Vulnerabilities in Oracle Corporation

5,160 results
Vexday analysis

Com 5.160 CVEs catalogadas e 376 surgidas apenas nos últimos 90 dias, o portfólio de vulnerabilidades da Oracle Corporation reflete a amplitude e complexidade de seu ecossistema de produtos. A taxa de exploração ativa — 26 entradas no CISA KEV, representando 0,5% do total — está em linha com a média geral do catálogo, mas o EPSS máximo observado de 1,0 indica que ao menos uma vulnerabilidade concentra probabilidade praticamente certa de exploração: CVE-2020-14882, uma falha ativa com EPSS de 1,0 que deve ser tratada como prioridade absoluta em qualquer ambiente Oracle. O tipo de falha mais recorrente, CWE-284 (controle de acesso impróprio), associado às 254 vulnerabilidades críticas e 74 com prova de conceito pública, sugere que superfícies de exposição relacionadas a autorização e gerenciamento de permissões merecem atenção redobrada nas avaliações de risco e nos ciclos de patching.

CVE-2026-46940HIGHVulnerability in the Oracle Cost Management product of Oracle E-Business Suite (component: Cost Planning). Supported versions that are affeEPSS 0.4%CVE-2026-46779CRITICALVulnerability in the Oracle WebCenter Enterprise Capture product of Oracle Fusion Middleware (component: Client Bundle). Supported versionsEPSS 0.4%CVE-2026-46947HIGHVulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Internal Operations). Supported versEPSS 0.4%CVE-2026-46929HIGHVulnerability in the Oracle Cost Management product of Oracle E-Business Suite (component: Cost Planning). Supported versions that are affeEPSS 0.4%CVE-2026-46793CRITICALVulnerability in the Identity Manager Connector product of Oracle Fusion Middleware (component: Database User). Supported versions that areEPSS 0.4%CVE-2023-22004MEDIUMVulnerability in the Oracle Applications Technology product of Oracle E-Business Suite (component: Reports Configuration). Supported versioEPSS 0.4%CVE-2024-21101LOWVulnerability in the MySQL Cluster product of Oracle MySQL (component: Cluster: General). Supported versions that are affected are 7.5.33 aEPSS 0.4%CVE-2019-2397Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Food and Beverage Applications. The supported version thEPSS 0.4%CVE-2019-2412Vulnerability in the Sun ZFS Storage Appliance Kit (AK) component of Oracle Sun Systems Products Suite (subcomponent: Object Store). The supEPSS 0.4%CVE-2021-35538HIGHVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is PrioEPSS 0.4%CVE-2024-21152HIGHVulnerability in the Oracle Process Manufacturing Financials product of Oracle E-Business Suite (component: Allocation Rules). Supported veEPSS 0.4%CVE-2024-21167HIGHVulnerability in the Oracle Trading Community product of Oracle E-Business Suite (component: Party Search UI). Supported versions that are EPSS 0.4%CVE-2024-21191HIGHVulnerability in the Oracle Enterprise Manager Fusion Middleware Control product of Oracle Fusion Middleware (component: FMW Control Plugin)EPSS 0.4%CVE-2024-21116HIGHVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are PrioEPSS 0.4%CVE-2024-21143MEDIUMVulnerability in the Oracle iStore product of Oracle E-Business Suite (component: User Management). Supported versions that are affected arEPSS 0.4%CVE-2017-10054Vulnerability in the Oracle Hospitality Cruise Materials Management component of Oracle Hospitality Applications (subcomponent: MMS). The suEPSS 0.4%CVE-2025-21552MEDIUMVulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). SupporteEPSS 0.4%CVE-2023-22126MEDIUMVulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that EPSS 0.4%CVE-2023-21903MEDIUMVulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: OBVAM Internal EPSS 0.4%CVE-2023-21904MEDIUMVulnerability in the Oracle Banking Virtual Account Management product of Oracle Financial Services Applications (component: OBVAM Trn JournEPSS 0.4%