oracle security advisories
60 threat alerts tracking vulnerabilities and security advisories that affect oracle products.
Vulnios monitors oracle CVE feeds, vendor advisories, CISA KEV listings, and exploit-prediction data continuously. Each alert below is enriched with severity, exploitation status, affected products, and a remediation path. Use this page to scan recent oracle security news in one place, or click into an individual alert for full detail.
Critical Vulnerability: CVE-2026-35305 — oracle — coherence
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Centralized Third Party Jars). The supported version that is affected is 15.1.1.0.0. Easily exploitable vulnerab
criticalCVE-2026-35305Critical Vulnerability: CVE-2026-46912 — oracle — jd_edwards_enterpriseone_tools
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime Security). Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vulne
criticalCVE-2026-46912Critical Vulnerability: CVE-2026-46913 — oracle — jd_edwards_enterpriseone_tools
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Installation Security). Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exploitable vuln
criticalCVE-2026-46913Critical Vulnerability: CVE-2026-46909 — oracle — jd_edwards_enterpriseone_tools
Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Enterprise Infrastructure Security). Supported versions that are affected are 9.2.0.0-9.2.26.2. Easily exp
criticalCVE-2026-46909Critical Vulnerability: CVE-2026-35294 — oracle — identity_manager
Vulnerability in the Identity Manager Connector product of Oracle Fusion Middleware (component: Mainframe Connectors). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily expl
criticalCVE-2026-35294Critical Vulnerability: CVE-2026-35304 — oracle — coherence
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0. Easily exploi
criticalCVE-2026-35304Critical Vulnerability: CVE-2026-35293 — oracle — webcenter_sites
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability a
criticalCVE-2026-35293Critical Vulnerability: CVE-2026-35296 — oracle — webcenter_sites
Vulnerability in the Oracle WebCenter Sites product of Oracle Fusion Middleware (component: WebCenter Sites). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable v
criticalCVE-2026-35296Critical Vulnerability: CVE-2026-35286 — oracle — webcenter_content
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.0.0. Easily exploitable
criticalCVE-2026-35286Critical Vulnerability: CVE-2026-46949 — oracle — advanced_outbound_telephony
Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitabl
criticalCVE-2026-46949Critical Vulnerability: CVE-2026-46857 — oracle — enterprise_manager_base_platform
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Oracle Management Service). Supported versions that are affected are 13.5 and 24.1. Easi
criticalCVE-2026-46857Critical Vulnerability: CVE-2026-46872 — oracle — enterprise_manager_base_platform
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Install). Supported versions that are affected are 13.5 and 24.1. Easily exploitable vul
criticalCVE-2026-46872Critical Vulnerability: CVE-2026-46852 — oracle — enterprise_manager_base_platform
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Metadata Plugin). Supported versions that are affected are 13.5 and 24.1. Easily exploit
criticalCVE-2026-46852Critical Vulnerability: CVE-2026-46900 — oracle — enterprise_command_center_framework
Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Core). Supported versions that are affected are V15 and V16. Easily exploitable vulnera
criticalCVE-2026-46900Critical Vulnerability: CVE-2026-46901 — oracle — enterprise_command_center_framework
Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Core). Supported versions that are affected are V15 and V16. Easily exploitable vulnera
criticalCVE-2026-46901Critical Vulnerability: CVE-2026-46946 — oracle — isupport
Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability all
criticalCVE-2026-46946Critical Vulnerability: CVE-2026-46853 — oracle — enterprise_manager_base_platform
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Metadata Plugin). Supported versions that are affected are 13.5 and 24.1. Easily exploit
criticalCVE-2026-46853Critical Vulnerability: CVE-2026-46895 — oracle — enterprise_command_center_framework
Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Core). Supported versions that are affected are V15 and V16. Easily exploitable vulnera
criticalCVE-2026-46895Critical Vulnerability: CVE-2026-46896 — oracle — enterprise_command_center_framework
Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Core). Supported versions that are affected are V15 and V16. Easily exploitable vulnera
criticalCVE-2026-46896Critical Vulnerability: CVE-2026-46854 — oracle — enterprise_manager_base_platform
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Target Management). Supported versions that are affected are 13.5 and 24.1. Easily explo
criticalCVE-2026-46854Critical Vulnerability: CVE-2026-46902 — oracle — enterprise_command_center_framework
Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Core). Supported versions that are affected are V15 and V16. Easily exploitable vulnera
criticalCVE-2026-46902Critical Vulnerability: CVE-2026-46856 — oracle — enterprise_manager_base_platform
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Metadata Plugin). Supported versions that are affected are 13.5 and 24.1. Easily exploit
criticalCVE-2026-46856Critical Vulnerability: CVE-2026-46899 — oracle — enterprise_command_center_framework
Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Core). Supported versions that are affected are V15 and V16. Easily exploitable vulnera
criticalCVE-2026-46899Critical Vulnerability: CVE-2026-46897 — oracle — enterprise_command_center_framework
Vulnerability in the Oracle Enterprise Command Center Framework product of Oracle E-Business Suite (component: Core). Supported versions that are affected are V15 and V16. Easily exploitable vulnera
criticalCVE-2026-46897Critical Vulnerability: CVE-2026-46944 — oracle — isupport
Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability all
criticalCVE-2026-46944Critical Vulnerability: CVE-2026-46795 — oracle — webcenter_content
Vulnerability in the Oracle WebCenter Content product of Oracle Fusion Middleware (component: Content Server). The supported version that is affected is 14.1.2.0.0. Easily exploitable vulnerability
criticalCVE-2026-46795Critical Vulnerability: CVE-2026-46855 — oracle — enterprise_manager_base_platform
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Metadata Plugin). Supported versions that are affected are 13.5 and 24.1. Easily exploit
criticalCVE-2026-46855Critical Vulnerability: CVE-2026-46875 — oracle — enterprise_manager_base_platform
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Deployment Library). Supported versions that are affected are 13.5 and 24.1. Easily expl
criticalCVE-2026-46875Critical Vulnerability: CVE-2026-46945 — oracle — isupport
Vulnerability in the Oracle iSupport product of Oracle E-Business Suite (component: Internal Operations). Supported versions that are affected are 12.2.3-12.2.15. Easily exploitable vulnerability all
criticalCVE-2026-46945Critical Vulnerability: CVE-2026-46832 — oracle — enterprise_manager_base_platform
Vulnerability in the Oracle Enterprise Manager Base Platform product of Oracle Enterprise Manager (component: Discovery Framework). Supported versions that are affected are 13.5 and 24.1. Easily exp
criticalCVE-2026-46832Critical Vulnerability: CVE-2016-5582 — oracle — jdk, jre
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, 8u102; and Java SE Embedded 8u101 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspo
criticalCVE-2016-5582Critical Vulnerability: CVE-2016-5556 — oracle — jdk, jre
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to 2D.
criticalCVE-2016-5556Critical Vulnerability: CVE-2016-5555 — oracle — database_server
Unspecified vulnerability in the OJVM component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote administrators to affect confidentiality, integrity, and availability via unknown vectors.
criticalCVE-2016-5555Critical Vulnerability: CVE-2016-3551 — oracle — weblogic_server
Unspecified vulnerability in the Oracle Web Services component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 12.1.3.0.0, and 12.2.1.0.0 allows remote attackers to affect confidentiality, integri
criticalCVE-2016-3551Critical Vulnerability: CVE-2016-5535 — oracle — weblogic_server
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, 12.2.1.0, and 12.2.1.1 allows remote attackers to affect confidentiality, integrity, a
criticalCVE-2016-5535Critical Vulnerability: CVE-2016-5568 — oracle — jdk, jre
Unspecified vulnerability in Oracle Java SE 6u121, 7u111, and 8u102 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to AWT.
criticalCVE-2016-5568Critical Vulnerability: CVE-2016-5599 — oracle — advanced_supply_chain_planning
Unspecified vulnerability in the Oracle Advanced Supply Chain Planning component in Oracle Supply Chain Products Suite 12.2.3 through 12.2.5 allows remote attackers to affect confidentiality and integ
criticalCVE-2016-5599Critical Vulnerability: CVE-2016-5531 — oracle — weblogic_server
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availab
criticalCVE-2016-5531Critical Vulnerability: CVE-2016-5580 — oracle — secure_global_desktop
Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization 4.7 and 5.2 allows remote authenticated users to affect confidentiality and availability via vectors through W
criticalCVE-2016-5580Critical Vulnerability: CVE-2016-5605 — oracle — vm_virtualbox
Unspecified vulnerability in the Oracle VM VirtualBox component before 5.1.4 in Oracle Virtualization allows remote attackers to affect confidentiality and integrity via vectors related to VRDE.
criticalCVE-2016-5605Critical Vulnerability: CVE-2016-3527 — oracle — demand_planning
Unspecified vulnerability in the Oracle Demand Planning component in Oracle Supply Chain Products Suite 12.1 and 12.2 allows remote attackers to affect confidentiality and integrity via vectors relate
criticalCVE-2016-3527Critical Vulnerability: CVE-2016-3609 — oracle — database
Unspecified vulnerability in the OJVM component in Oracle Database Server 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via
criticalCVE-2016-3609Critical Vulnerability: CVE-2016-3598 — oracle — jdk, jre
Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different
criticalCVE-2016-3598Critical Vulnerability: CVE-2016-3541 — oracle — common_applications_calendar
Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confident
criticalCVE-2016-3541Critical Vulnerability: CVE-2016-3499 — oracle — weblogic_server
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 12.1.3.0 and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availability via v
criticalCVE-2016-3499Critical Vulnerability: CVE-2016-3613 — oracle — secure_global_desktop
Unspecified vulnerability in the Oracle Secure Global Desktop component in Oracle Virtualization 4.63, 4.71, and 5.2 allows remote attackers to affect confidentiality, integrity, and availability via
criticalCVE-2016-3613Critical Vulnerability: CVE-2016-3587 — oracle — linux, jdk
Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.
criticalCVE-2016-3587Critical Vulnerability: CVE-2016-3606 — oracle — linux, jdk
Unspecified vulnerability in Oracle Java SE 7u101 and 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Hotspot.
criticalCVE-2016-3606Critical Vulnerability: CVE-2016-3468 — oracle — agile_engineering_data_management
Unspecified vulnerability in the Oracle Agile Engineering Data Management component in Oracle Supply Chain Products Suite 6.1.3.0 and 6.2.0.0 allows remote attackers to affect confidentiality, integri
criticalCVE-2016-3468Critical Vulnerability: CVE-2016-3493 — oracle — hyperion_financial_reporting
Unspecified vulnerability in the Hyperion Financial Reporting component in Oracle Hyperion 11.1.2.4 allows remote attackers to affect confidentiality, integrity, and availability via vectors related t
criticalCVE-2016-3493Critical Vulnerability: CVE-2016-3504 — oracle — jdeveloper
Unspecified vulnerability in the Oracle JDeveloper component in Oracle Fusion Middleware 11.1.1.7.0, 11.1.1.9.0, 11.1.2.4.0, 12.1.3.0.0, and 12.2.1.0.0 allows remote attackers to affect confidentialit
criticalCVE-2016-3504Critical Vulnerability: CVE-2016-3444 — oracle — retail_integration_bus
Unspecified vulnerability in the Oracle Retail Integration Bus component in Oracle Retail Applications 13.0, 13.1, 13.2, 14.0, 14.1, and 15.0 allows remote attackers to affect confidentiality, integri
criticalCVE-2016-3444Critical Vulnerability: CVE-2016-3556 — oracle — agile_product_lifecycle_management
Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality, integrity, and availability via vec
criticalCVE-2016-3556Critical Vulnerability: CVE-2016-3610 — oracle — jdk, jre
Unspecified vulnerability in Oracle Java SE 8u92 and Java SE Embedded 8u91 allows remote attackers to affect confidentiality, integrity, and availability via vectors related to Libraries, a different
criticalCVE-2016-3610Critical Vulnerability: CVE-2016-3586 — oracle — weblogic_server
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availab
criticalCVE-2016-3586Critical Vulnerability: CVE-2016-5453 — oracle — integrated_lights_out_manager_firmware
Unspecified vulnerability in the ILOM component in Oracle Sun Systems Products Suite 3.0, 3.1, and 3.2 allows remote attackers to affect confidentiality, integrity, and availability via vectors relate
criticalCVE-2016-5453Critical Vulnerability: CVE-2016-3607 — oracle — glassfish_server
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 3.0.1 and 3.1.2 allows remote attackers to affect confidentiality, integrity, and availability via vector
criticalCVE-2016-3607Critical Vulnerability: CVE-2016-3510 — oracle — weblogic_server
Unspecified vulnerability in the Oracle WebLogic Server component in Oracle Fusion Middleware 10.3.6.0, 12.1.3.0, and 12.2.1.0 allows remote attackers to affect confidentiality, integrity, and availab
criticalCVE-2016-3510Critical Vulnerability: CVE-2016-3546 — oracle — advanced_collections
Unspecified vulnerability in the Oracle Advanced Collections component in Oracle E-Business Suite 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and integrity via vectors
criticalCVE-2016-3546Critical Vulnerability: CVE-2016-3543 — oracle — common_applications_calendar
Unspecified vulnerability in the Oracle Common Applications Calendar component in Oracle E-Business Suite 12.1.1, 12.1.2, 12.1.3, 12.2.3, 12.2.4, and 12.2.5 allows remote attackers to affect confident
criticalCVE-2016-3543
Showing the 60 most recent. Older alerts are archived but still reachable via search and the main feed.
Track oracle exposure across your environment
Vulnios automatically cross-references your asset inventory against new oracle CVEs and surfaces only what affects you. No more sifting manually — actionable findings only.
Start a free scan