Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
oracle retail order broker cloud service 15.0 vulnerabilities and exploits
(subscribe to this query)
5.8
CVSSv2
CVE-2016-3611
Unspecified vulnerability in the Oracle Retail Order Broker component in Oracle Retail Applications 15.0 allows remote malicious users to affect confidentiality and integrity via vectors related to System Administration.
Oracle Retail Order Broker Cloud Service 15.0
4.3
CVSSv2
CVE-2020-13954
By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack via the styleSheetPath, which allows a malicious actor to inject javascript into the web...
Apache Cxf
Netapp Snap Creator Framework -
Netapp Vasa Provider For Clustered Data Ontap
Oracle Business Intelligence 5.5.0.0.0
Oracle Business Intelligence 5.9.0.0.0
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Retail Order Broker Cloud Service 15.0
Oracle Communications Messaging Server 8.0.2
Oracle Communications Messaging Server 8.1
5
CVSSv2
CVE-2019-17566
Apache Batik is vulnerable to server-side request forgery, caused by improper input validation by the "xlink:href" attributes. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET reques...
Apache Batik
Oracle Api Gateway 11.1.2.4.0
Oracle Business Intelligence 5.5.0.0.0
Oracle Business Intelligence 5.9.0.0.0
Oracle Business Intelligence 12.2.1.3.0
Oracle Business Intelligence 12.2.1.4.0
Oracle Communications Application Session Controller 3.9m0p2
Oracle Communications Metasolv Solution
Oracle Communications Offline Mediation Controller 12.0.0.3.0
Oracle Enterprise Repository 11.1.1.7.0
Oracle Financial Services Analytical Applications Infrastructure
Oracle Fusion Middleware Mapviewer 12.2.1.4.0
1 Github repository
9
CVSSv2
CVE-2016-0635
Unspecified vulnerability in the Enterprise Manager Ops Center component in Oracle Enterprise Manager Grid Control 12.1.4, 12.2.2, and 12.3.2; the Oracle Health Sciences Information Manager component in Oracle Health Sciences Applications 1.2.8.3, 2.0.2.3, and 3.0.1.0; the Oracle...
Oracle Documaker
Oracle Enterprise Manager Ops Center 12.1.4
Oracle Enterprise Manager Ops Center 12.2.2
Oracle Enterprise Manager Ops Center 12.3.2
Oracle Health Sciences Information Manager 1.2.8.3
Oracle Health Sciences Information Manager 2.0.2.3
Oracle Health Sciences Information Manager 3.0.1.0
Oracle Healthcare Master Person Index 2.0.12
Oracle Healthcare Master Person Index 3.0.0
Oracle Healthcare Master Person Index 4.0.1
Oracle Insurance Calculation Engine 9.7.1
Oracle Insurance Calculation Engine 10.1.2
4.3
CVSSv2
CVE-2020-9488
Improper validation of certificate with host mismatch in Apache Log4j SMTP appender. This could allow an SMTPS connection to be intercepted by a man-in-the-middle attack which could leak any log messages sent through that appender. Fixed in Apache Log4j 2.12.3 and 2.13.1
Apache Log4j
Oracle Communications Application Session Controller 3.9m0p1
Oracle Communications Billing And Revenue Management 7.5.0.23.0
Oracle Communications Billing And Revenue Management 12.0.0.3.0
Oracle Communications Eagle Ftp Table Base Retrieval 4.5
Oracle Communications Offline Mediation Controller 12.0.0.3.0
Oracle Communications Services Gatekeeper 7.0
Oracle Communications Unified Inventory Management 7.3.0
Oracle Communications Unified Inventory Management 7.4.0
Oracle Data Integrator 12.2.1.3.0
Oracle Data Integrator 12.2.1.4.0
Oracle Enterprise Manager For Peoplesoft 13.4.1.1
1 Github repository
1 Article
6.4
CVSSv2
CVE-2020-11987
Apache Batik 1.13 is vulnerable to server-side request forgery, caused by improper input validation by the NodePickerPanel. By using a specially-crafted argument, an attacker could exploit this vulnerability to cause the underlying server to make arbitrary GET requests.
Apache Batik
Fedoraproject Fedora 33
Fedoraproject Fedora 34
Oracle Agile Engineering Data Management 6.2.1.0
Oracle Banking Apis 18.3
Oracle Banking Apis 19.1
Oracle Banking Apis 19.2
Oracle Banking Apis 20.1
Oracle Banking Apis 21.1
Oracle Banking Digital Experience 18.3
Oracle Banking Digital Experience 19.1
Oracle Banking Digital Experience 19.2
1 Github repository
7.6
CVSSv2
CVE-2020-5398
In Spring Framework, versions 5.2.x before 5.2.3, versions 5.1.x before 5.1.13, and versions 5.0.x before 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attrib...
Vmware Spring Framework
Oracle Application Testing Suite 13.3.0.1
Oracle Communications Billing And Revenue Management Elastic Charging Engine 11.3
Oracle Communications Billing And Revenue Management Elastic Charging Engine 12.0
Oracle Communications Cloud Native Core Policy 1.5.0
Oracle Communications Diameter Signaling Router
Oracle Communications Element Manager 8.1.1
Oracle Communications Element Manager 8.2.0
Oracle Communications Element Manager 8.2.1
Oracle Communications Policy Management 12.5.0
Oracle Communications Session Report Manager 8.1.1
Oracle Communications Session Report Manager 8.2.0
2 Github repositories
7.5
CVSSv2
CVE-2019-13990
initDocumentParser in xml/XMLSchedulingDataProcessor.java in Terracotta Quartz Scheduler up to and including 2.3.0 allows XXE attacks via a job description.
Softwareag Quartz
Oracle Apache Batik Mapviewer 12.2.0.1
Oracle Apache Batik Mapviewer 18c
Oracle Apache Batik Mapviewer 19c
Oracle Banking Enterprise Originations 2.7.0
Oracle Banking Enterprise Originations 2.8.0
Oracle Banking Enterprise Product Manufacturing 2.7.0
Oracle Banking Enterprise Product Manufacturing 2.8.0
Oracle Banking Payments
Oracle Communications Ip Service Activator 7.3.0
Oracle Communications Ip Service Activator 7.4.0
Oracle Communications Session Route Manager
2 Github repositories
4.3
CVSSv2
CVE-2019-10219
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
Redhat Hibernate Validator
Redhat Hibernate Validator 6.1.0
Redhat Fuse 1.0
Redhat Jboss Data Grid -
Redhat Jboss Enterprise Application Platform -
Redhat Openshift Application Runtimes -
Redhat Single Sign-on -
Redhat Jboss Enterprise Application Platform 7.2
Redhat Jboss Enterprise Application Platform 7.3
Netapp Active Iq Unified Manager -
Netapp Management Services For Element Software And Netapp Hci -
Netapp Snapcenter Plug-in -
4.4
CVSSv2
CVE-2020-9484
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; a...
Apache Tomcat
Apache Tomcat 9.0.0
Apache Tomcat 10.0.0
Debian Debian Linux 8.0
Debian Debian Linux 9.0
Debian Debian Linux 10.0
Opensuse Leap 15.1
Fedoraproject Fedora 31
Fedoraproject Fedora 32
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 20.04
Oracle Agile Engineering Data Management 6.2.1.0
16 Github repositories
Preferred Score:
CVSSv2
CVSSv2
CVSSv3
CVSSv4
EPSS
VMScore
Recommendations:
CVE-2025-1496
go-redis
CVE-2025-24472
physical
elevation of privilege
CVE-2025-30066
local file inclusion
CVE-2025-2553
ollama/ollama
CVE-2024-13920
ollama
langgenius/dify
CVE-2025-0313
Home
/
Search Results
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
Vulmon