CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 0CVE-2025-61881
https://notcve.org/view.php?id=CVE-2025-61881
21 Oct 2025 — Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.28, 21.3-21.19 and 23.4-23.9. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data. CVSS 3.1 Base Score 5.9 (Integrity impacts). • https://www.oracle.com/security-alerts/cpuoct2025.html • CWE-284: Improper Access Control •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-61749
https://notcve.org/view.php?id=CVE-2025-61749
21 Oct 2025 — Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 23.4-23.9. Easily exploitable vulnerability allows high privileged attacker having DBA privilege with network access via Oracle Net to compromise Unified Audit. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Unified Audit accessible data. CVSS 3.1 Base Score 2.7 (Integrity impacts). • https://www.oracle.com/security-alerts/cpuoct2025.html • CWE-284: Improper Access Control •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-53051
https://notcve.org/view.php?id=CVE-2025-53051
21 Oct 2025 — Vulnerability in the RDBMS Functional Index component of Oracle Database Server. Supported versions that are affected are 23.4-23.9. Easily exploitable vulnerability allows high privileged attacker having SYSDBA privilege with network access via Oracle Net to compromise RDBMS Functional Index. Successful attacks of this vulnerability can result in unauthorized read access to a subset of RDBMS Functional Index accessible data. CVSS 3.1 Base Score 2.7 (Confidentiality impacts). • https://www.oracle.com/security-alerts/cpuoct2025.html • CWE-125: Out-of-bounds Read •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2025-53047
https://notcve.org/view.php?id=CVE-2025-53047
21 Oct 2025 — Vulnerability in the Portable Clusterware component of Oracle Database Server. Supported versions that are affected are 19.3-19.28, 21.3-21.19 and 23.4-23.9. Easily exploitable vulnerability allows unauthenticated attacker with network access via Bonjour to compromise Portable Clusterware. While the vulnerability is in Portable Clusterware, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Porta... • https://www.oracle.com/security-alerts/cpuoct2025.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.7EPSS: 0%CPEs: 2EXPL: 0CVE-2025-50069
https://notcve.org/view.php?id=CVE-2025-50069
15 Jul 2025 — Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.27 and 21.3-21.18. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Java VM. While the vulnerability is in Java VM, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or com... • https://www.oracle.com/security-alerts/cpujul2025.html • CWE-269: Improper Privilege Management •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-50066
https://notcve.org/view.php?id=CVE-2025-50066
15 Jul 2025 — Vulnerability in the Oracle Database Materialized View component of Oracle Database Server. Supported versions that are affected are 19.3-19.27, 21.3-21.18 and 23.4-23.8. Easily exploitable vulnerability allows high privileged attacker having Execute on DBMS_REDEFINITION privilege with network access via Oracle Net to compromise Oracle Database Materialized View. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Database Materialized View a... • https://www.oracle.com/security-alerts/cpujul2025.html • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30751
https://notcve.org/view.php?id=CVE-2025-30751
15 Jul 2025 — Vulnerability in the Oracle Database component of Oracle Database Server. Supported versions that are affected are 19.3-19.27 and 23.4-23.8. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromise Oracle Database. Successful attacks of this vulnerability can result in takeover of Oracle Database. CVSS 3.1 Base Score 8.8 (Confidentiality, Integrity and Availability impacts). • https://www.oracle.com/security-alerts/cpujul2025.html • CWE-863: Incorrect Authorization •
CVSS: 3.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-30750
https://notcve.org/view.php?id=CVE-2025-30750
15 Jul 2025 — Vulnerability in the Unified Audit component of Oracle Database Server. Supported versions that are affected are 19.3-19.27, 21.3-21.18 and 23.4-23.8. Easily exploitable vulnerability allows high privileged attacker having Create User privilege with network access via Oracle Net to compromise Unified Audit. Successful attacks require human interaction from a person other than the attacker. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Unified ... • https://www.oracle.com/security-alerts/cpujul2025.html • CWE-863: Incorrect Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-30702
https://notcve.org/view.php?id=CVE-2025-30702
15 Apr 2025 — Vulnerability in the Fleet Patching and amp; Provisioning component of Oracle Database Server. Supported versions that are affected are 19.3-19.26. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Fleet Patching and amp; Provisioning. Successful attacks of this vulnerability can result in unauthorized read access to a subset of Fleet Patching and amp; Provisioning accessible data. CVSS 3.1 Base Score 5.3 (Confidentiality impacts). • https://www.oracle.com/security-alerts/cpuapr2025.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.4EPSS: 0%CPEs: 3EXPL: 0CVE-2025-30736
https://notcve.org/view.php?id=CVE-2025-30736
15 Apr 2025 — Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.26, 21.3-21.17 and 23.4-23.7. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to compromise Java VM. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Java VM accessible data as well as unauthorized access to critical data or complete access to all Ja... • https://www.oracle.com/security-alerts/cpuapr2025.html • CWE-284: Improper Access Control •