Latest Vulnerabilities

In the past week, multiple vulnerabilities across various platforms have come to light, notably affecting devices like Lexmark and Oracle products, including their VirtualBox and MySQL offerings. Issues range from Server-Side Request Forgery (SSRF) in Lexmark devices that could allow unauthorized commands, to remote access vulnerabilities impacting the Oracle Health Sciences Application. Additionally, weaknesses in libraries for JavaScript and other systems have exposed users to risks like Cross-Site Scripting (XSS) attacks. Organizations should take note of these vulnerabilities and their potential impacts on security, as they may provide avenues for exploitation if not addressed swiftly.

IBM PowerHA SystemMirror for IBM iIBM-7180036

First published (updated )
IBM-7180036

IBM WebSphere AutomationIBM-7179994

First published (updated )
IBM-7179994

CVE-2023-50733A Server-Side Request Forgery (SSRF) vulnerability exists in newer Lexmark devices.

high
8.6
First published (updated )
CVE-2023-50733

nuget/System.Linq.Dynamic.CoreAn issue in System.Linq.Dynamic.Core Latest version v.1.4.6 allows remote access to properties on re…

First published (updated )
GHSA-4cv2-4hjh-77rx

nuget/Umbraco.CmsXSS

medium
4.3
First published (updated )
GHSA-69cg-w8vm-h229

go/github.com/containers/buildah### Impact With careful use of the `--mount` flag in RUN instructions in Containerfiles, and by usin…

First published (updated )
GHSA-5vpc-35f4-r8w6

go/github.com/containers/buildah### Impact With careful use of the `--mount` flag in RUN instructions in Containerfiles, and by usin…

First published (updated )
CVE-2024-11218

nuget/Umbraco.CmsInfoleak

medium
5.3
First published (updated )
GHSA-hmg4-wwm5-p999

npm/mathliveXSS

medium
6.3
First published (updated )
GHSA-qwj6-q94f-8425

composer/codeigniter4/framework### Impact Lack of proper header validation for its name and value. The potential attacker can const…

medium
5.3
First published (updated )
GHSA-x5mq-jjr3-vmx6

rust/gix-worktree-state### Summary `gix-worktree-state` specifies 0777 permissions when checking out executable files, int…

medium
5
First published (updated )
GHSA-fqmf-w4xh-33rh

npm/undici### Impact [Undici `fetch()` uses Math.random()](https://github.com/nodejs/undici/blob/8b06b8250907…

medium
6.8
First published (updated )
GHSA-c76h-2ccp-4975

composer/phpoffice/phpspreadsheetXSS

First published (updated )
GHSA-79xx-vf93-p7cx

pip/duckdbInfoleak

high
7.5
First published (updated )
GHSA-w2gf-jxc9-pf2q

Oracle VM VirtualBoxVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Suppo…

high
7.3
First published (updated )
CVE-2025-21571

Oracle Health Sciences Argus SafetyVulnerability in the Oracle Life Sciences Argus Safety product of Oracle Health Sciences Application…

medium
6.1
First published (updated )
CVE-2025-21570

Oracle Hyperion Data Relationship ManagementVulnerability in the Oracle Hyperion Data Relationship Management product of Oracle Hyperion (compon…

medium
4.5
First published (updated )
CVE-2025-21568

Oracle Hyperion Data Relationship ManagementVulnerability in the Oracle Hyperion Data Relationship Management product of Oracle Hyperion (compon…

medium
6.6
First published (updated )
CVE-2025-21569

Oracle Agile PLM FrameworkVulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Install).…

high
7.5
First published (updated )
CVE-2025-21565

Oracle Mysql ServerVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).…

medium
4.3
First published (updated )
CVE-2025-21567

Oracle Mysql ServerVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported…

medium
6.5
First published (updated )
CVE-2025-21566

Oracle Agile PLM FrameworkVulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Agile Int…

high
8.1
First published (updated )
CVE-2025-21564

CVE-2025-21563Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSof…

medium
4.3
First published (updated )
CVE-2025-21563

Oracle Agile PLM FrameworkVulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: SDK-Softw…

medium
6.5
First published (updated )
CVE-2025-21560

Oracle Peoplesoft Enterprise Scm PurchasingVulnerability in the PeopleSoft Enterprise SCM Purchasing product of Oracle PeopleSoft (component: P…

medium
5.4
First published (updated )
CVE-2025-21561

CVE-2025-21562Vulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSof…

medium
4.3
First published (updated )
CVE-2025-21562

Oracle Primavera P6 Enterprise Project Portfolio ManagementVulnerability in the Primavera P6 Enterprise Project Portfolio Management product of Oracle Construc…

medium
5.4
First published (updated )
CVE-2025-21558

Oracle Mysql ServerVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t…

medium
5.5
First published (updated )
CVE-2025-21559

Oracle Application ExpressVulnerability in Oracle Application Express (component: General). Supported versions that are affec…

medium
5.4
First published (updated )
CVE-2025-21557

Oracle Agile PLM FrameworkVulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Agile Int…

critical
9.9
First published (updated )
CVE-2025-21556

Oracle Mysql ServerVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions t…

medium
5.5
First published (updated )
CVE-2025-21555

Oracle Communications Order and Service ManagementVulnerability in the Oracle Communications Order and Service Management product of Oracle Communicat…

medium
5.3
First published (updated )
CVE-2025-21554

Oracle Database ServerVulnerability in the Java VM component of Oracle Database Server. Supported versions that are affec…

medium
4.2
First published (updated )
CVE-2025-21553

Oracle SolarisVulnerability in the Oracle Solaris product of Oracle Systems (component: File system). The suppor…

medium
6
First published (updated )
CVE-2025-21551

Oracle Jd Edwards Enterpriseone OrchestratorVulnerability in the JD Edwards EnterpriseOne Orchestrator product of Oracle JD Edwards (component: …

medium
6.5
First published (updated )
CVE-2025-21552

Oracle Financial Services Behavior Detection PlatformVulnerability in the Oracle Financial Services Behavior Detection Platform product of Oracle Financi…

medium
6.1
First published (updated )
CVE-2025-21550

Oracle WebLogic ServerVulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). …

high
7.5
First published (updated )
CVE-2025-21549

Oracle Mysql ConnectorsVulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/Python). Suppor…

medium
6.4
First published (updated )
CVE-2025-21548

Oracle Hospitality OPERA 5Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (componen…

critical
9.1
First published (updated )
CVE-2025-21547

Oracle PeopleSoft Enterprise PeopleToolsVulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Open…

high
7.5
First published (updated )
CVE-2025-21545

Oracle Mysql ServerVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).…

low
3.8
First published (updated )
CVE-2025-21546

Oracle Mysql ServerVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Packaging). Supported…

medium
4.9
First published (updated )
CVE-2025-21543

Oracle Communications Order and Service ManagementVulnerability in the Oracle Communications Order and Service Management product of Oracle Communicat…

medium
6.3
First published (updated )
CVE-2025-21542

Oracle Communications Order and Service ManagementVulnerability in the Oracle Communications Order and Service Management product of Oracle Communicat…

medium
5.4
First published (updated )
CVE-2025-21544

Oracle Mysql ServerVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges).…

medium
5.4
First published (updated )
CVE-2025-21540

Oracle WorkflowVulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens an…

medium
5.4
First published (updated )
CVE-2025-21541

CVE-2025-21537Vulnerability in the PeopleSoft Enterprise FIN Cash Management product of Oracle PeopleSoft (compone…

medium
5.4
First published (updated )
CVE-2025-21537

Oracle Jd Edwards Enterpriseone ToolsVulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Run…

medium
6.1
First published (updated )
CVE-2025-21538

CVE-2025-21539Vulnerability in the PeopleSoft Enterprise FIN eSettlements product of Oracle PeopleSoft (component:…

medium
5.4
First published (updated )
CVE-2025-21539

Oracle Mysql ServerVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported…

medium
4.9
First published (updated )
CVE-2025-21536

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203