CVE-2026-34325

all versions

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applica

6.8MEDIUM

CVE-2026-34321

all versions

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applica

4.8MEDIUM

CVE-2026-34314

all versions

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applica

6.8MEDIUM

CVE-2026-34313

all versions

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applica

6.5MEDIUM

CVE-2026-34310

all versions

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applica

7.5HIGH

CVE-2026-22010

all versions

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applica

7.5HIGH

CVE-2025-61756

all versions

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applica

7.5HIGH

CVE-2025-61751

all versions

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applica

8.1HIGH

CVE-2025-53037

all versions

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applica

9.8CRITICAL

CVE-2025-53036

all versions

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applica

8.6HIGH

CVE-2025-53035

all versions

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applica

6.5MEDIUM

CVE-2025-53034

all versions

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applica

5.4MEDIUM

CVE-2025-53031

all versions

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applica

5.3MEDIUM

CVE-2023-21901

all versions

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applica

7.4HIGH

CVE-2022-22965

all versions

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. Th

9.8CRITICAL

CVE-2022-22963

all versions

In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for

9.8CRITICAL

CVE-2022-24729

>= 8.0.7.0.0 and <= 8.1.0.0.0

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. CKEditor4 prior to version 4.18.0 contains a vulnerability i

6.5MEDIUM

CVE-2022-24728

>= 8.0.7.0.0 and <= 8.1.0.0.0

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A vulnerability has been discovered in the core HTML process

5.4MEDIUM

CVE-2020-36518

>= 8.0.7 and <= 8.1.0.0

jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.

7.5HIGH

CVE-2022-23437

>= 8.0.6.0.0 and <= 8.0.9.0

There's a vulnerability within the Apache Xerces Java (XercesJ) XML parser when handling specially crafted XML document payloads.

6.5MEDIUM

CVE-2021-35687

>= 8.0.7 and <= 8.1.1

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applica

5.3MEDIUM

CVE-2021-35686

>= 8.0.7 and <= 8.1.1

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applica

4.3MEDIUM

CVE-2021-45105

>= 8.0.7 and <= 8.1.1

Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from sel

5.9MEDIUM

CVE-2021-38153

>= 8.0.6.0 and <= 8.0.9.0

Some components in Apache Kafka use Arrays.equals to validate a password or key, which is vulnerable to timing attacks that make

5.9MEDIUM

CVE-2021-37695

>= 8.0.7 and <= 8.1.1

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEdito

7.3HIGH

CVE-2021-32809

>= 8.0.7 and <= 8.1.1

ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEdito

4.6MEDIUM

CVE-2021-32808

>= 8.0.7 and <= 8.1.1

ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Wid

7.6HIGH

CVE-2021-2351

>= 8.0.7 and <= 8.1.1

Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1

8.3HIGH

CVE-2021-36374

>= 8.0.6 and <= 8.1.1

When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of m

5.5MEDIUM

CVE-2021-36373

>= 8.0.6 and <= 8.1.1

When reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally lead

5.5MEDIUM

CVE-2021-36090

>= 8.0.6 and <= 8.1.1

When reading a specially crafted ZIP archive, Compress can be made to allocate large amounts of memory that finally leads to an ou

7.5HIGH

CVE-2021-22118

>= 8.0.8 and <= 8.1.1

In Spring Framework, versions 5.2.x prior to 5.2.15 and versions 5.3.x prior to 5.3.7, a WebFlux application is vulnerable to a pr

7.8HIGH

CVE-2021-26291

>= 8.0.6.0.0 and <= 8.0.9.0.0

Apache Maven will follow repositories that are defined in a dependency’s Project Object Model (pom) which may be surprising to s

9.1CRITICAL

CVE-2021-2140

>= 8.0.6 and <= 8.1.0

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applica

6.1MEDIUM

CVE-2021-29425

>= 8.0.7 and <= 8.1.1

In Apache Commons IO before 2.7, When invoking the method FileNameUtils.normalize with an improper input string, like "//../foo",

4.8MEDIUM

CVE-2021-26272

>= 8.0.6 and <= 8.0.9

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text

6.5MEDIUM

CVE-2021-26271

>= 8.0.6 and <= 8.0.9

It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the

6.5MEDIUM

CVE-2020-27193

>= 8.0.6 and <= 8.0.9

A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary

6.1MEDIUM

CVE-2019-17566

>= 8.0.6 and <= 8.1.0

Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By

7.5HIGH

CVE-2020-14824

>= 8.0.6.0.0 and <= 8.1.0.0.0

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applica

8.6HIGH

CVE-2020-11979

>= 8.0.6 and <= 8.0.9

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current u

7.5HIGH

CVE-2020-5421

>= 8.0.6 and <= 8.1.0

In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the pr

6.5MEDIUM

CVE-2020-14685

>= 8.0.6.0.0 and <= 8.1.0.0.0

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applica

6.5MEDIUM

CVE-2020-14684

>= 8.0.6.0.0 and <= 8.1.0.0.0

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applica

4.3MEDIUM

CVE-2020-14662

>= 8.0.6.0.0 and <= 8.1.0.0.0

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applica

6.3MEDIUM

CVE-2020-14615

>= 8.0.6 and <= 8.1.0

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applica

6.1MEDIUM

CVE-2020-14605

>= 8.0.6 and <= 8.1.0

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applica

6.5MEDIUM

CVE-2020-14604

>= 8.0.6 and <= 8.1.0

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applica

5.3MEDIUM

CVE-2020-14603

>= 8.0.6 and <= 8.1.0

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applica

5.3MEDIUM

CVE-2020-14602

>= 8.0.6 and <= 8.1.0

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applica

7.1HIGH

CVE-2020-14601

>= 8.0.6 and <= 8.1.0

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applica

6.1MEDIUM

CVE-2020-1945

>= 8.0.6 and <= 8.1.0

Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.

6.3MEDIUM

CVE-2020-10683

>= 8.0.6 and <= 8.1.0

dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. H

9.8CRITICAL

CVE-2020-11022

>= 8.0.6.0.0 and <= 8.1.0.0.0

In jQuery starting with 1.12.0 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery

6.9MEDIUM

CVE-2020-9488

>= 8.0.6.0.0 and <= 8.1.0.0.0

Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be in

3.7LOW

CVE-2020-2793

>= 8.0.6.0.0 and <= 8.0.9.0.0

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applica

7.1HIGH

CVE-2020-11113

>= 8.0.6 and <= 8.1.0

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org

8.8HIGH

CVE-2020-11112

>= 8.0.6 and <= 8.1.0

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org

8.8HIGH

CVE-2020-10969

>= 8.0.6 and <= 8.1.0

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to jav

8.8HIGH

CVE-2020-10968

>= 8.0.6 and <= 8.1.0

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org

8.8HIGH

CVE-2020-10673

>= 8.0.6 and <= 8.1.0

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com

8.8HIGH

CVE-2020-10672

>= 8.0.6 and <= 8.1.0

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org

8.8HIGH

CVE-2020-9546

>= 8.0.6 and <= 8.1.0

FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org

9.8CRITICAL

CVE-2020-2688

>= 8.0.4 and <= 8.0.8

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applica

7.1HIGH

CVE-2019-12399

>= 8.0.6 and <= 8.1.0

When Connect workers in Apache Kafka 2.0.0, 2.0.1, 2.1.0, 2.1.1, 2.2.0, 2.2.1, or 2.3.0 are configured with one or more config pro

7.5HIGH

CVE-2019-10219

>= 8.0.7 and <= 8.1.1

A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting

6.1MEDIUM

CVE-2019-12415

>= 8.0.6 and <= 8.0.9

In Apache POI up to 4.1.0, when using the tool XSSFExportToXml to convert user-provided Microsoft Excel documents, a specially cra

5.5MEDIUM

CVE-2019-17359

>= 8.0.6 and <= 8.0.9

The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMe

7.5HIGH

CVE-2019-16335

>= 8.0.2 and <= 8.0.8

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariDa

9.8CRITICAL

CVE-2019-14540

>= 8.0.2 and <= 8.0.8

A Polymorphic Typing issue was discovered in FasterXML jackson-databind before 2.9.10. It is related to com.zaxxer.hikari.HikariCo

9.8CRITICAL

CVE-2019-14439

>= 8.0.2 and <= 8.0.8

A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is ena

7.5HIGH

CVE-2019-14379

>= 8.0.2 and <= 8.0.8

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.

9.8CRITICAL

CVE-2019-2823

>= 8.0.5 and <= 8.0.8

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Appli

5.4MEDIUM

CVE-2019-0227

>= 7.3.3 and <= 7.3.5

A Server Side Request Forgery (SSRF) vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Secur

7.5HIGH

CVE-2019-11358

>= 7.3.3 and <= 7.3.5

jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Objec

6.1MEDIUM

CVE-2019-3773

>= 8.0.6 and <= 8.1.0

Spring Web Services, versions 2.4.3, 3.0.4, and older unsupported versions of all three projects, were susceptible to XML External

9.8CRITICAL

CVE-2018-14721

all versions

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by

10.0CRITICAL

CVE-2018-14720

all versions

FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failu

9.8CRITICAL

CVE-2018-14719

all versions

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block

9.8CRITICAL

CVE-2018-14718

all versions

FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block

9.8CRITICAL

CVE-2018-15756

>= 8.0.2 and <= 8.0.8

Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on t

7.5HIGH

CVE-2018-8032

>= 7.3.3 and <= 7.3.5

Apache Axis 1.x up to and including 1.4 is vulnerable to a cross-site scripting (XSS) attack in the default servlet/services.

6.1MEDIUM

CVE-2018-8013

>= 7.3.3.0.0 and <= 7.3.3.0.2

In Apache Batik 1.x before 1.10, when deserializing subclass of AbstractDocument, the class takes a string from the inputStream

9.8CRITICAL

CVE-2017-7525

all versions

A deserialization flaw was discovered in the jackson-databind, versions before 2.6.7.1, 2.7.9.1 and 2.8.9, which could allow an un

9.8CRITICAL

CVE-2017-15095

all versions

A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenti

9.8CRITICAL

CVE-2015-9251

>= 7.3.3 and <= 7.3.5

jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the

6.1MEDIUM

CVE-2018-2661

all versions

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Appli

6.1MEDIUM

CVE-2018-2660

all versions

Vulnerability in the Oracle Financial Services Analytical Applications Infrastructure component of Oracle Financial Services Appli

7.4HIGH

CVE-2017-12617

>= 7.3.3.0.0 and <= 7.3.5.3.0

When running Apache Tomcat versions 9.0.0.M1 to 9.0.0, 8.5.0 to 8.5.22, 8.0.0.RC1 to 8.0.46 and 7.0.0 to 7.0.81 with HTTP PUTs ena

8.1HIGH

CVE-2017-5645

>= 7.3.3.0.0 and <= 7.3.3.0.2

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from anot

9.8CRITICAL