Latest Vulnerabilities

In the past week, multiple vulnerabilities across various platforms have come to light, notably affecting devices like Lexmark and Oracle products, including their VirtualBox and MySQL offerings. Issues range from Server-Side Request Forgery (SSRF) in Lexmark devices that could allow unauthorized commands, to remote access vulnerabilities impacting the Oracle Health Sciences Application. Additionally, weaknesses in libraries for JavaScript and other systems have exposed users to risks like Cross-Site Scripting (XSS) attacks. Organizations should take note of these vulnerabilities and their potential impacts on security, as they may provide avenues for exploitation if not addressed swiftly.

IBM PowerHA SystemMirror for IBM iIBM-7180036

First published (updated )

IBM WebSphere AutomationIBM-7179994

First published (updated )

CVE-2023-50733A Server-Side Request Forgery (SSRF) vulnerability exists in newer Lexmark devices.

high
8.6
First published (updated )

nuget/System.Linq.Dynamic.CoreAn issue in System.Linq.Dynamic.Core Latest version v.1.4.6 allows remote access to properties on re…

First published (updated )

nuget/Umbraco.CmsXSS

medium
4.3
First published (updated )

go/github.com/containers/buildah### Impact With careful use of the `--mount` flag in RUN instructions in Containerfiles, and by usin…

First published (updated )

go/github.com/containers/buildah### Impact With careful use of the `--mount` flag in RUN instructions in Containerfiles, and by usin…

First published (updated )

nuget/Umbraco.CmsInfoleak

medium
5.3
First published (updated )

npm/mathliveXSS

medium
6.3
First published (updated )

composer/codeigniter4/framework### Impact Lack of proper header validation for its name and value. The potential attacker can const…

medium
5.3
First published (updated )

rust/gix-worktree-state### Summary `gix-worktree-state` specifies 0777 permissions when checking out executable files, int…

medium
5
First published (updated )

npm/undici### Impact [Undici `fetch()` uses Math.random()](https://github.com/nodejs/undici/blob/8b06b8250907…

medium
6.8
First published (updated )

composer/phpoffice/phpspreadsheetXSS

First published (updated )

pip/duckdbInfoleak

high
7.5
First published (updated )

Oracle VM VirtualBoxVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppo…

high
7.3
First published (updated )

Oracle Health Sciences Argus SafetyVulnerability in the Oracle Life Sciences Argus Safety product of Oracle Health Sciences Application…

medium
6.1
First published (updated )

Oracle Hyperion Data Relationship ManagementVulnerability in the Oracle Hyperion Data Relationship Management product of Oracle Hyperion (compon…

medium
4.5
First published (updated )

Oracle Hyperion Data Relationship ManagementVulnerability in the Oracle Hyperion Data Relationship Management product of Oracle Hyperion (compon…

medium
6.6
First published (updated )

Oracle Agile PLM FrameworkVulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Install).…

high
7.5
First published (updated )

Oracle Mysql ServerVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).…

medium
4.3
First published (updated )

Oracle Mysql ServerVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported…

medium
6.5
First published (updated )

Oracle Agile PLM FrameworkVulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Agile Int…

high
8.1
First published (updated )

CVE-2025-21563Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSof…

medium
4.3
First published (updated )

Oracle Agile PLM FrameworkVulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: SDK-Softw…

medium
6.5
First published (updated )

Oracle Peoplesoft Enterprise Scm PurchasingVulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft (component: P…

medium
5.4
First published (updated )

CVE-2025-21562Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSof…

medium
4.3
First published (updated )

Oracle Primavera P6 Enterprise Project Portfolio ManagementVulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construc…

medium
5.4
First published (updated )

Oracle Mysql ServerVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t…

medium
5.5
First published (updated )

Oracle Application ExpressVulnerability in Oracle Application Express (component: General). Supported versions that are affec…

medium
5.4
First published (updated )

Oracle Agile PLM FrameworkVulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Agile Int…

critical
9.9
First published (updated )

Oracle Mysql ServerVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t…

medium
5.5
First published (updated )

Oracle Communications Order and Service ManagementVulnerability in the Oracle Communications Order and Service Management product of Oracle Communicat…

medium
5.3
First published (updated )

Oracle Database ServerVulnerability in the Java VM component of Oracle Database Server. Supported versions that are affec…

medium
4.2
First published (updated )

Oracle SolarisVulnerability in the Oracle Solaris product of Oracle Systems (component: File system). The suppor…

medium
6
First published (updated )

Oracle Jd Edwards Enterpriseone OrchestratorVulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: …

medium
6.5
First published (updated )

Oracle Financial Services Behavior Detection PlatformVulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financi…

medium
6.1
First published (updated )

Oracle WebLogic ServerVulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). …

high
7.5
First published (updated )

Oracle Mysql ConnectorsVulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Suppor…

medium
6.4
First published (updated )

Oracle Hospitality OPERA 5Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (componen…

critical
9.1
First published (updated )

Oracle PeopleSoft Enterprise PeopleToolsVulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Open…

high
7.5
First published (updated )

Oracle Mysql ServerVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).…

low
3.8
First published (updated )

Oracle Mysql ServerVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Supported…

medium
4.9
First published (updated )

Oracle Communications Order and Service ManagementVulnerability in the Oracle Communications Order and Service Management product of Oracle Communicat…

medium
6.3
First published (updated )

Oracle Communications Order and Service ManagementVulnerability in the Oracle Communications Order and Service Management product of Oracle Communicat…

medium
5.4
First published (updated )

Oracle Mysql ServerVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).…

medium
5.4
First published (updated )

Oracle WorkflowVulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens an…

medium
5.4
First published (updated )

CVE-2025-21537Vulnerability in the PeopleSoft Enterprise FIN Cash Management product of Oracle PeopleSoft (compone…

medium
5.4
First published (updated )

Oracle Jd Edwards Enterpriseone ToolsVulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Run…

medium
6.1
First published (updated )

CVE-2025-21539Vulnerability in the PeopleSoft Enterprise FIN eSettlements product of Oracle PeopleSoft (component:…

medium
5.4
First published (updated )

Oracle Mysql ServerVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported…

medium
4.9
First published (updated )

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203