z,0
CVE-2025-21559,https://securityvulnerability.io/vulnerability/CVE-2025-21559,Remote Code Execution Vulnerability in Oracle MySQL Server,"A vulnerability exists in Oracle's MySQL Server, specifically within the InnoDB component, which allows a high-privileged attacker with network access to exploit the system. Affected versions include MySQL Server 8.0.40 and earlier, 8.4.3 and earlier, and 9.1.0 and earlier. The exploit can cause severe disruptions, including denial of service (DoS) due to server hangs or crashes, as well as unauthorized modifications to accessible data. This vulnerability raises significant concerns regarding the integrity and availability of data handled by MySQL Server.",Oracle,Mysql Server,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:19.677Z,0
CVE-2025-21558,https://securityvulnerability.io/vulnerability/CVE-2025-21558,Vulnerability in Primavera P6 Enterprise Project Portfolio Management by Oracle,"A vulnerability has been identified in Oracle's Primavera P6 Enterprise Project Portfolio Management, specifically within the Web Access component. This flaw allows low-privileged attackers with network access via HTTP to exploit the system, requiring human interaction from a third party. Although primarily affecting Primavera P6, successful exploitation could have broader implications for associated products. Attackers may gain unauthorized capabilities to update, insert, delete, or read sensitive data within the system, compromising both confidentiality and integrity of the accessible data.",Oracle,Primavera P6 Enterprise Project Portfolio Management,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:19.286Z,0
CVE-2025-21557,https://securityvulnerability.io/vulnerability/CVE-2025-21557,Vulnerability in Oracle Application Express Affects Multiple Versions,"An exploitable vulnerability in Oracle Application Express allows a low privileged attacker with network access via HTTP to manipulate the application. Successful exploitation requires human interaction from an entity other than the attacker. While the vulnerability resides in Oracle Application Express, its repercussions may extend to other products, leading to unauthorized updates, inserts, or deletions of accessible data within the application. Furthermore, unauthorized read access to specific data sets within Oracle Application Express is also possible.",Oracle,Oracle Application Express,5.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:18.920Z,0
CVE-2025-21556,https://securityvulnerability.io/vulnerability/CVE-2025-21556,Vulnerability in Oracle Agile PLM Framework by Oracle affecting Integration Services,"A vulnerability exists in Oracle's Agile PLM Framework affecting version 9.3.6, specifically within Agile Integration Services. This flaw allows a low privileged attacker with network access via HTTP to potentially compromise the system. While primarily associated with the Agile PLM Framework, exploitation could also affect related products, highlighting the vulnerability's broader impact. Successful exploitation can lead to complete takeover of the Agile PLM Framework, undermining confidentiality, integrity, and availability.",Oracle,Oracle Agile Plm Framework,9.9,CRITICAL,0.0004299999854993075,false,,true,false,true,2025-01-22T07:25:35.000Z,false,false,false,,2025-01-21T20:53:18.494Z,0
CVE-2025-21555,https://securityvulnerability.io/vulnerability/CVE-2025-21555,MySQL Server Vulnerability in Oracle MySQL Affects Multiple Versions,"A vulnerability in Oracle's MySQL Server, specifically in the InnoDB component, allows a highly privileged attacker to exploit the database over network protocols. This could lead to significant disruptions, including the potential for continuous crashes of MySQL Server. Additionally, an attacker could gain unauthorized privileges to update, insert, or delete data, posing serious risks to data integrity and availability. Affected versions include 8.0.40 and earlier, 8.4.3 and earlier, and 9.1.0 and earlier. Mitigation is essential to protect against these vulnerabilities.",Oracle,Mysql Server,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:18.135Z,0
CVE-2025-21554,https://securityvulnerability.io/vulnerability/CVE-2025-21554,Unauthenticated Access Vulnerability in Oracle Communications Order and Service Management,"A security flaw exists in Oracle Communications Order and Service Management, allowing unauthenticated attackers with network access via HTTP to exploit this vulnerability. Affected versions include 7.4.0, 7.4.1, and 7.5.0. If successfully attacked, it can result in unauthorized read access to sensitive data, posing a risk to data confidentiality. Organizations using this application should apply the relevant security updates to mitigate risks associated with this vulnerability.",Oracle,Oracle Communications Order And Service Management,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:17.695Z,0
CVE-2025-21553,https://securityvulnerability.io/vulnerability/CVE-2025-21553,Vulnerability in Java VM of Oracle Database Server,"A vulnerability exists in the Java VM component of Oracle Database Server allowing a low-privileged attacker with specific privileges to exploit it. This vulnerability can enable unauthorized updates, insertions, or deletions of Java VM accessible data, as well as unauthorized reading of certain data. Affected versions include Oracle Database Server 19.3 to 19.25, 21.3 to 21.16, and 23.4 to 23.6. The vulnerability can be exploited over the network via Oracle Net, highlighting the need for immediate attention from users of affected versions to safeguard their data.",Oracle,Oracle Database Server,4.2,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:17.298Z,0
CVE-2025-21552,https://securityvulnerability.io/vulnerability/CVE-2025-21552,Vulnerability in JD Edwards EnterpriseOne Orchestrator by Oracle,"A vulnerability exists in the JD Edwards EnterpriseOne Orchestrator, enabling low privileged attackers with network access through HTTP to exploit the system. Affected versions prior to 9.2.9.2 could allow unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Orchestrator accessible data. This poses a significant risk to the confidentiality of sensitive information.",Oracle,Jd Edwards Enterpriseone Orchestrator,6.5,MEDIUM,0.0004900000058114529,false,,false,false,false,,false,false,false,,2025-01-21T20:53:16.924Z,0
CVE-2025-21551,https://securityvulnerability.io/vulnerability/CVE-2025-21551,Vulnerability in Oracle Solaris File System Leading to Data Compromise,"This vulnerability affects Oracle Solaris in its file system component, allowing an attacker with high privileges and logon credentials to compromise the system. Exploitation can lead to unauthorized creation, deletion, or modification of critical data, as well as the potential for a complete denial of service (DOS) through system hangs or crashes. The implications of this vulnerability are significant, as it affects the integrity and availability of all data accessible through Oracle Solaris.",Oracle,Oracle Solaris,6,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:16.560Z,0
CVE-2025-21550,https://securityvulnerability.io/vulnerability/CVE-2025-21550,Exploitable Web UI Vulnerability in Oracle Financial Services Behavior Detection Platform,"A vulnerability exists in the Web UI component of the Oracle Financial Services Behavior Detection Platform that allows an unauthenticated attacker with network access via HTTP to compromise the system. Exploitation of this vulnerability necessitates human interaction from a user other than the attacker. Although the primary target is the Behavior Detection Platform, successful exploitation could have broader implications, affecting other interconnected products. Consequences of an attack may include unauthorized access, modification, or deletion of accessible data, and unauthorized reading of certain stored data, thus posing risks to data confidentiality and integrity.",Oracle,Oracle Financial Services Behavior Detection Platform,6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,false,,2025-01-21T20:53:16.198Z,0
CVE-2025-21549,https://securityvulnerability.io/vulnerability/CVE-2025-21549,Denial of Service Vulnerability in Oracle WebLogic Server by Oracle,"A vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware enables unauthenticated attackers with network access via HTTP/2 to exploit the server. An attacker can easily compromise the Oracle WebLogic Server, leading to impacts such as server hangs or repeatable crashes, effectively resulting in a Denial of Service (DOS) condition. This flaw affects supported version 14.1.1.0.0 of the software.",Oracle,Oracle Weblogic Server,7.5,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:15.813Z,0
CVE-2025-21548,https://securityvulnerability.io/vulnerability/CVE-2025-21548,Vulnerability in Oracle MySQL Connectors: Connector/Python Exposed,"This vulnerability in Oracle MySQL Connectors (specifically, Connector/Python) poses significant risks for users of version 9.1.0 and earlier. A high-privileged attacker with network access can exploit the vulnerability through various protocols, necessitating human interaction from a victim other than the attacker. Successful exploitation may allow unauthorized creation, deletion, or modification of critical data, as well as unauthorized read access to sensitive information. Additionally, this vulnerability could result in a denial-of-service condition, leading to system hangs or crashes of the MySQL Connectors.",Oracle,Mysql Connectors,6.4,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:15.446Z,0
CVE-2025-21547,https://securityvulnerability.io/vulnerability/CVE-2025-21547,Unauthenticated Access Vulnerability in Oracle Hospitality OPERA 5 by Oracle,"An unauthenticated remote access vulnerability exists in Oracle Hospitality OPERA 5, allowing attackers with network access via HTTP to exploit the system. Affected versions include 5.6.19.20, 5.6.25.8, 5.6.26.6, and 5.6.27.1. Successful exploitation can lead to unauthorized access to critical data and the potential for Denial of Service, where the application may hang or experience frequent crashes. This poses significant risks to data confidentiality and system availability.",Oracle,Oracle Hospitality Opera 5,9.1,CRITICAL,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-21T20:53:15.077Z,0