CISA · government feed
Known Exploited Vulnerabilities
Vulnerabilities under active exploitation, mandated by CISA for federal patching.
42 total matches · showing 42
| CVE | Vendor / Product | Status | ||
|---|---|---|---|---|
| CVE-2025-61757 | Oracle Fusion Middleware | Oracle Fusion Middleware Missing Authentication for Critical Function Vulnerability | 2025-11-21 | Active |
| CVE-2025-61884 | Oracle E-Business Suite | Oracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability | 2025-10-20 | Ransomware |
| CVE-2025-61882 | Oracle E-Business Suite | Oracle E-Business Suite Unspecified Vulnerability | 2025-10-06 | Ransomware |
| CVE-2024-20953 | Oracle Agile Product Lifecycle Management (PLM) | Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability | 2025-02-24 | Active |
| CVE-2020-2883 | Oracle WebLogic Server | Oracle WebLogic Server Unspecified Vulnerability | 2025-01-07 | Active |
| CVE-2024-21287 | Oracle Agile Product Lifecycle Management (PLM) | Oracle Agile Product Lifecycle Management (PLM) Incorrect Authorization Vulnerability | 2024-11-21 | Active |
| CVE-2022-21445 | Oracle ADF Faces | Oracle ADF Faces Deserialization of Untrusted Data Vulnerability | 2024-09-18 | Active |
| CVE-2020-14644 | Oracle WebLogic Server | Oracle WebLogic Server Remote Code Execution Vulnerability | 2024-09-18 | Active |
| CVE-2017-3506 | Oracle WebLogic Server | Oracle WebLogic Server OS Command Injection Vulnerability | 2024-06-03 | Active |
| CVE-2020-2551 | Oracle Fusion Middleware | Oracle Fusion Middleware Unspecified Vulnerability | 2023-11-16 | Active |
| CVE-2016-3427 | Oracle Java SE and JRockit | Oracle Java SE and JRockit Unspecified Vulnerability | 2023-05-12 | Active |
| CVE-2023-21839 | Oracle WebLogic Server | Oracle WebLogic Server Unspecified Vulnerability | 2023-05-01 | Active |
| CVE-2022-21587 | Oracle E-Business Suite | Oracle E-Business Suite Unspecified Vulnerability | 2023-02-02 | Ransomware |
| CVE-2021-35587 | Oracle Fusion Middleware | Oracle Fusion Middleware Unspecified Vulnerability | 2022-11-28 | Active |
| CVE-2018-2628 | Oracle WebLogic Server | Oracle WebLogic Server Unspecified Vulnerability | 2022-09-08 | Active |
| CVE-2010-0840 | Oracle Java Runtime Environment (JRE) | Oracle JRE Unspecified Vulnerability | 2022-05-25 | Active |
| CVE-2012-1710 | Oracle Fusion Middleware | Oracle Fusion Middleware Unspecified Vulnerability | 2022-05-25 | Ransomware |
| CVE-2013-0422 | Oracle Java Runtime Environment (JRE) | Oracle JRE Remote Code Execution Vulnerability | 2022-05-25 | Active |
| CVE-2013-0431 | Oracle Java Runtime Environment (JRE) | Oracle JRE Sandbox Bypass Vulnerability | 2022-05-25 | Ransomware |
| CVE-2013-2423 | Oracle Java Runtime Environment (JRE) | Oracle JRE Unspecified Vulnerability | 2022-05-25 | Active |
| CVE-2019-3010 | Oracle Solaris | Oracle Solaris Privilege Escalation Vulnerability | 2022-05-25 | Active |
| CVE-2012-0518 | Oracle Fusion Middleware | Oracle Fusion Middleware Unspecified Vulnerability | 2022-03-28 | Active |
| CVE-2012-5076 | Oracle Java SE | Oracle Java SE Sandbox Bypass Vulnerability | 2022-03-28 | Active |
| CVE-2013-2465 | Oracle Java SE | Oracle Java SE Unspecified Vulnerability | 2022-03-28 | Ransomware |
| CVE-2019-2616 | Oracle BI Publisher (Formerly XML Publisher) | Oracle BI Publisher Unauthorized Access Vulnerability | 2022-03-25 | Active |
| CVE-2008-3431 | Oracle VirtualBox | Oracle VirtualBox Insufficient Input Validation Vulnerability | 2022-03-03 | Active |
| CVE-2011-3544 | Oracle Java SE JDK and JRE | Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability | 2022-03-03 | Active |
| CVE-2012-0507 | Oracle Java SE | Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability | 2022-03-03 | Ransomware |
| CVE-2012-1723 | Oracle Java SE | Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability | 2022-03-03 | Ransomware |
| CVE-2012-4681 | Oracle Java SE | Oracle Java SE Runtime Environment (JRE) Arbitrary Code Execution Vulnerability | 2022-03-03 | Ransomware |
| CVE-2015-2590 | Oracle Java SE | Oracle Java SE and Java SE Embedded Remote Code Execution Vulnerability | 2022-03-03 | Active |
| CVE-2015-4902 | Oracle Java SE | Oracle Java SE Integrity Check Vulnerability | 2022-03-03 | Active |
| CVE-2017-10271 | Oracle WebLogic Server | Oracle Corporation WebLogic Server Remote Code Execution Vulnerability | 2022-02-10 | Ransomware |
| CVE-2020-14864 | Oracle Intelligence Enterprise Edition | Oracle Business Intelligence Enterprise Edition Path Transversal | 2022-01-18 | Active |
| CVE-2019-2725 | Oracle WebLogic Server | Oracle WebLogic Server, Injection | 2022-01-10 | Ransomware |
| CVE-2020-14883 | Oracle WebLogic Server | Oracle WebLogic Server Unspecified Vulnerability | 2021-11-03 | Active |
| CVE-2020-14882 | Oracle WebLogic Server | Oracle WebLogic Server Remote Code Execution Vulnerability | 2021-11-03 | Active |
| CVE-2020-14750 | Oracle WebLogic Server | Oracle WebLogic Server Remote Code Execution Vulnerability | 2021-11-03 | Active |
| CVE-2015-4852 | Oracle WebLogic Server | Oracle WebLogic Server Deserialization of Untrusted Data Vulnerability | 2021-11-03 | Active |
| CVE-2020-14871 | Oracle Solaris and Zettabyte File System (ZFS) | Oracle Solaris and Zettabyte File System (ZFS) Unspecified Vulnerability | 2021-11-03 | Active |
| CVE-2012-3152 | Oracle Fusion Middleware | Oracle Fusion Middleware Unspecified Vulnerability | 2021-11-03 | Active |
| CVE-2020-2555 | Oracle Multiple Products | Oracle Multiple Products Remote Code Execution Vulnerability | 2021-11-03 | Active |
Feedback
How was this page?
Spotted something off, or have an idea? Let us know.