CVSS: 6.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21551
https://notcve.org/view.php?id=CVE-2025-21551
21 Jan 2025 — Vulnerability in the Oracle Solaris product of Oracle Systems (component: File system). The supported version that is affected is 11. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Solaris executes to compromise Oracle Solaris. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Solaris accessible data and unauthorized ability to cause a hang or frequently ... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21550
https://notcve.org/view.php?id=CVE-2025-21550
21 Jan 2025 — Vulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financial Services Applications (component: Web UI). Supported versions that are affected are 8.0.8.1, 8.1.2.7 and 8.1.2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Financial Services Behavior Detection Platform. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Financia... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21549
https://notcve.org/view.php?id=CVE-2025-21549
21 Jan 2025 — Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). The supported version that is affected is 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP/2 to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-21548
https://notcve.org/view.php?id=CVE-2025-21548
21 Jan 2025 — Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Supported versions that are affected are 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all MyS... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.4EPSS: 0%CPEs: 4EXPL: 0CVE-2025-21547
https://notcve.org/view.php?id=CVE-2025-21547
21 Jan 2025 — Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions that are affected are 5.6.19.20, 5.6.25.8, 5.6.26.6 and 5.6.27.1. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality OPERA 5. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Hospitality OPERA 5 accessible data and unautho... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.7EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21546 – mysql: Privilege Misuse in MySQL Server Security Component
https://notcve.org/view.php?id=CVE-2025-21546
21 Jan 2025 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of MySQL Server accessible data as well as unauthorized read access to ... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-269: Improper Privilege Management CWE-863: Incorrect Authorization •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21545
https://notcve.org/view.php?id=CVE-2025-21545
21 Jan 2025 — Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: OpenSearch). Supported versions that are affected are 8.60 and 8.61. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise PeopleTools. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of PeopleSoft Enterprise PeopleTools. CVSS 3.1 Base Score 7.5 (Ava... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-400: Uncontrolled Resource Consumption •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21544
https://notcve.org/view.php?id=CVE-2025-21544
21 Jan 2025 — Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Order an... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-281: Improper Preservation of Permissions •
CVSS: 6.1EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21543 – mysql: Packaging unspecified vulnerability (CPU Jan 2025)
https://notcve.org/view.php?id=CVE-2025-21543
21 Jan 2025 — Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availabili... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2025-21542
https://notcve.org/view.php?id=CVE-2025-21542
21 Jan 2025 — Vulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security). Supported versions that are affected are 7.4.0, 7.4.1 and 7.5.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Order and Service Management. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Order and Serv... • https://www.oracle.com/security-alerts/cpujan2025.html • CWE-346: Origin Validation Error •