CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21561
https://notcve.org/view.php?id=CVE-2025-21561
21 Jan 2025 — Vulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft (component: Purchasing). The supported version that is affected is 9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise PeopleSoft Enterprise SCM Purchasing. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of PeopleSoft Enterprise SCM Purchasing accessible data as well as unauthorized read access to a sub... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-863: Incorrect Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21560
https://notcve.org/view.php?id=CVE-2025-21560
21 Jan 2025 — Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: SDK-Software Development Kit). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM Framework. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Agile PLM Framework accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality imp... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-863: Incorrect Authorization •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21559 – mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability
https://notcve.org/view.php?id=CVE-2025-21559
21 Jan 2025 — Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delet... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-306: Missing Authentication for Critical Function CWE-404: Improper Resource Shutdown or Release •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21558
https://notcve.org/view.php?id=CVE-2025-21558
21 Jan 2025 — Vulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construction and Engineering (component: Web Access). Supported versions that are affected are 20.12.1.0-20.12.21.5, 21.12.1.0-21.12.20.0 and 22.12.1.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Primavera P6 Enterprise Project Portfolio Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerabi... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-863: Incorrect Authorization •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21557
https://notcve.org/view.php?id=CVE-2025-21557
21 Jan 2025 — Vulnerability in Oracle Application Express (component: General). Supported versions that are affected are 23.2 and 24.1. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Application Express. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Application Express, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability ... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-863: Incorrect Authorization •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21556
https://notcve.org/view.php?id=CVE-2025-21556
21 Jan 2025 — Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Agile Integration Services). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM Framework. While the vulnerability is in Oracle Agile PLM Framework, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in takeover of Oracle Agile P... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-863: Incorrect Authorization •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21555 – mysql: MySQL Server InnoDB Denial of Service and Unauthorized Data Modification Vulnerability
https://notcve.org/view.php?id=CVE-2025-21555
21 Jan 2025 — Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delet... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-404: Improper Resource Shutdown or Release CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21554
https://notcve.org/view.php?id=CVE-2025-21554
21 Jan 2025 — Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Order and Service Management ... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-863: Incorrect Authorization •
CVSS: 4.2EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21553
https://notcve.org/view.php?id=CVE-2025-21553
21 Jan 2025 — Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.25, 21.3-21.16 and 23.4-23.6. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Java VM accessible data as well as unauthorized read access to a subset of Java VM... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-863: Incorrect Authorization •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21552
https://notcve.org/view.php?id=CVE-2025-21552
21 Jan 2025 — Vulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: E1 IOT Orchestrator Security). Supported versions that are affected are Prior to 9.2.9.2. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise JD Edwards EnterpriseOne Orchestrator. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all JD Edwards EnterpriseOne Orchestrator accessible data. CVS... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-1390: Weak Authentication •