Vulnerabilities in Oracle Corporation

5,160 results
Vexday analysis

Com 5.160 CVEs catalogadas e 376 surgidas apenas nos últimos 90 dias, o portfólio de vulnerabilidades da Oracle Corporation reflete a amplitude e complexidade de seu ecossistema de produtos. A taxa de exploração ativa — 26 entradas no CISA KEV, representando 0,5% do total — está em linha com a média geral do catálogo, mas o EPSS máximo observado de 1,0 indica que ao menos uma vulnerabilidade concentra probabilidade praticamente certa de exploração: CVE-2020-14882, uma falha ativa com EPSS de 1,0 que deve ser tratada como prioridade absoluta em qualquer ambiente Oracle. O tipo de falha mais recorrente, CWE-284 (controle de acesso impróprio), associado às 254 vulnerabilidades críticas e 74 com prova de conceito pública, sugere que superfícies de exposição relacionadas a autorização e gerenciamento de permissões merecem atenção redobrada nas avaliações de risco e nos ciclos de patching.

CVE-2026-46926HIGHVulnerability in the Siebel CRM Cloud Applications product of Oracle Siebel CRM (component: Siebel Cloud Manager). Supported versions that EPSS 0.1%CVE-2026-46888HIGHVulnerability in the Siebel CRM Deployment product of Oracle Siebel CRM (component: Database Upgrade). Supported versions that are affectedEPSS 0.1%CVE-2025-50070MEDIUMVulnerability in the JDBC component of Oracle Database Server. Supported versions that are affected are 23.4-23.8. Difficult to exploit vulEPSS 0.1%CVE-2026-34281MEDIUMVulnerability in the Oracle Solaris product of Oracle Systems (component: Kernel). The supported version that is affected is 11.4. Easily EPSS 0.1%CVE-2026-35266HIGHVulnerability in Oracle REST Data Services (component: Core). Supported versions that are affected are 24.2.0-26.1.0. Difficult to exploit EPSS 0.1%CVE-2026-21979MEDIUMVulnerability in the Oracle Planning and Budgeting Cloud Service product of Oracle Hyperion (component: EPM Agent). The supported version EPSS 0.1%CVE-2026-46873HIGHVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: VMSVGA device). The supported version that is affecEPSS 0.1%CVE-2026-21942MEDIUMVulnerability in the Oracle Solaris product of Oracle Systems (component: Filesystems). Supported versions that are affected are 10 and 11EPSS 0.1%CVE-2026-35243HIGHVulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported vEPSS 0.1%CVE-2026-34325MEDIUMVulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (comEPSS 0.1%CVE-2026-35250LOWVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.EPSS 0.1%CVE-2026-21996LOWAn unprivileged attacker can reliably trigger a crash of the dtrace process with a malicious ELF binary due to an integer Divide-by-Zero in EPSS 0.1%CVE-2026-35249LOWVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.EPSS 0.1%CVE-2026-35233MEDIUMAn unprivileged attacker can craft a user-space process with a malicious ELF binary containing an out-of-range sh_link field. When root-leveEPSS 0.1%CVE-2026-35242HIGHVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.EPSS 0.1%CVE-2026-35251HIGHVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.EPSS 0.1%CVE-2026-35246HIGHVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.EPSS 0.1%CVE-2026-22003MEDIUMVulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions tEPSS 0.1%CVE-2026-8863HIGHCVE-2026-8863EPSS 0.1%CVE-2026-35248MEDIUMVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). The supported version that is affected is 7.EPSS 0.1%