Vulnerability-Lookup

CVE-2025-59375 (GCVE-0-2025-59375)

Vulnerability from cvelistv5 – Published: 2025-09-15 00:00 – Updated: 2026-05-12 12:08

Summary

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.

Severity

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C

SSVC

Exploitation: none Automatable: no Technical Impact: partial

CISA Coordinator (v2.0.3)

CWE

CWE-770 - Allocation of Resources Without Limits or Throttling

Assigner

mitre

References

9 references

URL	Tags
https://github.com/libexpat/libexpat/issues/1018
https://github.com/libexpat/libexpat/pull/1034
https://github.com/libexpat/libexpat/blob/676a4c5…
https://issues.oss-fuzz.com/issues/439133977
https://github.com/libexpat/libexpat/blob/R_2_7_2…
http://www.openwall.com/lists/oss-security/2025/09/16/2
http://www.openwall.com/lists/oss-security/2026/05/01/5
https://cert-portal.siemens.com/productcert/html/…
https://cert-portal.siemens.com/productcert/html/…

Impacted products

20 products

Vendor	Product	Version
libexpat project	libexpat	Affected: 0 , < 2.7.2 (semver)
Siemens	RUGGEDCOM RST2428P	Affected: 0 , < V3.3 (custom)
Siemens	SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family	Affected: 0 , < V3.3 (custom)
Siemens	SCALANCE XCH328	Affected: 0 , < V3.3 (custom)
Siemens	SCALANCE XCM324	Affected: 0 , < V3.3 (custom)
Siemens	SCALANCE XCM328	Affected: 0 , < V3.3 (custom)
Siemens	SCALANCE XCM332	Affected: 0 , < V3.3 (custom)
Siemens	SCALANCE XRH334 (24 V DC, 8xFO, CC)	Affected: 0 , < V3.3 (custom)
Siemens	SCALANCE XRM334 (230 V AC, 12xFO)	Affected: 0 , < V3.3 (custom)
Siemens	SCALANCE XRM334 (230 V AC, 8xFO)	Affected: 0 , < V3.3 (custom)
Siemens	SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+)	Affected: 0 , < V3.3 (custom)
Siemens	SCALANCE XRM334 (24 V DC, 12xFO)	Affected: 0 , < V3.3 (custom)
Siemens	SCALANCE XRM334 (24 V DC, 8xFO)	Affected: 0 , < V3.3 (custom)
Siemens	SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+)	Affected: 0 , < V3.3 (custom)
Siemens	SCALANCE XRM334 (2x230 V AC, 12xFO)	Affected: 0 , < V3.3 (custom)
Siemens	SCALANCE XRM334 (2x230 V AC, 8xFO)	Affected: 0 , < V3.3 (custom)
Siemens	SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+)	Affected: 0 , < V3.3 (custom)
Siemens	SIMATIC S7-1500 CPU 1518-4 PN/DP MFP	Affected: V3.1.5 , < * (custom)
Siemens	SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP	Affected: V3.1.5 , < * (custom)
Siemens	SIPLUS S7-1500 CPU 1518-4 PN/DP MFP	Affected: V3.1.5 , < * (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2025-59375",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-09-15T20:22:58.509715Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-09-15T20:23:08.737Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-01T14:25:12.055Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2025/09/16/2"
          },
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/01/5"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "defaultStatus": "unknown",
            "product": "RUGGEDCOM RST2428P",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XC-300/XR-300/XC-400/XR-500WG/XR-500 family",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XCH328",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XCM324",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XCM328",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XCM332",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XRH334 (24 V DC, 8xFO, CC)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XRM334 (230 V AC, 12xFO)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XRM334 (230 V AC, 8xFO)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XRM334 (230V AC, 2x10G, 24xSFP, 8xSFP+)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XRM334 (24 V DC, 12xFO)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XRM334 (24 V DC, 8xFO)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XRM334 (24V DC, 2x10G, 24xSFP, 8xSFP+)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XRM334 (2x230 V AC, 12xFO)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XRM334 (2x230 V AC, 8xFO)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SCALANCE XRM334 (2x230V AC, 2x10G, 24xSFP, 8xSFP+)",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "V3.3",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          },
          {
            "defaultStatus": "unknown",
            "product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
            "vendor": "Siemens",
            "versions": [
              {
                "lessThan": "*",
                "status": "affected",
                "version": "V3.1.5",
                "versionType": "custom"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-12T12:08:30.282Z",
          "orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
          "shortName": "siemens-SADP"
        },
        "references": [
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-082556.html"
          },
          {
            "url": "https://cert-portal.siemens.com/productcert/html/ssa-089022.html"
          }
        ],
        "x_adpType": "supplier"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "libexpat",
          "vendor": "libexpat project",
          "versions": [
            {
              "lessThan": "2.7.2",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "2.7.2",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-770",
              "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-09-17T13:21:47.961Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/libexpat/libexpat/issues/1018"
        },
        {
          "url": "https://github.com/libexpat/libexpat/pull/1034"
        },
        {
          "url": "https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74"
        },
        {
          "url": "https://issues.oss-fuzz.com/issues/439133977"
        },
        {
          "url": "https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes"
        }
      ],
      "x_generator": {
        "engine": "enrichogram 0.0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2025-59375",
    "datePublished": "2025-09-15T00:00:00.000Z",
    "dateReserved": "2025-09-15T00:00:00.000Z",
    "dateUpdated": "2026-05-12T12:08:30.282Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-59375",
      "date": "2026-06-09",
      "epss": "0.00102",
      "percentile": "0.27455"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-59375\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2025-09-15T03:15:40.920\",\"lastModified\":\"2026-05-12T13:17:22.640\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"cve@mitre.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-770\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.7.2\",\"matchCriteriaId\":\"2562E072-C9E9-432C-9545-404F89D73E00\"}]}]}],\"references\":[{\"url\":\"https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\"]},{\"url\":\"https://github.com/libexpat/libexpat/issues/1018\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"https://github.com/libexpat/libexpat/pull/1034\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://issues.oss-fuzz.com/issues/439133977\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Issue Tracking\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/09/16/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/05/01/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-082556.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-089022.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2025/09/16/2\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2026/05/01/5\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-05-01T14:25:12.055Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-59375\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-09-15T20:22:58.509715Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-09-15T20:23:05.396Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C\"}}], \"affected\": [{\"vendor\": \"libexpat project\", \"product\": \"libexpat\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"2.7.2\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"references\": [{\"url\": \"https://github.com/libexpat/libexpat/issues/1018\"}, {\"url\": \"https://github.com/libexpat/libexpat/pull/1034\"}, {\"url\": \"https://github.com/libexpat/libexpat/blob/676a4c531ec768732fac215da9730b5f50fbd2bf/expat/Changes#L45-L74\"}, {\"url\": \"https://issues.oss-fuzz.com/issues/439133977\"}, {\"url\": \"https://github.com/libexpat/libexpat/blob/R_2_7_2/expat/Changes\"}], \"x_generator\": {\"engine\": \"enrichogram 0.0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-770\", \"description\": \"CWE-770 Allocation of Resources Without Limits or Throttling\"}]}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"2.7.2\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"shortName\": \"mitre\", \"dateUpdated\": \"2025-09-17T13:21:47.961Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2025-59375\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-05-01T14:25:12.055Z\", \"dateReserved\": \"2025-09-15T00:00:00.000Z\", \"assignerOrgId\": \"8254265b-2729-46b6-b9e3-3dfca2d5bfca\", \"datePublished\": \"2025-09-15T00:00:00.000Z\", \"assignerShortName\": \"mitre\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

MSRC_CVE-2025-59375

Vulnerability from csaf_microsoft - Published: 2025-09-02 00:00 - Updated: 2025-09-16 01:01

Summary

libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

CVE-2025-59375

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Fixed 3 products

Product	Identifier	Version	Remediation
Unresolved product id: 20543-17086		—
Unresolved product id: 17470-17084		—
Unresolved product id: 20210-17086		—

Known affected 3 products

Product	Version	Remediation
Unresolved product id: 17086-1	—	Vendor Fix fix
Unresolved product id: 17084-7	—	Vendor Fix fix
Unresolved product id: 17086-3	—	Vendor Fix fix

Known not affected 4 products

Product	Identifier	Version	Remediation
Unresolved product id: 17086-4		—
Unresolved product id: 17084-2		—
Unresolved product id: 17086-6		—
Unresolved product id: 17084-5		—

References

4 references

URL	Category
https://msrc.microsoft.com/csaf/vex/2025/msrc_cve…	self
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/csaf/vex/2025/msrc_cve…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2025-59375 libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-59375.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.",
    "tracking": {
      "current_release_date": "2025-09-16T01:01:15.000Z",
      "generator": {
        "date": "2025-10-20T03:48:57.155Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2025-59375",
      "initial_release_date": "2025-09-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2025-09-16T01:01:15.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "2.0",
                "product": {
                  "name": "CBL Mariner 2.0",
                  "product_id": "17086"
                }
              },
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 expat 2.6.4-2",
                "product": {
                  "name": "\u003ccbl2 expat 2.6.4-2",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 expat 2.6.4-2",
                "product": {
                  "name": "cbl2 expat 2.6.4-2",
                  "product_id": "20543"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003cazl3 expat 2.6.4-1",
                "product": {
                  "name": "\u003cazl3 expat 2.6.4-1",
                  "product_id": "7"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 expat 2.6.4-1",
                "product": {
                  "name": "azl3 expat 2.6.4-1",
                  "product_id": "17470"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003ccbl2 expat 2.6.4-1",
                "product": {
                  "name": "\u003ccbl2 expat 2.6.4-1",
                  "product_id": "3"
                }
              },
              {
                "category": "product_version",
                "name": "cbl2 expat 2.6.4-1",
                "product": {
                  "name": "cbl2 expat 2.6.4-1",
                  "product_id": "20210"
                }
              }
            ],
            "category": "product_name",
            "name": "expat"
          },
          {
            "category": "product_name",
            "name": "cbl2 cmake 3.21.4-18",
            "product": {
              "name": "cbl2 cmake 3.21.4-18",
              "product_id": "4"
            }
          },
          {
            "category": "product_name",
            "name": "azl3 cmake 3.30.3-9",
            "product": {
              "name": "azl3 cmake 3.30.3-9",
              "product_id": "2"
            }
          },
          {
            "category": "product_name",
            "name": "cbl2 python3 3.9.19-14",
            "product": {
              "name": "cbl2 python3 3.9.19-14",
              "product_id": "6"
            }
          },
          {
            "category": "product_name",
            "name": "azl3 python3 3.12.9-4",
            "product": {
              "name": "azl3 python3 3.12.9-4",
              "product_id": "5"
            }
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 expat 2.6.4-2 as a component of CBL Mariner 2.0",
          "product_id": "17086-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 expat 2.6.4-2 as a component of CBL Mariner 2.0",
          "product_id": "20543-17086"
        },
        "product_reference": "20543",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 expat 2.6.4-1 as a component of Azure Linux 3.0",
          "product_id": "17084-7"
        },
        "product_reference": "7",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 expat 2.6.4-1 as a component of Azure Linux 3.0",
          "product_id": "17470-17084"
        },
        "product_reference": "17470",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 cmake 3.21.4-18 as a component of CBL Mariner 2.0",
          "product_id": "17086-4"
        },
        "product_reference": "4",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccbl2 expat 2.6.4-1 as a component of CBL Mariner 2.0",
          "product_id": "17086-3"
        },
        "product_reference": "3",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 expat 2.6.4-1 as a component of CBL Mariner 2.0",
          "product_id": "20210-17086"
        },
        "product_reference": "20210",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 cmake 3.30.3-9 as a component of Azure Linux 3.0",
          "product_id": "17084-2"
        },
        "product_reference": "2",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cbl2 python3 3.9.19-14 as a component of CBL Mariner 2.0",
          "product_id": "17086-6"
        },
        "product_reference": "6",
        "relates_to_product_reference": "17086"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 python3 3.12.9-4 as a component of Azure Linux 3.0",
          "product_id": "17084-5"
        },
        "product_reference": "5",
        "relates_to_product_reference": "17084"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-59375",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "flags": [
        {
          "label": "vulnerable_code_not_in_execute_path",
          "product_ids": [
            "17086-4",
            "17084-2",
            "17086-6",
            "17084-5"
          ]
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "mitre",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "20543-17086",
          "17470-17084",
          "20210-17086"
        ],
        "known_affected": [
          "17086-1",
          "17084-7",
          "17086-3"
        ],
        "known_not_affected": [
          "17086-4",
          "17084-2",
          "17086-6",
          "17084-5"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-59375 libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-59375.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2025-09-16T01:01:15.000Z",
          "details": "2.6.4-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17086-1",
            "17084-7",
            "17086-3"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "environmentalsScore": 0.0,
            "exploitCodeMaturity": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "remediationLevel": "TEMPORARY_FIX",
            "reportConfidence": "CONFIRMED",
            "scope": "UNCHANGED",
            "temporalScore": 7.2,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:H/RL:T/RC:C",
            "version": "3.1"
          },
          "products": [
            "17086-1",
            "17084-7",
            "17086-3"
          ]
        }
      ],
      "title": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing."
    }
  ]
}

NCSC-2025-0330

Vulnerability from csaf_ncscnl - Published: 2025-10-23 13:20 - Updated: 2025-10-23 13:20

Summary

Kwetsbaarheden verholpen in Oracle Communications producten

Notes

The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions: NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein. NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory. This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings.

Feiten: Oracle heeft meerdere kwetsbaarheden verholpen in zijn Communications producten, waaronder de Unified Assurance en Cloud Native Core.

Interpretaties: De kwetsbaarheden in de Oracle Communications producten stellen kwaadwillenden in staat om ongeautoriseerde toegang te verkrijgen, wat kan leiden tot gedeeltelijke of volledige Denial-of-Service (DoS) aanvallen. Specifiek kunnen aanvallers met netwerktoegang de systemen compromitteren, wat resulteert in ongeautoriseerde toegang tot gevoelige gegevens. De CVSS-scores van deze kwetsbaarheden variëren van 3.1 tot 9.8, wat wijst op een breed scala aan risico's, van beperkte tot ernstige impact op de vertrouwelijkheid, integriteit en beschikbaarheid van de systemen.

Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden in zijn Communications producten te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-20: Improper Input Validation

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-23: Relative Path Traversal

CWE-94: Improper Control of Generation of Code ('Code Injection')

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CWE-121: Stack-based Buffer Overflow

CWE-122: Heap-based Buffer Overflow

CWE-124: Buffer Underwrite ('Buffer Underflow')

CWE-125: Out-of-bounds Read

CWE-129: Improper Validation of Array Index

CWE-130: Improper Handling of Length Parameter Inconsistency

CWE-147: Improper Neutralization of Input Terminators

CWE-190: Integer Overflow or Wraparound

CWE-197: Numeric Truncation Error

CWE-241: Improper Handling of Unexpected Data Type

CWE-252: Unchecked Return Value

CWE-253: Incorrect Check of Function Return Value

CWE-284: Improper Access Control

CWE-287: Improper Authentication

CWE-290: Authentication Bypass by Spoofing

CWE-328: Use of Weak Hash

CWE-385: Covert Timing Channel

CWE-390: Detection of Error Condition Without Action

CWE-400: Uncontrolled Resource Consumption

CWE-404: Improper Resource Shutdown or Release

CWE-407: Inefficient Algorithmic Complexity

CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)

CWE-415: Double Free

CWE-416: Use After Free

CWE-426: Untrusted Search Path

CWE-440: Expected Behavior Violation

CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

CWE-476: NULL Pointer Dereference

CWE-674: Uncontrolled Recursion

CWE-697: Incorrect Comparison

CWE-770: Allocation of Resources Without Limits or Throttling

CWE-787: Out-of-bounds Write

CWE-789: Memory Allocation with Excessive Size Value

CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')

CWE-918: Server-Side Request Forgery (SSRF)

CWE-937: CWE-937

CWE-1035: CWE-1035

CWE-1284: Improper Validation of Specified Quantity in Input

CWE-1333: Inefficient Regular Expression Complexity

CVE-2023-26555

Recent updates address vulnerabilities in NTP 4.2.8p17 and Oracle products, including CVE-2023-26555 related to malformed RT-11 dates and various security issues in Oracle Communications and Database systems.

6.4 (Medium)


                        
                          CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2024-7254

Multiple vulnerabilities across various Oracle, IBM, and Protobuf products could lead to Denial of Service and unauthorized access, with significant risks identified in versions of Oracle Communications, MySQL Connector/J, and IBM WebSphere.

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N

CWE-20 - Improper Input Validation

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2024-8006

Multiple vulnerabilities in Oracle Communications products and the libpcap library allow high-privileged attackers to cause denial of service and NULL pointer dereference issues, with CVSS scores of 4.4 for the former.

4.4 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2024-12133

Multiple vulnerabilities affecting Oracle Communications EAGLE LNP Application Processor, Oracle Communications Cloud Native Core Policy, and libtasn1 could lead to denial of service attacks, with CVSS scores of 5.3 for some products.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-407 - Inefficient Algorithmic Complexity

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2024-28182

Multiple vulnerabilities across Oracle MySQL, Oracle Communications, and nghttp2 products allow remote attackers to exploit confidentiality, integrity, and availability, with varying damage ratings from medium to high.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2024-35164

Recent vulnerabilities in Oracle Communications Unified Assurance and Apache Guacamole could allow high-privileged attackers to compromise systems and execute arbitrary code, respectively.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-129 - Improper Validation of Array Index

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2024-37371

Multiple vulnerabilities across Oracle products, including Communications and MySQL, as well as MIT Kerberos 5, allow for unauthorized access, denial of service, and other malicious activities, with CVSS scores reaching 9.1.

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE-130 - Improper Handling of Length Parameter Inconsistency

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2024-47554

Multiple vulnerabilities across Oracle Middleware, Documaker, and Apache Commons IO components allow unauthenticated attackers to exploit denial of service risks, with CVSS scores ranging from 4.3 to 7.5.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2024-50609

Fluent Bit 3.1.9 has a vulnerability allowing remote Denial of Service attacks via a zero-length packet, while Oracle Communications Unified Assurance versions 6.1.0-6.1.1 can be exploited by high-privileged attackers for complete Denial of Service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2024-51504

Recent vulnerabilities in Apache ZooKeeper and Oracle Communications Unified Assurance expose systems to authentication bypass and unauthorized access, allowing attackers to execute commands and access critical data.

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CWE-290 - Authentication Bypass by Spoofing

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2024-57699

Multiple security vulnerabilities across various Oracle products and the Netplex Json-smart library can lead to Denial of Service (DoS) due to stack exhaustion and other exploits, affecting versions 2.5.0 to 2.5.1 and specific Oracle software.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-674 - Uncontrolled Recursion

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-1948

Eclipse Jetty versions 12.0.0 to 12.0.16 are vulnerable to OutOfMemoryError and denial of service attacks due to improper validation of the SETTINGS_MAX_HEADER_LIST_SIZE parameter, affecting various products including Oracle Communications EAGLE and NetApp.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-3576

Recent vulnerabilities in krb5 and MIT Kerberos implementations allow for message spoofing via MD5 checksum weaknesses, while Oracle Communications Network Analytics Data Director is susceptible to unauthorized data manipulation through SSH access.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-328 - Use of Weak Hash

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-4373

Recent vulnerabilities in Oracle Communications Cloud Native Core and glib2 involve unauthorized access risks and buffer overflow issues, affecting multiple products with varying severity levels.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L/E:U

CWE-124 - Buffer Underwrite ('Buffer Underflow')

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-4517

Recent updates to Python versions 3.6 through 3.13.5 address multiple security vulnerabilities, particularly in the tarfile module, while enhancing various functionalities and resolving issues related to memory management and IPv6 handling.

9.4 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-4802

Vulnerabilities in Oracle Communications Cloud Native Core and glibc allow unauthenticated access and privilege escalation, with CVSS scores of 7.8, affecting confidentiality, integrity, and availability.

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-426 - Untrusted Search Path

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-5115

The 'MadeYouReset' vulnerability in HTTP/2 affects certain Jetty versions, allowing denial of service through malformed control frames, while additional vulnerabilities exist in Oracle Communications and SAP Commerce Cloud.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-5318

Recent vulnerabilities in Oracle MySQL Workbench and the libssh library expose sensitive data and allow unauthorized access, with CVSS scores indicating moderate severity.

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

CWE-125 - Out-of-bounds Read

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-5399

Multiple vulnerabilities in Oracle MySQL Server and Cluster, along with libcurl's WebSocket code, allow for various denial of service attacks, with CVSS scores ranging from 4.3 to 7.5.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-5889

The juliangruber brace-expansion library has a vulnerability in versions up to 4.0.0 affecting the expand function, while Oracle Communications Unified Assurance versions 6.1.0-6.1.1 are susceptible to a partial denial of service by low-privileged attackers.

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C

CWE-1333 - Inefficient Regular Expression Complexity

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-6965

Critical vulnerabilities in Oracle Communications Cloud Native Core and SQLite versions prior to 3.50.2 expose systems to severe risks, including memory corruption and integer truncation issues.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-197 - Numeric Truncation Error

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-7339

Oracle Communications Unified Assurance has a vulnerability allowing unauthorized data access, while the on-headers middleware for Node.js has a bug affecting response header modifications in versions prior to 1.1.0.

3.4 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

CWE-241 - Improper Handling of Unexpected Data Type

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-7425

Recent vulnerabilities in Oracle Communications Cloud Native Core and libxslt expose systems to unauthorized access and memory corruption, with significant impacts on integrity and availability.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H

CWE-416 - Use After Free

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-7962

Recent vulnerabilities in Oracle Communications Cloud Native Core Console and Jakarta Mail versions 2.0.2 and 2.2 expose systems to significant risks, including unauthorized access and SMTP Injection attacks.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-147 - Improper Neutralization of Input Terminators

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-8058

Recent vulnerabilities in Oracle Enterprise Operations Monitor and GNU C library versions 2.4 to 2.41 expose systems to potential unauthorized access, memory corruption, and denial of service risks.

7.0 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H

CWE-415 - Double Free

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-8916

Bouncy Castle for Java and BCPKIX FIPS have a vulnerability allowing excessive resource allocation, while Oracle Communications Cloud Native Core Certificate Management and certain NetApp products face denial of service risks.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-9086

The curl update 8.14.1 addresses security vulnerabilities, including out-of-bounds reads, proxy cache poisoning, and a bug allowing insecure sites to override secure cookies, alongside a denial of service vulnerability in Oracle Communications Unified Inventory Management.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-25724

Multiple vulnerabilities have been identified in Oracle Communications Network Analytics Data Director and the libarchive component, affecting system integrity and availability, with CVSS scores indicating significant risks.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-252 - Unchecked Return Value

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-27210

Node.js versions 20.x, 22.x, and 24.x have an incomplete fix for CVE-2025-23084 affecting Windows device names and the `path.join` API, while Oracle Communications' Cloud Native Environment has a non-exploitable Security-in-Depth issue.

7.5 (High)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-27533

Multiple vulnerabilities across Apache ActiveMQ and Oracle products allow for denial of service attacks due to improper validation and excessive memory allocation, affecting various versions and configurations.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-789 - Memory Allocation with Excessive Size Value

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-27553

Recent vulnerabilities in Oracle Middleware and Apache Commons VFS expose critical data and allow unauthorized file access, with significant risks associated with their exploitation.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-23 - Relative Path Traversal

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-27587

OpenSSL versions 3.0.0 to 3.3.2 on PowerPC are vulnerable to a Minerva attack, while Oracle Communications Cloud Native Core Certificate Management 25.1.200 has a critical data access vulnerability, and OpenSSL 3 has addressed timing side channel issues.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-385 - Covert Timing Channel

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-27817

Multiple vulnerabilities across Apache Kafka and Oracle applications allow unauthorized access to sensitive data, with notable SSRF risks and CVSS scores of 7.5 for Oracle products.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-32415

Multiple vulnerabilities have been identified in Oracle Java SE and libxml2, allowing for potential system compromise and denial of service, with CVSS scores of 7.5 for several issues.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE-1284 - Improper Validation of Specified Quantity in Input

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-32728

Multiple vulnerabilities across Oracle Enterprise Communications Broker, OpenSSH, and HP-UX Secure Shell daemon could lead to unauthorized data access and system compromise, with varying CVSS scores and exploitation potential.

4.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N

CWE-440 - Expected Behavior Violation

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-32990

Recent vulnerabilities in Oracle Communications Unified Inventory Management and GnuTLS's certtool expose systems to denial-of-service and unauthorized data access, with significant integrity impacts and a CVSS score of 8.2 for Oracle's flaw.

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE-122 - Heap-based Buffer Overflow

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-48734

Recent updates to Apache Commons BeanUtils address multiple vulnerabilities, including arbitrary code execution risks and unauthorized access to Java enum properties, affecting versions prior to 1.11.0 and 2.0.0-M2.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-284 - Improper Access Control

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-48924

Recent vulnerabilities in Oracle WebLogic Server and Apache Commons Lang versions expose systems to denial of service risks, including an uncontrolled recursion flaw leading to StackOverflowErrors.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-674 - Uncontrolled Recursion

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-48976

Multiple vulnerabilities affecting Oracle Application Testing Suite and Apache Commons FileUpload, including DoS risks due to insufficient multipart header limits, have been identified, with CVSS scores reaching 7.5.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-48989

Recent updates for Apache Tomcat versions 9, 10, and 11 address the 'MadeYouReset' DoS vulnerability in HTTP/2, along with various enhancements to components like Catalina and Coyote.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-49796

Recent updates for libxml2 address multiple vulnerabilities, including heap use after free and type confusion, which could lead to denial of service or crashes, alongside an Oracle vulnerability allowing unauthorized data access.

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE-125 - Out-of-bounds Read

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-52999

Oracle Communications Unified Assurance has a vulnerability allowing denial of service, while jackson-core versions prior to 2.15.0 can cause StackoverflowError with deeply nested data, now mitigated in version 2.15.0.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-121 - Stack-based Buffer Overflow

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-53547

Helm v3.18.4 addresses a critical vulnerability allowing local code execution through crafted `Chart.yaml` and symlinked `Chart.lock` files during dependency updates, alongside an Oracle Communications flaw with a CVSS score of 8.6.

8.6 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE-94 - Improper Control of Generation of Code ('Code Injection')

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-53643

Recent vulnerabilities in Oracle Communications Operations Monitor and aiohttp could allow unauthorized access and data manipulation, with significant integrity impacts and request smuggling risks in affected versions.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-444 - Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-53864

Recent vulnerabilities in Oracle GoldenGate and Connect2id Nimbus JOSE + JWT expose systems to denial of service attacks, with CVSS scores indicating significant availability impacts due to issues with deeply nested JSON objects.

5.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

CWE-674 - Uncontrolled Recursion

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-54090

Recent vulnerabilities in Oracle Communications Cloud Native Core Automated Test Suite and Apache HTTP Server 2.4.64 expose systems to unauthorized data access and potential denial of service, with a CVSS score of 6.3 for the Oracle issue.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-253 - Incorrect Check of Function Return Value

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-55163

Recent updates to Netty address critical vulnerabilities, including the 'MadeYouReset' DDoS attack in HTTP/2, which can lead to denial of service through resource exhaustion in various affected versions.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-57803

ImageMagick has addressed critical vulnerabilities in its BMP encoder, including a 32-bit integer overflow leading to heap corruption and potential code execution, alongside other security enhancements.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-122 - Heap-based Buffer Overflow

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-58057

Multiple vulnerabilities in decompressing decoders, including `BrotliDecoder`, and components of Oracle and HPE products can lead to denial of service through excessive buffer allocation and malformed HTTP/2 frames.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

CVE-2025-59375

A memory amplification vulnerability in libexpat (CVE-2025-59375) allows excessive memory allocations from crafted XML input, affecting versions prior to 2.7.2, while a Security-in-Depth issue exists in Oracle Database Server's Perl component but is not exploitable.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 36 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications Cloud Native Core Console		vers:unknown/*
vers:unknown/* Oracle / Management Cloud Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Calendar Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Automated Test Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Binding Support Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Certificate Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core DBTier		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Function Cloud Native Environment		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Repository Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Network Slice Selection Function		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Policy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Security Edge Protection Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Service Communication Proxy		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Cloud Native Core Unified Data Repository		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Converged Charging System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergence		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Convergent Charging Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Diameter Signaling Router		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE Element Management System		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications EAGLE LNP Application Processor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications LSMS		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Messaging Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Charging and Control		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Offline Mediation Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Service Catalog and Design		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Operations Monitor		vers:unknown/*

References

51 references

URL	Category
https://www.oracle.com/security-alerts/cpuoct2025.html	external
https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Oracle heeft meerdere kwetsbaarheden verholpen in zijn Communications producten, waaronder de Unified Assurance en Cloud Native Core.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden in de Oracle Communications producten stellen kwaadwillenden in staat om ongeautoriseerde toegang te verkrijgen, wat kan leiden tot gedeeltelijke of volledige Denial-of-Service (DoS) aanvallen. Specifiek kunnen aanvallers met netwerktoegang de systemen compromitteren, wat resulteert in ongeautoriseerde toegang tot gevoelige gegevens. De CVSS-scores van deze kwetsbaarheden vari\u00ebren van 3.1 tot 9.8, wat wijst op een breed scala aan risico\u0027s, van beperkte tot ernstige impact op de vertrouwelijkheid, integriteit en beschikbaarheid van de systemen.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Oracle heeft updates uitgebracht om de kwetsbaarheden in zijn Communications producten te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
        "title": "CWE-22"
      },
      {
        "category": "general",
        "text": "Relative Path Traversal",
        "title": "CWE-23"
      },
      {
        "category": "general",
        "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
        "title": "CWE-94"
      },
      {
        "category": "general",
        "text": "Buffer Copy without Checking Size of Input (\u0027Classic Buffer Overflow\u0027)",
        "title": "CWE-120"
      },
      {
        "category": "general",
        "text": "Stack-based Buffer Overflow",
        "title": "CWE-121"
      },
      {
        "category": "general",
        "text": "Heap-based Buffer Overflow",
        "title": "CWE-122"
      },
      {
        "category": "general",
        "text": "Buffer Underwrite (\u0027Buffer Underflow\u0027)",
        "title": "CWE-124"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Read",
        "title": "CWE-125"
      },
      {
        "category": "general",
        "text": "Improper Validation of Array Index",
        "title": "CWE-129"
      },
      {
        "category": "general",
        "text": "Improper Handling of Length Parameter Inconsistency",
        "title": "CWE-130"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Input Terminators",
        "title": "CWE-147"
      },
      {
        "category": "general",
        "text": "Integer Overflow or Wraparound",
        "title": "CWE-190"
      },
      {
        "category": "general",
        "text": "Numeric Truncation Error",
        "title": "CWE-197"
      },
      {
        "category": "general",
        "text": "Improper Handling of Unexpected Data Type",
        "title": "CWE-241"
      },
      {
        "category": "general",
        "text": "Unchecked Return Value",
        "title": "CWE-252"
      },
      {
        "category": "general",
        "text": "Incorrect Check of Function Return Value",
        "title": "CWE-253"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      },
      {
        "category": "general",
        "text": "Improper Authentication",
        "title": "CWE-287"
      },
      {
        "category": "general",
        "text": "Authentication Bypass by Spoofing",
        "title": "CWE-290"
      },
      {
        "category": "general",
        "text": "Use of Weak Hash",
        "title": "CWE-328"
      },
      {
        "category": "general",
        "text": "Covert Timing Channel",
        "title": "CWE-385"
      },
      {
        "category": "general",
        "text": "Detection of Error Condition Without Action",
        "title": "CWE-390"
      },
      {
        "category": "general",
        "text": "Uncontrolled Resource Consumption",
        "title": "CWE-400"
      },
      {
        "category": "general",
        "text": "Improper Resource Shutdown or Release",
        "title": "CWE-404"
      },
      {
        "category": "general",
        "text": "Inefficient Algorithmic Complexity",
        "title": "CWE-407"
      },
      {
        "category": "general",
        "text": "Improper Handling of Highly Compressed Data (Data Amplification)",
        "title": "CWE-409"
      },
      {
        "category": "general",
        "text": "Double Free",
        "title": "CWE-415"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "Untrusted Search Path",
        "title": "CWE-426"
      },
      {
        "category": "general",
        "text": "Expected Behavior Violation",
        "title": "CWE-440"
      },
      {
        "category": "general",
        "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
        "title": "CWE-444"
      },
      {
        "category": "general",
        "text": "NULL Pointer Dereference",
        "title": "CWE-476"
      },
      {
        "category": "general",
        "text": "Uncontrolled Recursion",
        "title": "CWE-674"
      },
      {
        "category": "general",
        "text": "Incorrect Comparison",
        "title": "CWE-697"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Write",
        "title": "CWE-787"
      },
      {
        "category": "general",
        "text": "Memory Allocation with Excessive Size Value",
        "title": "CWE-789"
      },
      {
        "category": "general",
        "text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
        "title": "CWE-835"
      },
      {
        "category": "general",
        "text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
        "title": "CWE-843"
      },
      {
        "category": "general",
        "text": "Server-Side Request Forgery (SSRF)",
        "title": "CWE-918"
      },
      {
        "category": "general",
        "text": "CWE-937",
        "title": "CWE-937"
      },
      {
        "category": "general",
        "text": "CWE-1035",
        "title": "CWE-1035"
      },
      {
        "category": "general",
        "text": "Improper Validation of Specified Quantity in Input",
        "title": "CWE-1284"
      },
      {
        "category": "general",
        "text": "Inefficient Regular Expression Complexity",
        "title": "CWE-1333"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Oracle Communications producten",
    "tracking": {
      "current_release_date": "2025-10-23T13:20:15.363063Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2025-0330",
      "initial_release_date": "2025-10-23T13:20:15.363063Z",
      "revision_history": [
        {
          "date": "2025-10-23T13:20:15.363063Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "Communications Cloud Native Core Console"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "Management Cloud Engine"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Billing and Revenue Management"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-4"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Calendar Server"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-5"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Cloud Native Core Automated Test Suite"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-6"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Cloud Native Core Binding Support Function"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-7"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Cloud Native Core Certificate Management"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-8"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Cloud Native Core DBTier"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-9"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Cloud Native Core Network Function Cloud Native Environment"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-10"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Cloud Native Core Network Repository Function"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-11"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Cloud Native Core Network Slice Selection Function"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-12"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Cloud Native Core Policy"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-13"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Cloud Native Core Security Edge Protection Proxy"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-14"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Cloud Native Core Service Communication Proxy"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-15"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Cloud Native Core Unified Data Repository"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-16"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Converged Charging System"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-17"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Convergence"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-18"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Convergent Charging Controller"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-19"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Diameter Signaling Router"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-20"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications EAGLE Element Management System"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-21"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications EAGLE LNP Application Processor"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-22"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications LSMS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-23"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Messaging Server"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-24"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Network Analytics Data Director"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-25"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Network Charging and Control"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-26"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Network Integrity"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-27"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Offline Mediation Controller"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-28"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Operations Monitor"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-29"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Order and Service Management"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-30"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Pricing Design Center"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-31"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Service Catalog and Design"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-32"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Session Border Controller"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-33"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Unified Assurance"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-34"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Unified Inventory Management"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-35"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Enterprise Communications Broker"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-36"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Enterprise Operations Monitor"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-26555",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "description",
          "text": "Recent updates address vulnerabilities in NTP 4.2.8p17 and Oracle products, including CVE-2023-26555 related to malformed RT-11 dates and various security issues in Oracle Communications and Database systems.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2023-26555 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2023/cve-2023-26555.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2023-26555"
    },
    {
      "cve": "CVE-2024-7254",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Uncontrolled Recursion",
          "title": "CWE-674"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across various Oracle, IBM, and Protobuf products could lead to Denial of Service and unauthorized access, with significant risks identified in versions of Oracle Communications, MySQL Connector/J, and IBM WebSphere.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-7254 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-7254.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2024-7254"
    },
    {
      "cve": "CVE-2024-8006",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "NULL Pointer Dereference",
          "title": "CWE-476"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities in Oracle Communications products and the libpcap library allow high-privileged attackers to cause denial of service and NULL pointer dereference issues, with CVSS scores of 4.4 for the former.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-8006 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-8006.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2024-8006"
    },
    {
      "cve": "CVE-2024-12133",
      "cwe": {
        "id": "CWE-407",
        "name": "Inefficient Algorithmic Complexity"
      },
      "notes": [
        {
          "category": "other",
          "text": "Inefficient Algorithmic Complexity",
          "title": "CWE-407"
        },
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities affecting Oracle Communications EAGLE LNP Application Processor, Oracle Communications Cloud Native Core Policy, and libtasn1 could lead to denial of service attacks, with CVSS scores of 5.3 for some products.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-12133 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-12133.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2024-12133"
    },
    {
      "cve": "CVE-2024-28182",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Detection of Error Condition Without Action",
          "title": "CWE-390"
        },
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Oracle MySQL, Oracle Communications, and nghttp2 products allow remote attackers to exploit confidentiality, integrity, and availability, with varying damage ratings from medium to high.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-28182 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-28182.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2024-28182"
    },
    {
      "cve": "CVE-2024-35164",
      "cwe": {
        "id": "CWE-129",
        "name": "Improper Validation of Array Index"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Validation of Array Index",
          "title": "CWE-129"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Communications Unified Assurance and Apache Guacamole could allow high-privileged attackers to compromise systems and execute arbitrary code, respectively.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-35164 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-35164.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2024-35164"
    },
    {
      "cve": "CVE-2024-37371",
      "cwe": {
        "id": "CWE-130",
        "name": "Improper Handling of Length Parameter Inconsistency"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Handling of Length Parameter Inconsistency",
          "title": "CWE-130"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Oracle products, including Communications and MySQL, as well as MIT Kerberos 5, allow for unauthorized access, denial of service, and other malicious activities, with CVSS scores reaching 9.1.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-37371 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-37371.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2024-37371"
    },
    {
      "cve": "CVE-2024-47554",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Oracle Middleware, Documaker, and Apache Commons IO components allow unauthenticated attackers to exploit denial of service risks, with CVSS scores ranging from 4.3 to 7.5.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-47554 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-47554.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2024-47554"
    },
    {
      "cve": "CVE-2024-50609",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "NULL Pointer Dereference",
          "title": "CWE-476"
        },
        {
          "category": "description",
          "text": "Fluent Bit 3.1.9 has a vulnerability allowing remote Denial of Service attacks via a zero-length packet, while Oracle Communications Unified Assurance versions 6.1.0-6.1.1 can be exploited by high-privileged attackers for complete Denial of Service.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-50609 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-50609.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2024-50609"
    },
    {
      "cve": "CVE-2024-51504",
      "cwe": {
        "id": "CWE-290",
        "name": "Authentication Bypass by Spoofing"
      },
      "notes": [
        {
          "category": "other",
          "text": "Authentication Bypass by Spoofing",
          "title": "CWE-290"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Apache ZooKeeper and Oracle Communications Unified Assurance expose systems to authentication bypass and unauthorized access, allowing attackers to execute commands and access critical data.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-51504 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-51504.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2024-51504"
    },
    {
      "cve": "CVE-2024-57699",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Recursion",
          "title": "CWE-674"
        },
        {
          "category": "description",
          "text": "Multiple security vulnerabilities across various Oracle products and the Netplex Json-smart library can lead to Denial of Service (DoS) due to stack exhaustion and other exploits, affecting versions 2.5.0 to 2.5.1 and specific Oracle software.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-57699 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-57699.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2024-57699"
    },
    {
      "cve": "CVE-2025-1948",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "description",
          "text": "Eclipse Jetty versions 12.0.0 to 12.0.16 are vulnerable to OutOfMemoryError and denial of service attacks due to improper validation of the SETTINGS_MAX_HEADER_LIST_SIZE parameter, affecting various products including Oracle Communications EAGLE and NetApp.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-1948 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-1948.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-1948"
    },
    {
      "cve": "CVE-2025-3576",
      "cwe": {
        "id": "CWE-328",
        "name": "Use of Weak Hash"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use of Weak Hash",
          "title": "CWE-328"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in krb5 and MIT Kerberos implementations allow for message spoofing via MD5 checksum weaknesses, while Oracle Communications Network Analytics Data Director is susceptible to unauthorized data manipulation through SSH access.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-3576 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-3576.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-3576"
    },
    {
      "cve": "CVE-2025-4373",
      "cwe": {
        "id": "CWE-124",
        "name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Buffer Underwrite (\u0027Buffer Underflow\u0027)",
          "title": "CWE-124"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Communications Cloud Native Core and glib2 involve unauthorized access risks and buffer overflow issues, affecting multiple products with varying severity levels.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-4373 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4373.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:L/E:U",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-4373"
    },
    {
      "cve": "CVE-2025-4517",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        },
        {
          "category": "description",
          "text": "Recent updates to Python versions 3.6 through 3.13.5 address multiple security vulnerabilities, particularly in the tarfile module, while enhancing various functionalities and resolving issues related to memory management and IPv6 handling.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-4517 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4517.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-4517"
    },
    {
      "cve": "CVE-2025-4802",
      "cwe": {
        "id": "CWE-426",
        "name": "Untrusted Search Path"
      },
      "notes": [
        {
          "category": "other",
          "text": "Untrusted Search Path",
          "title": "CWE-426"
        },
        {
          "category": "description",
          "text": "Vulnerabilities in Oracle Communications Cloud Native Core and glibc allow unauthenticated access and privilege escalation, with CVSS scores of 7.8, affecting confidentiality, integrity, and availability.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-4802 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4802.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-4802"
    },
    {
      "cve": "CVE-2025-5115",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "description",
          "text": "The \u0027MadeYouReset\u0027 vulnerability in HTTP/2 affects certain Jetty versions, allowing denial of service through malformed control frames, while additional vulnerabilities exist in Oracle Communications and SAP Commerce Cloud.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-5115 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5115.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-5115"
    },
    {
      "cve": "CVE-2025-5318",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle MySQL Workbench and the libssh library expose sensitive data and allow unauthorized access, with CVSS scores indicating moderate severity.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-5318 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5318.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-5318"
    },
    {
      "cve": "CVE-2025-5399",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
          "title": "CWE-835"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities in Oracle MySQL Server and Cluster, along with libcurl\u0027s WebSocket code, allow for various denial of service attacks, with CVSS scores ranging from 4.3 to 7.5.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-5399 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5399.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-5399"
    },
    {
      "cve": "CVE-2025-5889",
      "cwe": {
        "id": "CWE-1333",
        "name": "Inefficient Regular Expression Complexity"
      },
      "notes": [
        {
          "category": "other",
          "text": "Inefficient Regular Expression Complexity",
          "title": "CWE-1333"
        },
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "description",
          "text": "The juliangruber brace-expansion library has a vulnerability in versions up to 4.0.0 affecting the expand function, while Oracle Communications Unified Assurance versions 6.1.0-6.1.1 are susceptible to a partial denial of service by low-privileged attackers.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-5889 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5889.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:O/RC:C",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-5889"
    },
    {
      "cve": "CVE-2025-6965",
      "cwe": {
        "id": "CWE-197",
        "name": "Numeric Truncation Error"
      },
      "notes": [
        {
          "category": "other",
          "text": "Numeric Truncation Error",
          "title": "CWE-197"
        },
        {
          "category": "description",
          "text": "Critical vulnerabilities in Oracle Communications Cloud Native Core and SQLite versions prior to 3.50.2 expose systems to severe risks, including memory corruption and integer truncation issues.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-6965 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-6965.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-6965"
    },
    {
      "cve": "CVE-2025-7339",
      "cwe": {
        "id": "CWE-241",
        "name": "Improper Handling of Unexpected Data Type"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Handling of Unexpected Data Type",
          "title": "CWE-241"
        },
        {
          "category": "description",
          "text": "Oracle Communications Unified Assurance has a vulnerability allowing unauthorized data access, while the on-headers middleware for Node.js has a bug affecting response header modifications in versions prior to 1.1.0.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-7339 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-7339.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.4,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-7339"
    },
    {
      "cve": "CVE-2025-7425",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Communications Cloud Native Core and libxslt expose systems to unauthorized access and memory corruption, with significant impacts on integrity and availability.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-7425 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-7425.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-7425"
    },
    {
      "cve": "CVE-2025-7962",
      "cwe": {
        "id": "CWE-147",
        "name": "Improper Neutralization of Input Terminators"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input Terminators",
          "title": "CWE-147"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Communications Cloud Native Core Console and Jakarta Mail versions 2.0.2 and 2.2 expose systems to significant risks, including unauthorized access and SMTP Injection attacks.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-7962 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-7962.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-7962"
    },
    {
      "cve": "CVE-2025-8058",
      "cwe": {
        "id": "CWE-415",
        "name": "Double Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Double Free",
          "title": "CWE-415"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Enterprise Operations Monitor and GNU C library versions 2.4 to 2.41 expose systems to potential unauthorized access, memory corruption, and denial of service risks.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:P/VC:L/VI:L/VA:H/SC:L/SI:L/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-8058 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8058.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-8058"
    },
    {
      "cve": "CVE-2025-8916",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Bouncy Castle for Java and BCPKIX FIPS have a vulnerability allowing excessive resource allocation, while Oracle Communications Cloud Native Core Certificate Management and certain NetApp products face denial of service risks.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-8916 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8916.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-8916"
    },
    {
      "cve": "CVE-2025-9086",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "The curl update 8.14.1 addresses security vulnerabilities, including out-of-bounds reads, proxy cache poisoning, and a bug allowing insecure sites to override secure cookies, alongside a denial of service vulnerability in Oracle Communications Unified Inventory Management.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-9086 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9086.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-9086"
    },
    {
      "cve": "CVE-2025-25724",
      "cwe": {
        "id": "CWE-252",
        "name": "Unchecked Return Value"
      },
      "notes": [
        {
          "category": "other",
          "text": "Unchecked Return Value",
          "title": "CWE-252"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities have been identified in Oracle Communications Network Analytics Data Director and the libarchive component, affecting system integrity and availability, with CVSS scores indicating significant risks.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-25724 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-25724.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-25724"
    },
    {
      "cve": "CVE-2025-27210",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        },
        {
          "category": "description",
          "text": "Node.js versions 20.x, 22.x, and 24.x have an incomplete fix for CVE-2025-23084 affecting Windows device names and the `path.join` API, while Oracle Communications\u0027 Cloud Native Environment has a non-exploitable Security-in-Depth issue.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-27210 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27210.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-27210"
    },
    {
      "cve": "CVE-2025-27533",
      "cwe": {
        "id": "CWE-789",
        "name": "Memory Allocation with Excessive Size Value"
      },
      "notes": [
        {
          "category": "other",
          "text": "Memory Allocation with Excessive Size Value",
          "title": "CWE-789"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Apache ActiveMQ and Oracle products allow for denial of service attacks due to improper validation and excessive memory allocation, affecting various versions and configurations.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:M/U:Red",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-27533 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27533.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-27533"
    },
    {
      "cve": "CVE-2025-27553",
      "cwe": {
        "id": "CWE-23",
        "name": "Relative Path Traversal"
      },
      "notes": [
        {
          "category": "other",
          "text": "Relative Path Traversal",
          "title": "CWE-23"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Middleware and Apache Commons VFS expose critical data and allow unauthorized file access, with significant risks associated with their exploitation.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-27553 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27553.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-27553"
    },
    {
      "cve": "CVE-2025-27587",
      "cwe": {
        "id": "CWE-385",
        "name": "Covert Timing Channel"
      },
      "notes": [
        {
          "category": "other",
          "text": "Covert Timing Channel",
          "title": "CWE-385"
        },
        {
          "category": "description",
          "text": "OpenSSL versions 3.0.0 to 3.3.2 on PowerPC are vulnerable to a Minerva attack, while Oracle Communications Cloud Native Core Certificate Management 25.1.200 has a critical data access vulnerability, and OpenSSL 3 has addressed timing side channel issues.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:P/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-27587 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27587.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-27587"
    },
    {
      "cve": "CVE-2025-27817",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Server-Side Request Forgery (SSRF)",
          "title": "CWE-918"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Apache Kafka and Oracle applications allow unauthorized access to sensitive data, with notable SSRF risks and CVSS scores of 7.5 for Oracle products.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-27817 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27817.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-27817"
    },
    {
      "cve": "CVE-2025-32415",
      "cwe": {
        "id": "CWE-1284",
        "name": "Improper Validation of Specified Quantity in Input"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Validation of Specified Quantity in Input",
          "title": "CWE-1284"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities have been identified in Oracle Java SE and libxml2, allowing for potential system compromise and denial of service, with CVSS scores of 7.5 for several issues.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-32415 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32415.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-32415"
    },
    {
      "cve": "CVE-2025-32728",
      "cwe": {
        "id": "CWE-440",
        "name": "Expected Behavior Violation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Expected Behavior Violation",
          "title": "CWE-440"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Oracle Enterprise Communications Broker, OpenSSH, and HP-UX Secure Shell daemon could lead to unauthorized data access and system compromise, with varying CVSS scores and exploitation potential.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-32728 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32728.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-32728"
    },
    {
      "cve": "CVE-2025-32990",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Communications Unified Inventory Management and GnuTLS\u0027s certtool expose systems to denial-of-service and unauthorized data access, with significant integrity impacts and a CVSS score of 8.2 for Oracle\u0027s flaw.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-32990 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32990.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-32990"
    },
    {
      "cve": "CVE-2025-48734",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "description",
          "text": "Recent updates to Apache Commons BeanUtils address multiple vulnerabilities, including arbitrary code execution risks and unauthorized access to Java enum properties, affecting versions prior to 1.11.0 and 2.0.0-M2.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-48734 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48734.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-48734"
    },
    {
      "cve": "CVE-2025-48924",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Recursion",
          "title": "CWE-674"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle WebLogic Server and Apache Commons Lang versions expose systems to denial of service risks, including an uncontrolled recursion flaw leading to StackOverflowErrors.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-48924 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-48924"
    },
    {
      "cve": "CVE-2025-48976",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities affecting Oracle Application Testing Suite and Apache Commons FileUpload, including DoS risks due to insufficient multipart header limits, have been identified, with CVSS scores reaching 7.5.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-48976 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-48976"
    },
    {
      "cve": "CVE-2025-48989",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "description",
          "text": "Recent updates for Apache Tomcat versions 9, 10, and 11 address the \u0027MadeYouReset\u0027 DoS vulnerability in HTTP/2, along with various enhancements to components like Catalina and Coyote.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-48989 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48989.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-48989"
    },
    {
      "cve": "CVE-2025-49796",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "Recent updates for libxml2 address multiple vulnerabilities, including heap use after free and type confusion, which could lead to denial of service or crashes, alongside an Oracle vulnerability allowing unauthorized data access.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-49796 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-49796.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-49796"
    },
    {
      "cve": "CVE-2025-52999",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Stack-based Buffer Overflow",
          "title": "CWE-121"
        },
        {
          "category": "description",
          "text": "Oracle Communications Unified Assurance has a vulnerability allowing denial of service, while jackson-core versions prior to 2.15.0 can cause StackoverflowError with deeply nested data, now mitigated in version 2.15.0.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-52999 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-52999.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-52999"
    },
    {
      "cve": "CVE-2025-53547",
      "cwe": {
        "id": "CWE-94",
        "name": "Improper Control of Generation of Code (\u0027Code Injection\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
          "title": "CWE-94"
        },
        {
          "category": "description",
          "text": "Helm v3.18.4 addresses a critical vulnerability allowing local code execution through crafted `Chart.yaml` and symlinked `Chart.lock` files during dependency updates, alongside an Oracle Communications flaw with a CVSS score of 8.6.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-53547 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53547.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-53547"
    },
    {
      "cve": "CVE-2025-53643",
      "cwe": {
        "id": "CWE-444",
        "name": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request/Response Smuggling\u0027)",
          "title": "CWE-444"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Communications Operations Monitor and aiohttp could allow unauthorized access and data manipulation, with significant integrity impacts and request smuggling risks in affected versions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-53643 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53643.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-53643"
    },
    {
      "cve": "CVE-2025-53864",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Recursion",
          "title": "CWE-674"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle GoldenGate and Connect2id Nimbus JOSE + JWT expose systems to denial of service attacks, with CVSS scores indicating significant availability impacts due to issues with deeply nested JSON objects.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-53864 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53864.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-53864"
    },
    {
      "cve": "CVE-2025-54090",
      "cwe": {
        "id": "CWE-253",
        "name": "Incorrect Check of Function Return Value"
      },
      "notes": [
        {
          "category": "other",
          "text": "Incorrect Check of Function Return Value",
          "title": "CWE-253"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Communications Cloud Native Core Automated Test Suite and Apache HTTP Server 2.4.64 expose systems to unauthorized data access and potential denial of service, with a CVSS score of 6.3 for the Oracle issue.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-54090 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54090.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-54090"
    },
    {
      "cve": "CVE-2025-55163",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Recent updates to Netty address critical vulnerabilities, including the \u0027MadeYouReset\u0027 DDoS attack in HTTP/2, which can lead to denial of service through resource exhaustion in various affected versions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-55163 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-55163"
    },
    {
      "cve": "CVE-2025-57803",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "other",
          "text": "Integer Overflow or Wraparound",
          "title": "CWE-190"
        },
        {
          "category": "description",
          "text": "ImageMagick has addressed critical vulnerabilities in its BMP encoder, including a 32-bit integer overflow leading to heap corruption and potential code execution, alongside other security enhancements.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-57803 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-57803.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-57803"
    },
    {
      "cve": "CVE-2025-58057",
      "cwe": {
        "id": "CWE-409",
        "name": "Improper Handling of Highly Compressed Data (Data Amplification)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Handling of Highly Compressed Data (Data Amplification)",
          "title": "CWE-409"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities in decompressing decoders, including `BrotliDecoder`, and components of Oracle and HPE products can lead to denial of service through excessive buffer allocation and malformed HTTP/2 frames.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-58057 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58057.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-58057"
    },
    {
      "cve": "CVE-2025-59375",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "description",
          "text": "A memory amplification vulnerability in libexpat (CVE-2025-59375) allows excessive memory allocations from crafted XML input, affecting versions prior to 2.7.2, while a Security-in-Depth issue exists in Oracle Database Server\u0027s Perl component but is not exploitable.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20",
          "CSAFPID-21",
          "CSAFPID-22",
          "CSAFPID-23",
          "CSAFPID-24",
          "CSAFPID-25",
          "CSAFPID-26",
          "CSAFPID-27",
          "CSAFPID-28",
          "CSAFPID-29",
          "CSAFPID-30",
          "CSAFPID-31",
          "CSAFPID-32",
          "CSAFPID-33",
          "CSAFPID-34",
          "CSAFPID-35",
          "CSAFPID-36"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-59375 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59375.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20",
            "CSAFPID-21",
            "CSAFPID-22",
            "CSAFPID-23",
            "CSAFPID-24",
            "CSAFPID-25",
            "CSAFPID-26",
            "CSAFPID-27",
            "CSAFPID-28",
            "CSAFPID-29",
            "CSAFPID-30",
            "CSAFPID-31",
            "CSAFPID-32",
            "CSAFPID-33",
            "CSAFPID-34",
            "CSAFPID-35",
            "CSAFPID-36"
          ]
        }
      ],
      "title": "CVE-2025-59375"
    }
  ]
}

NCSC-2025-0333

Vulnerability from csaf_ncscnl - Published: 2025-10-23 13:35 - Updated: 2025-10-23 13:35

Summary

Kwetsbaarheden verholpen in Oracle Financial Services

Notes

Feiten: Oracle heeft kwetsbaarheden verholpen in Oracle Financial Services componenten.

Interpretaties: De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om ongeautoriseerde toegang te krijgen tot gevoelige gegevens via HTTP. Dit kan leiden tot ongeoorloofde toegang en wijzigingen van kritieke data, met een CVSS-score van 9.8 die de significante impact op de vertrouwelijkheid benadrukt. Daarnaast zijn er kwetsbaarheden die kunnen leiden tot denial-of-service (DoS) aanvallen, wat de beschikbaarheid van het systeem in gevaar kan brengen.

Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-20: Improper Input Validation

CWE-23: Relative Path Traversal

CWE-125: Out-of-bounds Read

CWE-197: Numeric Truncation Error

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE-284: Improper Access Control

CWE-285: Improper Authorization

CWE-306: Missing Authentication for Critical Function

CWE-400: Uncontrolled Resource Consumption

CWE-404: Improper Resource Shutdown or Release

CWE-611: Improper Restriction of XML External Entity Reference

CWE-674: Uncontrolled Recursion

CWE-770: Allocation of Resources Without Limits or Throttling

CWE-862: Missing Authorization

CWE-863: Incorrect Authorization

CWE-918: Server-Side Request Forgery (SSRF)

CWE-937: CWE-937

CWE-1035: CWE-1035

CWE-1284: Improper Validation of Specified Quantity in Input

CVE-2020-11988

Multiple vulnerabilities in Oracle Financial Services applications and Apache XmlGraphics Commons allow unauthorized access to critical data and server-side request forgery, all with a CVSS score of 8.2.

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Known affected 9 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Financial Services Revenue Management And Billing		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Origination		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Analytical Applications Infrastructure		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Behavior Detection Platform		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition		vers:unknown/*

CVE-2024-28168

Recent updates address multiple security vulnerabilities across various products, including XML External Entity (XXE) issues in Apache XML Graphics FOP and Oracle applications, allowing unauthorized access to sensitive data.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-611 - Improper Restriction of XML External Entity Reference

Affected products

Known affected 9 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Financial Services Revenue Management And Billing		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Origination		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Analytical Applications Infrastructure		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Behavior Detection Platform		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition		vers:unknown/*

CVE-2025-5115

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 9 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Financial Services Revenue Management And Billing		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Origination		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Analytical Applications Infrastructure		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Behavior Detection Platform		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition		vers:unknown/*

CVE-2025-6965

Critical vulnerabilities in Oracle Communications Cloud Native Core and SQLite versions prior to 3.50.2 expose systems to severe risks, including memory corruption and integer truncation issues.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-197 - Numeric Truncation Error

Affected products

Known affected 9 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Financial Services Revenue Management And Billing		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Origination		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Analytical Applications Infrastructure		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Behavior Detection Platform		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition		vers:unknown/*

CVE-2025-27553

Recent vulnerabilities in Oracle Middleware and Apache Commons VFS expose critical data and allow unauthorized file access, with significant risks associated with their exploitation.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-23 - Relative Path Traversal

Affected products

Known affected 9 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Financial Services Revenue Management And Billing		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Origination		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Analytical Applications Infrastructure		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Behavior Detection Platform		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition		vers:unknown/*

CVE-2025-27817

Multiple vulnerabilities across Apache Kafka and Oracle applications allow unauthorized access to sensitive data, with notable SSRF risks and CVSS scores of 7.5 for Oracle products.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Known affected 9 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Financial Services Revenue Management And Billing		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Origination		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Analytical Applications Infrastructure		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Behavior Detection Platform		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition		vers:unknown/*

CVE-2025-31672

Multiple vulnerabilities have been identified across various products, including Apache POI, Oracle BPM Suite, JD Edwards EnterpriseOne, and SAP BusinessObjects, affecting data integrity and allowing unauthorized access or manipulation.

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE-20 - Improper Input Validation

Affected products

Known affected 9 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Financial Services Revenue Management And Billing		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Origination		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Analytical Applications Infrastructure		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Behavior Detection Platform		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition		vers:unknown/*

CVE-2025-32415

Multiple vulnerabilities have been identified in Oracle Java SE and libxml2, allowing for potential system compromise and denial of service, with CVSS scores of 7.5 for several issues.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE-1284 - Improper Validation of Specified Quantity in Input

Affected products

Known affected 9 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Financial Services Revenue Management And Billing		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Origination		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Analytical Applications Infrastructure		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Behavior Detection Platform		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition		vers:unknown/*

CVE-2025-41249

Recent vulnerabilities in Oracle Financial Services and the Spring Framework expose critical data and authorization flaws, affecting multiple versions and products with significant security implications.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-285 - Improper Authorization

Affected products

Known affected 9 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Financial Services Revenue Management And Billing		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Origination		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Analytical Applications Infrastructure		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Behavior Detection Platform		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition		vers:unknown/*

CVE-2025-48924

Recent vulnerabilities in Oracle WebLogic Server and Apache Commons Lang versions expose systems to denial of service risks, including an uncontrolled recursion flaw leading to StackOverflowErrors.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-674 - Uncontrolled Recursion

Affected products

Known affected 9 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Financial Services Revenue Management And Billing		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Origination		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Analytical Applications Infrastructure		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Behavior Detection Platform		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition		vers:unknown/*

CVE-2025-48976

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 9 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Financial Services Revenue Management And Billing		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Origination		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Analytical Applications Infrastructure		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Behavior Detection Platform		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition		vers:unknown/*

CVE-2025-48989

Recent updates for Apache Tomcat versions 9, 10, and 11 address the 'MadeYouReset' DoS vulnerability in HTTP/2, along with various enhancements to components like Catalina and Coyote.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 9 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Financial Services Revenue Management And Billing		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Origination		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Analytical Applications Infrastructure		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Behavior Detection Platform		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition		vers:unknown/*

CVE-2025-50074

A vulnerability in Oracle Financial Services Revenue Management and Billing (versions 2.9.0.0.0-7.2.0.0.0) allows high-privileged attackers to gain unauthorized access to critical data via HTTP, with a CVSS 3.1 Base Score of 4.9.

4.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 9 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Financial Services Revenue Management And Billing		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Origination		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Analytical Applications Infrastructure		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Behavior Detection Platform		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition		vers:unknown/*

CVE-2025-50075

A vulnerability in Oracle Financial Services Revenue Management and Billing (versions 2.9.0.0.0-7.2.0.0.0) allows low privileged attackers with HTTP access to potentially gain unauthorized access to critical data, with a CVSS score of 6.5.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-284 - Improper Access Control

Affected products

Known affected 9 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Financial Services Revenue Management And Billing		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Origination		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Analytical Applications Infrastructure		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Behavior Detection Platform		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition		vers:unknown/*

CVE-2025-53034

A vulnerability in Oracle Financial Services Analytical Applications Infrastructure versions 8.0.7.9, 8.0.8.7, and 8.1.2.5 allows unauthenticated attackers to compromise the system with human interaction, leading to unauthorized data access and modifications.

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

CWE-306 - Missing Authentication for Critical Function

Affected products

Known affected 9 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Financial Services Revenue Management And Billing		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Origination		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Analytical Applications Infrastructure		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Behavior Detection Platform		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition		vers:unknown/*

CVE-2025-53035

A vulnerability in Oracle Financial Services Analytical Applications Infrastructure allows low privileged attackers to access critical data, affecting versions 8.0.7.9, 8.0.8.7, and 8.1.2.5, with a CVSS score of 6.5.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-284 - Improper Access Control

Affected products

Known affected 9 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Financial Services Revenue Management And Billing		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Origination		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Analytical Applications Infrastructure		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Behavior Detection Platform		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition		vers:unknown/*

CVE-2025-53036

A vulnerability in Oracle Financial Services Analytical Applications Infrastructure versions 8.0.7.9, 8.0.8.7, and 8.1.2.5 allows unauthenticated attackers to access critical data via HTTP, with a CVSS score of 8.6.

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 9 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Financial Services Revenue Management And Billing		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Origination		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Analytical Applications Infrastructure		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Behavior Detection Platform		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition		vers:unknown/*

CVE-2025-53037

A critical vulnerability in Oracle Financial Services Analytical Applications Infrastructure (versions 8.0.7.9, 8.0.8.7, and 8.1.2.5) allows unauthenticated attackers to compromise the system via HTTP, with a CVSS score of 9.8.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-306 - Missing Authentication for Critical Function

Affected products

Known affected 9 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Financial Services Revenue Management And Billing		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Origination		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Analytical Applications Infrastructure		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Behavior Detection Platform		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition		vers:unknown/*

CVE-2025-55163

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 9 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Financial Services Revenue Management And Billing		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Origination		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Analytical Applications Infrastructure		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Behavior Detection Platform		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition		vers:unknown/*

CVE-2025-59375

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 9 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Financial Services Revenue Management And Billing		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Origination		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Analytical Applications Infrastructure		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Behavior Detection Platform		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition		vers:unknown/*

CVE-2025-61751

A vulnerability in Oracle Financial Services Analytical Applications Infrastructure versions 8.0.7.9, 8.0.8.7, and 8.1.2.5 allows low-privileged attackers to exploit it via HTTP, posing significant risks to data confidentiality and integrity.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CWE-862 - Missing Authorization

Affected products

Known affected 9 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Financial Services Revenue Management And Billing		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Origination		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Analytical Applications Infrastructure		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Behavior Detection Platform		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition		vers:unknown/*

CVE-2025-61756

A vulnerability in Oracle Financial Services Analytical Applications Infrastructure allows unauthenticated attackers to execute denial of service attacks on specific versions, rated with a CVSS score of 7.5.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-306 - Missing Authentication for Critical Function

Affected products

Known affected 9 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Financial Services Revenue Management And Billing		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Branch		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Corporate Lending Process Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Banking Origination		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Analytical Applications Infrastructure		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Behavior Detection Platform		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Compliance Studio		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Model Management and Governance		vers:unknown/*
vers:unknown/* Oracle / Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition		vers:unknown/*

References

23 references

URL	Category
https://www.oracle.com/security-alerts/cpuoct2025.html	external
https://vulnerabilities.ncsc.nl/csaf/v2/2020/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Oracle heeft kwetsbaarheden verholpen in Oracle Financial Services componenten.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden stellen ongeauthenticeerde aanvallers in staat om ongeautoriseerde toegang te krijgen tot gevoelige gegevens via HTTP. Dit kan leiden tot ongeoorloofde toegang en wijzigingen van kritieke data, met een CVSS-score van 9.8 die de significante impact op de vertrouwelijkheid benadrukt. Daarnaast zijn er kwetsbaarheden die kunnen leiden tot denial-of-service (DoS) aanvallen, wat de beschikbaarheid van het systeem in gevaar kan brengen.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Relative Path Traversal",
        "title": "CWE-23"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Read",
        "title": "CWE-125"
      },
      {
        "category": "general",
        "text": "Numeric Truncation Error",
        "title": "CWE-197"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information to an Unauthorized Actor",
        "title": "CWE-200"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      },
      {
        "category": "general",
        "text": "Improper Authorization",
        "title": "CWE-285"
      },
      {
        "category": "general",
        "text": "Missing Authentication for Critical Function",
        "title": "CWE-306"
      },
      {
        "category": "general",
        "text": "Uncontrolled Resource Consumption",
        "title": "CWE-400"
      },
      {
        "category": "general",
        "text": "Improper Resource Shutdown or Release",
        "title": "CWE-404"
      },
      {
        "category": "general",
        "text": "Improper Restriction of XML External Entity Reference",
        "title": "CWE-611"
      },
      {
        "category": "general",
        "text": "Uncontrolled Recursion",
        "title": "CWE-674"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      },
      {
        "category": "general",
        "text": "Missing Authorization",
        "title": "CWE-862"
      },
      {
        "category": "general",
        "text": "Incorrect Authorization",
        "title": "CWE-863"
      },
      {
        "category": "general",
        "text": "Server-Side Request Forgery (SSRF)",
        "title": "CWE-918"
      },
      {
        "category": "general",
        "text": "CWE-937",
        "title": "CWE-937"
      },
      {
        "category": "general",
        "text": "CWE-1035",
        "title": "CWE-1035"
      },
      {
        "category": "general",
        "text": "Improper Validation of Specified Quantity in Input",
        "title": "CWE-1284"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://www.oracle.com/security-alerts/cpuoct2025.html"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Oracle Financial Services",
    "tracking": {
      "current_release_date": "2025-10-23T13:35:32.902231Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2025-0333",
      "initial_release_date": "2025-10-23T13:35:32.902231Z",
      "revision_history": [
        {
          "date": "2025-10-23T13:35:32.902231Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "Financial Services Revenue Management And Billing"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Banking Branch"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Banking Corporate Lending Process Management"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-4"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Banking Origination"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-5"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Financial Services Analytical Applications Infrastructure"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-6"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Financial Services Behavior Detection Platform"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-7"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Financial Services Compliance Studio"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-8"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Financial Services Model Management and Governance"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-9"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Financial Services Trade-Based Anti Money Laundering Enterprise Edition"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-11988",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Server-Side Request Forgery (SSRF)",
          "title": "CWE-918"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities in Oracle Financial Services applications and Apache XmlGraphics Commons allow unauthorized access to critical data and server-side request forgery, all with a CVSS score of 8.2.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2020-11988 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2020/cve-2020-11988.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9"
          ]
        }
      ],
      "title": "CVE-2020-11988"
    },
    {
      "cve": "CVE-2024-28168",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of XML External Entity Reference",
          "title": "CWE-611"
        },
        {
          "category": "description",
          "text": "Recent updates address multiple security vulnerabilities across various products, including XML External Entity (XXE) issues in Apache XML Graphics FOP and Oracle applications, allowing unauthorized access to sensitive data.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-28168 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-28168.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9"
          ]
        }
      ],
      "title": "CVE-2024-28168"
    },
    {
      "cve": "CVE-2025-5115",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "description",
          "text": "The \u0027MadeYouReset\u0027 vulnerability in HTTP/2 affects certain Jetty versions, allowing denial of service through malformed control frames, while additional vulnerabilities exist in Oracle Communications and SAP Commerce Cloud.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-5115 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5115.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9"
          ]
        }
      ],
      "title": "CVE-2025-5115"
    },
    {
      "cve": "CVE-2025-6965",
      "cwe": {
        "id": "CWE-197",
        "name": "Numeric Truncation Error"
      },
      "notes": [
        {
          "category": "other",
          "text": "Numeric Truncation Error",
          "title": "CWE-197"
        },
        {
          "category": "description",
          "text": "Critical vulnerabilities in Oracle Communications Cloud Native Core and SQLite versions prior to 3.50.2 expose systems to severe risks, including memory corruption and integer truncation issues.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:N/AU:N/R:U/V:D/RE:L/U:Green",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-6965 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-6965.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9"
          ]
        }
      ],
      "title": "CVE-2025-6965"
    },
    {
      "cve": "CVE-2025-27553",
      "cwe": {
        "id": "CWE-23",
        "name": "Relative Path Traversal"
      },
      "notes": [
        {
          "category": "other",
          "text": "Relative Path Traversal",
          "title": "CWE-23"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Middleware and Apache Commons VFS expose critical data and allow unauthorized file access, with significant risks associated with their exploitation.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-27553 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27553.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9"
          ]
        }
      ],
      "title": "CVE-2025-27553"
    },
    {
      "cve": "CVE-2025-27817",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Server-Side Request Forgery (SSRF)",
          "title": "CWE-918"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Apache Kafka and Oracle applications allow unauthorized access to sensitive data, with notable SSRF risks and CVSS scores of 7.5 for Oracle products.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-27817 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27817.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9"
          ]
        }
      ],
      "title": "CVE-2025-27817"
    },
    {
      "cve": "CVE-2025-31672",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities have been identified across various products, including Apache POI, Oracle BPM Suite, JD Edwards EnterpriseOne, and SAP BusinessObjects, affecting data integrity and allowing unauthorized access or manipulation.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-31672 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-31672.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9"
          ]
        }
      ],
      "title": "CVE-2025-31672"
    },
    {
      "cve": "CVE-2025-32415",
      "cwe": {
        "id": "CWE-1284",
        "name": "Improper Validation of Specified Quantity in Input"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Validation of Specified Quantity in Input",
          "title": "CWE-1284"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities have been identified in Oracle Java SE and libxml2, allowing for potential system compromise and denial of service, with CVSS scores of 7.5 for several issues.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-32415 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32415.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9"
          ]
        }
      ],
      "title": "CVE-2025-32415"
    },
    {
      "cve": "CVE-2025-41249",
      "cwe": {
        "id": "CWE-285",
        "name": "Improper Authorization"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Authorization",
          "title": "CWE-285"
        },
        {
          "category": "other",
          "text": "Incorrect Authorization",
          "title": "CWE-863"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Financial Services and the Spring Framework expose critical data and authorization flaws, affecting multiple versions and products with significant security implications.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-41249 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41249.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9"
          ]
        }
      ],
      "title": "CVE-2025-41249"
    },
    {
      "cve": "CVE-2025-48924",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Recursion",
          "title": "CWE-674"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle WebLogic Server and Apache Commons Lang versions expose systems to denial of service risks, including an uncontrolled recursion flaw leading to StackOverflowErrors.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-48924 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9"
          ]
        }
      ],
      "title": "CVE-2025-48924"
    },
    {
      "cve": "CVE-2025-48976",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities affecting Oracle Application Testing Suite and Apache Commons FileUpload, including DoS risks due to insufficient multipart header limits, have been identified, with CVSS scores reaching 7.5.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-48976 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9"
          ]
        }
      ],
      "title": "CVE-2025-48976"
    },
    {
      "cve": "CVE-2025-48989",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "description",
          "text": "Recent updates for Apache Tomcat versions 9, 10, and 11 address the \u0027MadeYouReset\u0027 DoS vulnerability in HTTP/2, along with various enhancements to components like Catalina and Coyote.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-48989 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48989.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9"
          ]
        }
      ],
      "title": "CVE-2025-48989"
    },
    {
      "cve": "CVE-2025-50074",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "description",
          "text": "A vulnerability in Oracle Financial Services Revenue Management and Billing (versions 2.9.0.0.0-7.2.0.0.0) allows high-privileged attackers to gain unauthorized access to critical data via HTTP, with a CVSS 3.1 Base Score of 4.9.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-50074 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-50074.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9"
          ]
        }
      ],
      "title": "CVE-2025-50074"
    },
    {
      "cve": "CVE-2025-50075",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "description",
          "text": "A vulnerability in Oracle Financial Services Revenue Management and Billing (versions 2.9.0.0.0-7.2.0.0.0) allows low privileged attackers with HTTP access to potentially gain unauthorized access to critical data, with a CVSS score of 6.5.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-50075 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-50075.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9"
          ]
        }
      ],
      "title": "CVE-2025-50075"
    },
    {
      "cve": "CVE-2025-53034",
      "cwe": {
        "id": "CWE-306",
        "name": "Missing Authentication for Critical Function"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Authentication for Critical Function",
          "title": "CWE-306"
        },
        {
          "category": "description",
          "text": "A vulnerability in Oracle Financial Services Analytical Applications Infrastructure versions 8.0.7.9, 8.0.8.7, and 8.1.2.5 allows unauthenticated attackers to compromise the system with human interaction, leading to unauthorized data access and modifications.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-53034 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53034.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9"
          ]
        }
      ],
      "title": "CVE-2025-53034"
    },
    {
      "cve": "CVE-2025-53035",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "description",
          "text": "A vulnerability in Oracle Financial Services Analytical Applications Infrastructure allows low privileged attackers to access critical data, affecting versions 8.0.7.9, 8.0.8.7, and 8.1.2.5, with a CVSS score of 6.5.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-53035 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53035.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9"
          ]
        }
      ],
      "title": "CVE-2025-53035"
    },
    {
      "cve": "CVE-2025-53036",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "description",
          "text": "A vulnerability in Oracle Financial Services Analytical Applications Infrastructure versions 8.0.7.9, 8.0.8.7, and 8.1.2.5 allows unauthenticated attackers to access critical data via HTTP, with a CVSS score of 8.6.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-53036 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53036.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9"
          ]
        }
      ],
      "title": "CVE-2025-53036"
    },
    {
      "cve": "CVE-2025-53037",
      "cwe": {
        "id": "CWE-306",
        "name": "Missing Authentication for Critical Function"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Authentication for Critical Function",
          "title": "CWE-306"
        },
        {
          "category": "description",
          "text": "A critical vulnerability in Oracle Financial Services Analytical Applications Infrastructure (versions 8.0.7.9, 8.0.8.7, and 8.1.2.5) allows unauthenticated attackers to compromise the system via HTTP, with a CVSS score of 9.8.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-53037 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53037.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9"
          ]
        }
      ],
      "title": "CVE-2025-53037"
    },
    {
      "cve": "CVE-2025-55163",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Recent updates to Netty address critical vulnerabilities, including the \u0027MadeYouReset\u0027 DDoS attack in HTTP/2, which can lead to denial of service through resource exhaustion in various affected versions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-55163 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9"
          ]
        }
      ],
      "title": "CVE-2025-55163"
    },
    {
      "cve": "CVE-2025-59375",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "description",
          "text": "A memory amplification vulnerability in libexpat (CVE-2025-59375) allows excessive memory allocations from crafted XML input, affecting versions prior to 2.7.2, while a Security-in-Depth issue exists in Oracle Database Server\u0027s Perl component but is not exploitable.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-59375 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59375.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9"
          ]
        }
      ],
      "title": "CVE-2025-59375"
    },
    {
      "cve": "CVE-2025-61751",
      "cwe": {
        "id": "CWE-862",
        "name": "Missing Authorization"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Authorization",
          "title": "CWE-862"
        },
        {
          "category": "description",
          "text": "A vulnerability in Oracle Financial Services Analytical Applications Infrastructure versions 8.0.7.9, 8.0.8.7, and 8.1.2.5 allows low-privileged attackers to exploit it via HTTP, posing significant risks to data confidentiality and integrity.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-61751 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61751.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9"
          ]
        }
      ],
      "title": "CVE-2025-61751"
    },
    {
      "cve": "CVE-2025-61756",
      "cwe": {
        "id": "CWE-306",
        "name": "Missing Authentication for Critical Function"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Authentication for Critical Function",
          "title": "CWE-306"
        },
        {
          "category": "description",
          "text": "A vulnerability in Oracle Financial Services Analytical Applications Infrastructure allows unauthenticated attackers to execute denial of service attacks on specific versions, rated with a CVSS score of 7.5.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-61756 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61756.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9"
          ]
        }
      ],
      "title": "CVE-2025-61756"
    }
  ]
}

NCSC-2026-0022

Vulnerability from csaf_ncscnl - Published: 2026-01-21 09:25 - Updated: 2026-01-21 09:25

Summary

Kwetsbaarheden verholpen in Oracle Communications producten

Notes

Feiten: Oracle heeft kwetsbaarheden verholpen in Oracle Communications producten.

Interpretaties: De kwetsbaarheden stellen aanvallers in staat om ongeautoriseerde toegang te krijgen tot het systeem, wat kan leiden tot gegevensmanipulatie en gedeeltelijke denial-of-service. De aanvallers kunnen deze kwetsbaarheden misbruiken via HTTP-verzoeken, wat mogelijk resulteert in een significante impact op de beschikbaarheid en integriteit van de gegevens.

Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-863: Incorrect Authorization

CWE-937: CWE-937

CWE-1035: CWE-1035

CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-20: Improper Input Validation

CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-116: Improper Encoding or Escaping of Output

CWE-121: Stack-based Buffer Overflow

CWE-122: Heap-based Buffer Overflow

CWE-123: Write-what-where Condition

CWE-125: Out-of-bounds Read

CWE-126: Buffer Over-read

CWE-201: Insertion of Sensitive Information Into Sent Data

CWE-209: Generation of Error Message Containing Sensitive Information

CWE-252: Unchecked Return Value

CWE-284: Improper Access Control

CWE-285: Improper Authorization

CWE-295: Improper Certificate Validation

CWE-297: Improper Validation of Certificate with Host Mismatch

CWE-393: Return of Wrong Status Code

CWE-400: Uncontrolled Resource Consumption

CWE-404: Improper Resource Shutdown or Release

CWE-407: Inefficient Algorithmic Complexity

CWE-409: Improper Handling of Highly Compressed Data (Data Amplification)

CWE-415: Double Free

CWE-416: Use After Free

CWE-611: Improper Restriction of XML External Entity Reference

CWE-674: Uncontrolled Recursion

CWE-770: Allocation of Resources Without Limits or Throttling

CWE-787: Out-of-bounds Write

CWE-789: Memory Allocation with Excessive Size Value

CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

CVE-2024-12133

Multiple vulnerabilities across Oracle Communications products and GNU libtasn1 versions could allow unauthenticated attackers to execute partial denial of service attacks, with CVSS scores of 5.3 for affected versions.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-407 - Inefficient Algorithmic Complexity

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2024-46901

Recent vulnerabilities in Oracle Communications Unified Assurance and Apache Subversion, including denial-of-service risks and insufficient filename validation, highlight critical security concerns across multiple versions.

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

CWE-116 - Improper Encoding or Escaping of Output

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-5115

Multiple vulnerabilities, including the 'MadeYouReset' attack in HTTP/2 and unauthenticated issues in Oracle products, can lead to denial of service across various platforms such as Eclipse Jetty and SAP Commerce Cloud.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-5318

Multiple vulnerabilities across MySQL Workbench, Oracle Communications Policy Management, and libssh expose sensitive data and integrity risks, with CVSS scores of 5.4 and moderate severity for certain libssh flaws.

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L

CWE-125 - Out-of-bounds Read

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-5987

Multiple vulnerabilities in Oracle Communications products and libssh could allow low privileged attackers to manipulate data, disclose sensitive information, or cause system disruptions.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-393 - Return of Wrong Status Code

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-8194

Recent updates for Python 3 address multiple vulnerabilities, including denial of service risks in the tarfile module and HTML parsing, affecting various versions and leading to potential infinite loops and deadlocks.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-8916

Multiple vulnerabilities have been identified across various products, including Bouncy Castle for Java, Oracle Communications, and Siebel CRM, allowing for excessive resource allocation and potential denial of service by unauthenticated attackers.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-9900

Recent vulnerabilities in Oracle Communications Policy Management and Libtiff, including a critical flaw in Libtiff allowing memory manipulation, pose significant risks to system integrity and confidentiality.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-123 - Write-what-where Condition

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-25193

Recent updates reveal critical vulnerabilities in Netty and various Oracle products, primarily leading to denial of service risks due to unsafe file handling and low privilege exploitability.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-26333

Oracle Database Server and Oracle GoldenGate have Security-in-Depth issues related to Dell BSAFE Crypto-J, which cannot be exploited within their respective contexts, although error messages may expose sensitive information.

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-209 - Generation of Error Message Containing Sensitive Information

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-27533

Multiple vulnerabilities across Apache ActiveMQ and Oracle products allow unauthenticated attackers to exploit denial of service (DoS) conditions through various network access methods, affecting several versions.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-789 - Memory Allocation with Excessive Size Value

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-32988

Multiple vulnerabilities have been identified in Oracle Cloud Native Session Border Controller, Oracle Communications Unified Inventory Management, and GnuTLS, allowing for denial of service and unauthorized data access or modification.

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE-415 - Double Free

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-32990

Recent vulnerabilities in Oracle Communications products and GnuTLS's certtool utility expose systems to denial-of-service and unauthorized data access, with CVSS scores of 8.2 for Oracle and critical heap buffer overflow issues in GnuTLS.

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

CWE-122 - Heap-based Buffer Overflow

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-41249

Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-285 - Improper Authorization

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-46727

Recent vulnerabilities in Rack and Oracle Communications Unified Assurance allow denial of service through unbounded parameter parsing and unauthenticated HTTP requests, affecting multiple versions and leading to potential memory exhaustion.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-48060

Recent vulnerabilities in Oracle Cloud Native Session Border Controller and the jq command-line JSON processor expose systems to denial of service attacks, with significant severity ratings.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-121 - Stack-based Buffer Overflow

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-48734

Recent updates to Apache Commons BeanUtils and Oracle products address multiple vulnerabilities, including remote code execution and system compromise risks, affecting various versions and components.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-284 - Improper Access Control

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-48924

Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-674 - Uncontrolled Recursion

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-48976

Multiple denial-of-service vulnerabilities have been identified in Oracle Application Testing Suite, Oracle Agile PLM, Apache Commons FileUpload, and HPE IceWall Identity Manager, with CVSS scores of 7.5 for some products.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-49844

Redis versions 8.2.1 and below, along with valkey version 8.0.6, have vulnerabilities in the Lua scripting engine that can lead to remote code execution, with fixes available in newer versions.

10.0 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-416 - Use After Free

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-54571

Recent vulnerabilities in Oracle HTTP Server and ModSecurity allow for denial of service and potential XSS attacks, affecting specific versions with significant severity scores.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-252 - Unchecked Return Value

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-55163

Recent updates to Netty and Oracle Communications products address critical vulnerabilities, including the 'MadeYouReset' attack in HTTP/2, which can lead to denial of service and resource exhaustion.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-58057

Multiple vulnerabilities across various products, including the `BrotliDecoder`, Oracle Communications Cloud Native Core Policy, and HPE Telco Intelligent Assurance, can lead to denial of service (DoS) through excessive resource allocation or malformed inputs.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-409 - Improper Handling of Highly Compressed Data (Data Amplification)

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-58098

Recent vulnerabilities in Oracle Communications Unified Assurance and Apache HTTP Server versions prior to 2.4.66 expose systems to unauthorized access and denial of service risks, with CVSS scores indicating moderate severity.

8.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L

CWE-201 - Insertion of Sensitive Information Into Sent Data

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-59375

Multiple vulnerabilities, including a memory amplification issue in libexpat and a DoS vulnerability in Oracle Communications Network Analytics, can lead to denial-of-service attacks without enabling arbitrary code execution.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-61795

Apache Tomcat and Oracle Communications Unified Assurance have critical vulnerabilities related to Denial of Service (DoS) risks, affecting multiple versions and requiring updates to address issues like improper resource shutdown and HTTP access exploitation.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-64718

Vulnerabilities in js-yaml and Oracle Communications Unified Assurance products allow for prototype pollution and system compromise, respectively, with specific versions affected and available patches.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWE-1321 - Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-65018

Recent vulnerabilities in Oracle Communications Unified Assurance and libpng affect data integrity and system availability, with specific issues including buffer overflows and unauthorized access in various versions.

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

CWE-122 - Heap-based Buffer Overflow

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-66418

The urllib3 library had a vulnerability allowing unbounded decompression chains, leading to potential Denial of Service (DoS) attacks due to excessive CPU and memory usage, fixed in version 2.6.0.

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-66516

Apache Tika has a critical XML External Entity (XXE) injection vulnerability affecting multiple modules, particularly in PDF parsing, allowing remote attackers to exploit crafted files for sensitive information disclosure or remote code execution.

10.0 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-611 - Improper Restriction of XML External Entity Reference

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

CVE-2025-68161

Apache Log4j Core versions 2.0-beta9 to 2.25.2 lack TLS hostname verification in the Socket Appender, while Oracle's Primavera Gateway has a vulnerability allowing unauthenticated access via TLS.

5.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE-297 - Improper Validation of Certificate with Host Mismatch

Affected products

Known affected 18 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Communications		vers:unknown/*
vers:unknown/* Oracle / Oracle Cloud Native Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications ASAP		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications BRM - Elastic Charging Engine		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Billing and Revenue Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Element Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications IP Service Activator		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Analytics Data Director		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Network Integrity		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Operations Monitor		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Order and Service Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Policy Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Pricing Design Center		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Border Controller		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Session Report Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Assurance		vers:unknown/*
vers:unknown/* Oracle / Oracle Communications Unified Inventory Management		vers:unknown/*
vers:unknown/* Oracle / Oracle Enterprise Communications Broker		vers:unknown/*

References

32 references

URL	Category
https://www.oracle.com/security-alerts/cpujan2026.html	external
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Oracle heeft kwetsbaarheden verholpen in Oracle Communications producten.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden stellen aanvallers in staat om ongeautoriseerde toegang te krijgen tot het systeem, wat kan leiden tot gegevensmanipulatie en gedeeltelijke denial-of-service. De aanvallers kunnen deze kwetsbaarheden misbruiken via HTTP-verzoeken, wat mogelijk resulteert in een significante impact op de beschikbaarheid en integriteit van de gegevens.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Incorrect Authorization",
        "title": "CWE-863"
      },
      {
        "category": "general",
        "text": "CWE-937",
        "title": "CWE-937"
      },
      {
        "category": "general",
        "text": "CWE-1035",
        "title": "CWE-1035"
      },
      {
        "category": "general",
        "text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
        "title": "CWE-1321"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Special Elements used in a Command (\u0027Command Injection\u0027)",
        "title": "CWE-77"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
        "title": "CWE-79"
      },
      {
        "category": "general",
        "text": "Improper Encoding or Escaping of Output",
        "title": "CWE-116"
      },
      {
        "category": "general",
        "text": "Stack-based Buffer Overflow",
        "title": "CWE-121"
      },
      {
        "category": "general",
        "text": "Heap-based Buffer Overflow",
        "title": "CWE-122"
      },
      {
        "category": "general",
        "text": "Write-what-where Condition",
        "title": "CWE-123"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Read",
        "title": "CWE-125"
      },
      {
        "category": "general",
        "text": "Buffer Over-read",
        "title": "CWE-126"
      },
      {
        "category": "general",
        "text": "Insertion of Sensitive Information Into Sent Data",
        "title": "CWE-201"
      },
      {
        "category": "general",
        "text": "Generation of Error Message Containing Sensitive Information",
        "title": "CWE-209"
      },
      {
        "category": "general",
        "text": "Unchecked Return Value",
        "title": "CWE-252"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      },
      {
        "category": "general",
        "text": "Improper Authorization",
        "title": "CWE-285"
      },
      {
        "category": "general",
        "text": "Improper Certificate Validation",
        "title": "CWE-295"
      },
      {
        "category": "general",
        "text": "Improper Validation of Certificate with Host Mismatch",
        "title": "CWE-297"
      },
      {
        "category": "general",
        "text": "Return of Wrong Status Code",
        "title": "CWE-393"
      },
      {
        "category": "general",
        "text": "Uncontrolled Resource Consumption",
        "title": "CWE-400"
      },
      {
        "category": "general",
        "text": "Improper Resource Shutdown or Release",
        "title": "CWE-404"
      },
      {
        "category": "general",
        "text": "Inefficient Algorithmic Complexity",
        "title": "CWE-407"
      },
      {
        "category": "general",
        "text": "Improper Handling of Highly Compressed Data (Data Amplification)",
        "title": "CWE-409"
      },
      {
        "category": "general",
        "text": "Double Free",
        "title": "CWE-415"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "Improper Restriction of XML External Entity Reference",
        "title": "CWE-611"
      },
      {
        "category": "general",
        "text": "Uncontrolled Recursion",
        "title": "CWE-674"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Write",
        "title": "CWE-787"
      },
      {
        "category": "general",
        "text": "Memory Allocation with Excessive Size Value",
        "title": "CWE-789"
      },
      {
        "category": "general",
        "text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
        "title": "CWE-835"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://www.oracle.com/security-alerts/cpujan2026.html"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Oracle Communications producten",
    "tracking": {
      "current_release_date": "2026-01-21T09:25:39.876330Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2026-0022",
      "initial_release_date": "2026-01-21T09:25:39.876330Z",
      "revision_history": [
        {
          "date": "2026-01-21T09:25:39.876330Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "Communications"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Cloud Native Session Border Controller"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications ASAP"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-4"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications BRM - Elastic Charging Engine"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-5"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Billing and Revenue Management"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-6"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Element Manager"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-7"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications IP Service Activator"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-8"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Network Analytics Data Director"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-9"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Network Integrity"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-10"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Operations Monitor"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-11"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Order and Service Management"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-12"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Policy Management"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-13"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Pricing Design Center"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-14"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Session Border Controller"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-15"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Session Report Manager"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-16"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Unified Assurance"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-17"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Communications Unified Inventory Management"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-18"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Enterprise Communications Broker"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-12133",
      "cwe": {
        "id": "CWE-407",
        "name": "Inefficient Algorithmic Complexity"
      },
      "notes": [
        {
          "category": "other",
          "text": "Inefficient Algorithmic Complexity",
          "title": "CWE-407"
        },
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Oracle Communications products and GNU libtasn1 versions could allow unauthenticated attackers to execute partial denial of service attacks, with CVSS scores of 5.3 for affected versions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-12133 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-12133.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2024-12133"
    },
    {
      "cve": "CVE-2024-46901",
      "cwe": {
        "id": "CWE-116",
        "name": "Improper Encoding or Escaping of Output"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Encoding or Escaping of Output",
          "title": "CWE-116"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Communications Unified Assurance and Apache Subversion, including denial-of-service risks and insufficient filename validation, highlight critical security concerns across multiple versions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-46901 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-46901.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2024-46901"
    },
    {
      "cve": "CVE-2025-5115",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2 and unauthenticated issues in Oracle products, can lead to denial of service across various platforms such as Eclipse Jetty and SAP Commerce Cloud.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-5115 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5115.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-5115"
    },
    {
      "cve": "CVE-2025-5318",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across MySQL Workbench, Oracle Communications Policy Management, and libssh expose sensitive data and integrity risks, with CVSS scores of 5.4 and moderate severity for certain libssh flaws.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-5318 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5318.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-5318"
    },
    {
      "cve": "CVE-2025-5987",
      "cwe": {
        "id": "CWE-393",
        "name": "Return of Wrong Status Code"
      },
      "notes": [
        {
          "category": "other",
          "text": "Return of Wrong Status Code",
          "title": "CWE-393"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities in Oracle Communications products and libssh could allow low privileged attackers to manipulate data, disclose sensitive information, or cause system disruptions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:A/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-5987 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5987.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-5987"
    },
    {
      "cve": "CVE-2025-8194",
      "cwe": {
        "id": "CWE-835",
        "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
          "title": "CWE-835"
        },
        {
          "category": "description",
          "text": "Recent updates for Python 3 address multiple vulnerabilities, including denial of service risks in the tarfile module and HTML parsing, affecting various versions and leading to potential infinite loops and deadlocks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-8194 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8194.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-8194"
    },
    {
      "cve": "CVE-2025-8916",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities have been identified across various products, including Bouncy Castle for Java, Oracle Communications, and Siebel CRM, allowing for excessive resource allocation and potential denial of service by unauthenticated attackers.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/S:P/R:U/RE:M/U:Amber",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-8916 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-8916.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-8916"
    },
    {
      "cve": "CVE-2025-9900",
      "cwe": {
        "id": "CWE-123",
        "name": "Write-what-where Condition"
      },
      "notes": [
        {
          "category": "other",
          "text": "Write-what-where Condition",
          "title": "CWE-123"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Communications Policy Management and Libtiff, including a critical flaw in Libtiff allowing memory manipulation, pose significant risks to system integrity and confidentiality.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-9900 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-9900.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-9900"
    },
    {
      "cve": "CVE-2025-25193",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "description",
          "text": "Recent updates reveal critical vulnerabilities in Netty and various Oracle products, primarily leading to denial of service risks due to unsafe file handling and low privilege exploitability.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-25193 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-25193.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-25193"
    },
    {
      "cve": "CVE-2025-26333",
      "cwe": {
        "id": "CWE-209",
        "name": "Generation of Error Message Containing Sensitive Information"
      },
      "notes": [
        {
          "category": "other",
          "text": "Generation of Error Message Containing Sensitive Information",
          "title": "CWE-209"
        },
        {
          "category": "description",
          "text": "Oracle Database Server and Oracle GoldenGate have Security-in-Depth issues related to Dell BSAFE Crypto-J, which cannot be exploited within their respective contexts, although error messages may expose sensitive information.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-26333 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-26333.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-26333"
    },
    {
      "cve": "CVE-2025-27533",
      "cwe": {
        "id": "CWE-789",
        "name": "Memory Allocation with Excessive Size Value"
      },
      "notes": [
        {
          "category": "other",
          "text": "Memory Allocation with Excessive Size Value",
          "title": "CWE-789"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Apache ActiveMQ and Oracle products allow unauthenticated attackers to exploit denial of service (DoS) conditions through various network access methods, affecting several versions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:A/V:D/RE:M/U:Red",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-27533 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-27533.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-27533"
    },
    {
      "cve": "CVE-2025-32988",
      "cwe": {
        "id": "CWE-415",
        "name": "Double Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Double Free",
          "title": "CWE-415"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities have been identified in Oracle Cloud Native Session Border Controller, Oracle Communications Unified Inventory Management, and GnuTLS, allowing for denial of service and unauthorized data access or modification.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-32988 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32988.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-32988"
    },
    {
      "cve": "CVE-2025-32990",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Communications products and GnuTLS\u0027s certtool utility expose systems to denial-of-service and unauthorized data access, with CVSS scores of 8.2 for Oracle and critical heap buffer overflow issues in GnuTLS.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-32990 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-32990.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-32990"
    },
    {
      "cve": "CVE-2025-41249",
      "cwe": {
        "id": "CWE-285",
        "name": "Improper Authorization"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Authorization",
          "title": "CWE-285"
        },
        {
          "category": "other",
          "text": "Incorrect Authorization",
          "title": "CWE-863"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-41249 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41249.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-41249"
    },
    {
      "cve": "CVE-2025-46727",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Rack and Oracle Communications Unified Assurance allow denial of service through unbounded parameter parsing and unauthenticated HTTP requests, affecting multiple versions and leading to potential memory exhaustion.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46727 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46727.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-46727"
    },
    {
      "cve": "CVE-2025-48060",
      "cwe": {
        "id": "CWE-121",
        "name": "Stack-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Stack-based Buffer Overflow",
          "title": "CWE-121"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "other",
          "text": "Buffer Over-read",
          "title": "CWE-126"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Cloud Native Session Border Controller and the jq command-line JSON processor expose systems to denial of service attacks, with significant severity ratings.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-48060 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48060.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-48060"
    },
    {
      "cve": "CVE-2025-48734",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "description",
          "text": "Recent updates to Apache Commons BeanUtils and Oracle products address multiple vulnerabilities, including remote code execution and system compromise risks, affecting various versions and components.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-48734 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48734.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-48734"
    },
    {
      "cve": "CVE-2025-48924",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Recursion",
          "title": "CWE-674"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-48924 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-48924"
    },
    {
      "cve": "CVE-2025-48976",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "description",
          "text": "Multiple denial-of-service vulnerabilities have been identified in Oracle Application Testing Suite, Oracle Agile PLM, Apache Commons FileUpload, and HPE IceWall Identity Manager, with CVSS scores of 7.5 for some products.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-48976 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-48976"
    },
    {
      "cve": "CVE-2025-49844",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "description",
          "text": "Redis versions 8.2.1 and below, along with valkey version 8.0.6, have vulnerabilities in the Lua scripting engine that can lead to remote code execution, with fixes available in newer versions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-49844 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-49844.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-49844"
    },
    {
      "cve": "CVE-2025-54571",
      "cwe": {
        "id": "CWE-252",
        "name": "Unchecked Return Value"
      },
      "notes": [
        {
          "category": "other",
          "text": "Unchecked Return Value",
          "title": "CWE-252"
        },
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle HTTP Server and ModSecurity allow for denial of service and potential XSS attacks, affecting specific versions with significant severity scores.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-54571 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54571.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-54571"
    },
    {
      "cve": "CVE-2025-55163",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Recent updates to Netty and Oracle Communications products address critical vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2, which can lead to denial of service and resource exhaustion.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-55163 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-55163"
    },
    {
      "cve": "CVE-2025-58057",
      "cwe": {
        "id": "CWE-409",
        "name": "Improper Handling of Highly Compressed Data (Data Amplification)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Handling of Highly Compressed Data (Data Amplification)",
          "title": "CWE-409"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across various products, including the `BrotliDecoder`, Oracle Communications Cloud Native Core Policy, and HPE Telco Intelligent Assurance, can lead to denial of service (DoS) through excessive resource allocation or malformed inputs.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-58057 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58057.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-58057"
    },
    {
      "cve": "CVE-2025-58098",
      "cwe": {
        "id": "CWE-201",
        "name": "Insertion of Sensitive Information Into Sent Data"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insertion of Sensitive Information Into Sent Data",
          "title": "CWE-201"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Communications Unified Assurance and Apache HTTP Server versions prior to 2.4.66 expose systems to unauthorized access and denial of service risks, with CVSS scores indicating moderate severity.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-58098 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-58098.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-58098"
    },
    {
      "cve": "CVE-2025-59375",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities, including a memory amplification issue in libexpat and a DoS vulnerability in Oracle Communications Network Analytics, can lead to denial-of-service attacks without enabling arbitrary code execution.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-59375 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59375.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-59375"
    },
    {
      "cve": "CVE-2025-61795",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Apache Tomcat and Oracle Communications Unified Assurance have critical vulnerabilities related to Denial of Service (DoS) risks, affecting multiple versions and requiring updates to address issues like improper resource shutdown and HTTP access exploitation.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-61795 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-61795.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-61795"
    },
    {
      "cve": "CVE-2025-64718",
      "cwe": {
        "id": "CWE-1321",
        "name": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improperly Controlled Modification of Object Prototype Attributes (\u0027Prototype Pollution\u0027)",
          "title": "CWE-1321"
        },
        {
          "category": "description",
          "text": "Vulnerabilities in js-yaml and Oracle Communications Unified Assurance products allow for prototype pollution and system compromise, respectively, with specific versions affected and available patches.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-64718 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-64718.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-64718"
    },
    {
      "cve": "CVE-2025-65018",
      "cwe": {
        "id": "CWE-122",
        "name": "Heap-based Buffer Overflow"
      },
      "notes": [
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Communications Unified Assurance and libpng affect data integrity and system availability, with specific issues including buffer overflows and unauthorized access in various versions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-65018 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-65018.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-65018"
    },
    {
      "cve": "CVE-2025-66418",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "The urllib3 library had a vulnerability allowing unbounded decompression chains, leading to potential Denial of Service (DoS) attacks due to excessive CPU and memory usage, fixed in version 2.6.0.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:H",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-66418 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66418.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-66418"
    },
    {
      "cve": "CVE-2025-66516",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of XML External Entity Reference",
          "title": "CWE-611"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Apache Tika has a critical XML External Entity (XXE) injection vulnerability affecting multiple modules, particularly in PDF parsing, allowing remote attackers to exploit crafted files for sensitive information disclosure or remote code execution.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-66516 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66516.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-66516"
    },
    {
      "cve": "CVE-2025-68161",
      "cwe": {
        "id": "CWE-297",
        "name": "Improper Validation of Certificate with Host Mismatch"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Validation of Certificate with Host Mismatch",
          "title": "CWE-297"
        },
        {
          "category": "other",
          "text": "Improper Certificate Validation",
          "title": "CWE-295"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Apache Log4j Core versions 2.0-beta9 to 2.25.2 lack TLS hostname verification in the Socket Appender, while Oracle\u0027s Primavera Gateway has a vulnerability allowing unauthenticated access via TLS.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-68161 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-68161.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18"
          ]
        }
      ],
      "title": "CVE-2025-68161"
    }
  ]
}

NCSC-2026-0027

Vulnerability from csaf_ncscnl - Published: 2026-01-21 10:08 - Updated: 2026-01-21 10:08

Summary

Kwetsbaarheden verholpen in Oracle Fusion Middleware

Notes

Feiten: Oracle heeft kwetsbaarheden verholpen in verschillende producten, waaronder Oracle HTTP Server, Oracle WebLogic Server, en Oracle Fusion Middleware.

Interpretaties: De kwetsbaarheden in de Oracle producten stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot gevoelige gegevens, Denial-of-Service (DoS) aanvallen uit te voeren, en de integriteit van systemen te compromitteren. Specifieke kwetsbaarheden omvatten onjuist beheer van HTTP-headers, ongecontroleerde recursie, en onvoldoende bufferbeperkingen, wat kan leiden tot systeemcrashes en gegevensverlies.

Oplossingen: Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-20: Improper Input Validation

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-94: Improper Control of Generation of Code ('Code Injection')

CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')

CWE-117: Improper Output Neutralization for Logs

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-122: Heap-based Buffer Overflow

CWE-125: Out-of-bounds Read

CWE-150: Improper Neutralization of Escape, Meta, or Control Sequences

CWE-209: Generation of Error Message Containing Sensitive Information

CWE-252: Unchecked Return Value

CWE-284: Improper Access Control

CWE-285: Improper Authorization

CWE-289: Authentication Bypass by Alternate Name

CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CWE-400: Uncontrolled Resource Consumption

CWE-404: Improper Resource Shutdown or Release

CWE-457: Use of Uninitialized Variable

CWE-476: NULL Pointer Dereference

CWE-611: Improper Restriction of XML External Entity Reference

CWE-674: Uncontrolled Recursion

CWE-770: Allocation of Resources Without Limits or Throttling

CWE-787: Out-of-bounds Write

CWE-827: Improper Control of Document Type Definition

CWE-843: Access of Resource Using Incompatible Type ('Type Confusion')

CWE-863: Incorrect Authorization

CWE-918: Server-Side Request Forgery (SSRF)

CWE-937: CWE-937

CWE-1035: CWE-1035

CVE-2021-45105

Multiple vulnerabilities across Apache Log4j, Oracle products, and various dependencies expose systems to denial-of-service and remote code execution risks, necessitating updates to secure versions.

10.0 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-674 - Uncontrolled Recursion

Affected products

Known affected 20 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Data Integrator		vers:unknown/*
vers:unknown/* Oracle / Fusion Middleware		vers:unknown/*
vers:unknown/* Oracle / Identity Manager Connector		vers:unknown/*
vers:unknown/* Oracle / Managed File Transfer		vers:unknown/*
vers:unknown/* Oracle / Oracle Business Process Management Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Oracle Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Outside In Technology		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle Service Bus		vers:unknown/*
vers:unknown/* Oracle / Oracle Unified Directory		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Enterprise Capture		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Service Delivery Platform		vers:unknown/*
vers:unknown/* Oracle / WebCenter Sites		vers:unknown/*

CVE-2022-41342

Recent vulnerabilities in Oracle products, including the Oracle HTTP Server and Database, allow for potential privilege escalation, remote code execution, and denial of service, with varying CVSS scores indicating significant risk.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Known affected 20 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Data Integrator		vers:unknown/*
vers:unknown/* Oracle / Fusion Middleware		vers:unknown/*
vers:unknown/* Oracle / Identity Manager Connector		vers:unknown/*
vers:unknown/* Oracle / Managed File Transfer		vers:unknown/*
vers:unknown/* Oracle / Oracle Business Process Management Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Oracle Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Outside In Technology		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle Service Bus		vers:unknown/*
vers:unknown/* Oracle / Oracle Unified Directory		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Enterprise Capture		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Service Delivery Platform		vers:unknown/*
vers:unknown/* Oracle / WebCenter Sites		vers:unknown/*

CVE-2024-13009

Recent vulnerabilities in Oracle JD Edwards, Oracle Middleware, Eclipse Jetty, HPE Telco IP Mediation, and SAP Commerce Cloud expose systems to unauthorized access and data corruption, with CVSS scores reaching 7.2.

7.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

CWE-404 - Improper Resource Shutdown or Release

Affected products

Known affected 20 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Data Integrator		vers:unknown/*
vers:unknown/* Oracle / Fusion Middleware		vers:unknown/*
vers:unknown/* Oracle / Identity Manager Connector		vers:unknown/*
vers:unknown/* Oracle / Managed File Transfer		vers:unknown/*
vers:unknown/* Oracle / Oracle Business Process Management Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Oracle Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Outside In Technology		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle Service Bus		vers:unknown/*
vers:unknown/* Oracle / Oracle Unified Directory		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Enterprise Capture		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Service Delivery Platform		vers:unknown/*
vers:unknown/* Oracle / WebCenter Sites		vers:unknown/*

CVE-2024-42516

Multiple vulnerabilities in Apache HTTP Server and Oracle HTTP Server, including CVE-2023-38709 and CVE-2024-42516, expose systems to risks such as HTTP response splitting, SSRF, and unauthorized access.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-20 - Improper Input Validation

Affected products

Known affected 20 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Data Integrator		vers:unknown/*
vers:unknown/* Oracle / Fusion Middleware		vers:unknown/*
vers:unknown/* Oracle / Identity Manager Connector		vers:unknown/*
vers:unknown/* Oracle / Managed File Transfer		vers:unknown/*
vers:unknown/* Oracle / Oracle Business Process Management Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Oracle Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Outside In Technology		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle Service Bus		vers:unknown/*
vers:unknown/* Oracle / Oracle Unified Directory		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Enterprise Capture		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Service Delivery Platform		vers:unknown/*
vers:unknown/* Oracle / WebCenter Sites		vers:unknown/*

CVE-2024-43204

Apache HTTP Server versions prior to 2.4.64 are vulnerable to multiple security issues, including SSRF and HTTP response splitting, affecting mod_proxy and mod_headers configurations, with critical vulnerabilities also identified in Oracle HTTP Server.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-918 - Server-Side Request Forgery (SSRF)

Affected products

Known affected 20 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Data Integrator		vers:unknown/*
vers:unknown/* Oracle / Fusion Middleware		vers:unknown/*
vers:unknown/* Oracle / Identity Manager Connector		vers:unknown/*
vers:unknown/* Oracle / Managed File Transfer		vers:unknown/*
vers:unknown/* Oracle / Oracle Business Process Management Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Oracle Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Outside In Technology		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle Service Bus		vers:unknown/*
vers:unknown/* Oracle / Oracle Unified Directory		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Enterprise Capture		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Service Delivery Platform		vers:unknown/*
vers:unknown/* Oracle / WebCenter Sites		vers:unknown/*

CVE-2024-47252

Multiple vulnerabilities in Apache HTTP Server versions 2.4.63 and earlier, including insufficient escaping in mod_ssl, allow untrusted clients to compromise log integrity and potentially lead to unauthorized access and denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CWE-150 - Improper Neutralization of Escape, Meta, or Control Sequences

Affected products

Known affected 20 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Data Integrator		vers:unknown/*
vers:unknown/* Oracle / Fusion Middleware		vers:unknown/*
vers:unknown/* Oracle / Identity Manager Connector		vers:unknown/*
vers:unknown/* Oracle / Managed File Transfer		vers:unknown/*
vers:unknown/* Oracle / Oracle Business Process Management Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Oracle Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Outside In Technology		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle Service Bus		vers:unknown/*
vers:unknown/* Oracle / Oracle Unified Directory		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Enterprise Capture		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Service Delivery Platform		vers:unknown/*
vers:unknown/* Oracle / WebCenter Sites		vers:unknown/*

CVE-2024-47554

Multiple vulnerabilities across Oracle Middleware, Documaker, and Apache Commons IO allow for denial of service attacks, with CVSS scores ranging from 4.3 to 7.5, affecting various versions of these products.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 20 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Data Integrator		vers:unknown/*
vers:unknown/* Oracle / Fusion Middleware		vers:unknown/*
vers:unknown/* Oracle / Identity Manager Connector		vers:unknown/*
vers:unknown/* Oracle / Managed File Transfer		vers:unknown/*
vers:unknown/* Oracle / Oracle Business Process Management Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Oracle Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Outside In Technology		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle Service Bus		vers:unknown/*
vers:unknown/* Oracle / Oracle Unified Directory		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Enterprise Capture		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Service Delivery Platform		vers:unknown/*
vers:unknown/* Oracle / WebCenter Sites		vers:unknown/*

CVE-2024-56406

Multiple vulnerabilities in Oracle Fusion Middleware and Perl, including heap buffer overflows and denial of service risks, affect various versions, with CVSS scores indicating significant severity.

8.6 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

CWE-787 - Out-of-bounds Write

Affected products

Known affected 20 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Data Integrator		vers:unknown/*
vers:unknown/* Oracle / Fusion Middleware		vers:unknown/*
vers:unknown/* Oracle / Identity Manager Connector		vers:unknown/*
vers:unknown/* Oracle / Managed File Transfer		vers:unknown/*
vers:unknown/* Oracle / Oracle Business Process Management Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Oracle Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Outside In Technology		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle Service Bus		vers:unknown/*
vers:unknown/* Oracle / Oracle Unified Directory		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Enterprise Capture		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Service Delivery Platform		vers:unknown/*
vers:unknown/* Oracle / WebCenter Sites		vers:unknown/*

CVE-2025-4949

Multiple vulnerabilities across Oracle Database Server, Oracle Fusion Middleware, and Eclipse JGit expose systems to unauthorized access, severe impacts, and information disclosure through various attack vectors.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-611 - Improper Restriction of XML External Entity Reference

Affected products

Known affected 20 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Data Integrator		vers:unknown/*
vers:unknown/* Oracle / Fusion Middleware		vers:unknown/*
vers:unknown/* Oracle / Identity Manager Connector		vers:unknown/*
vers:unknown/* Oracle / Managed File Transfer		vers:unknown/*
vers:unknown/* Oracle / Oracle Business Process Management Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Oracle Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Outside In Technology		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle Service Bus		vers:unknown/*
vers:unknown/* Oracle / Oracle Unified Directory		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Enterprise Capture		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Service Delivery Platform		vers:unknown/*
vers:unknown/* Oracle / WebCenter Sites		vers:unknown/*

CVE-2025-5115

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 20 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Data Integrator		vers:unknown/*
vers:unknown/* Oracle / Fusion Middleware		vers:unknown/*
vers:unknown/* Oracle / Identity Manager Connector		vers:unknown/*
vers:unknown/* Oracle / Managed File Transfer		vers:unknown/*
vers:unknown/* Oracle / Oracle Business Process Management Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Oracle Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Outside In Technology		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle Service Bus		vers:unknown/*
vers:unknown/* Oracle / Oracle Unified Directory		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Enterprise Capture		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Service Delivery Platform		vers:unknown/*
vers:unknown/* Oracle / WebCenter Sites		vers:unknown/*

CVE-2025-12383

Oracle Database Server versions 23.4.0-23.26.0 have a vulnerability in the Fleet Patching and Provisioning component, while Eclipse Jersey versions 2.45, 3.0.16, and 3.1.9 may ignore critical SSL configurations due to a race condition.

8.7 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Affected products

Known affected 20 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Data Integrator		vers:unknown/*
vers:unknown/* Oracle / Fusion Middleware		vers:unknown/*
vers:unknown/* Oracle / Identity Manager Connector		vers:unknown/*
vers:unknown/* Oracle / Managed File Transfer		vers:unknown/*
vers:unknown/* Oracle / Oracle Business Process Management Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Oracle Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Outside In Technology		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle Service Bus		vers:unknown/*
vers:unknown/* Oracle / Oracle Unified Directory		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Enterprise Capture		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Service Delivery Platform		vers:unknown/*
vers:unknown/* Oracle / WebCenter Sites		vers:unknown/*

CVE-2025-23048

Multiple vulnerabilities in Apache HTTP Server versions 2.4.35 to 2.4.63 and Oracle HTTP Server allow unauthorized access, data modification, and denial of service, particularly through TLS session resumption and other exploit vectors.

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE-284 - Improper Access Control

Affected products

Known affected 20 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Data Integrator		vers:unknown/*
vers:unknown/* Oracle / Fusion Middleware		vers:unknown/*
vers:unknown/* Oracle / Identity Manager Connector		vers:unknown/*
vers:unknown/* Oracle / Managed File Transfer		vers:unknown/*
vers:unknown/* Oracle / Oracle Business Process Management Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Oracle Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Outside In Technology		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle Service Bus		vers:unknown/*
vers:unknown/* Oracle / Oracle Unified Directory		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Enterprise Capture		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Service Delivery Platform		vers:unknown/*
vers:unknown/* Oracle / WebCenter Sites		vers:unknown/*

CVE-2025-26333

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-209 - Generation of Error Message Containing Sensitive Information

Affected products

Known affected 20 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Data Integrator		vers:unknown/*
vers:unknown/* Oracle / Fusion Middleware		vers:unknown/*
vers:unknown/* Oracle / Identity Manager Connector		vers:unknown/*
vers:unknown/* Oracle / Managed File Transfer		vers:unknown/*
vers:unknown/* Oracle / Oracle Business Process Management Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Oracle Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Outside In Technology		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle Service Bus		vers:unknown/*
vers:unknown/* Oracle / Oracle Unified Directory		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Enterprise Capture		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Service Delivery Platform		vers:unknown/*
vers:unknown/* Oracle / WebCenter Sites		vers:unknown/*

CVE-2025-31672

Multiple vulnerabilities have been identified across various Oracle and Apache POI products, including improper input validation and unauthorized data access, affecting versions 5.4.0 and earlier, with CVSS scores of 5.3.

6.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

CWE-20 - Improper Input Validation

Affected products

Known affected 20 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Data Integrator		vers:unknown/*
vers:unknown/* Oracle / Fusion Middleware		vers:unknown/*
vers:unknown/* Oracle / Identity Manager Connector		vers:unknown/*
vers:unknown/* Oracle / Managed File Transfer		vers:unknown/*
vers:unknown/* Oracle / Oracle Business Process Management Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Oracle Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Outside In Technology		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle Service Bus		vers:unknown/*
vers:unknown/* Oracle / Oracle Unified Directory		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Enterprise Capture		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Service Delivery Platform		vers:unknown/*
vers:unknown/* Oracle / WebCenter Sites		vers:unknown/*

CVE-2025-41248

Recent vulnerabilities in Oracle Financial Services Model Management and Spring Framework versions expose critical data and may lead to authorization bypass, with significant confidentiality impacts.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-289 - Authentication Bypass by Alternate Name

Affected products

Known affected 20 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Data Integrator		vers:unknown/*
vers:unknown/* Oracle / Fusion Middleware		vers:unknown/*
vers:unknown/* Oracle / Identity Manager Connector		vers:unknown/*
vers:unknown/* Oracle / Managed File Transfer		vers:unknown/*
vers:unknown/* Oracle / Oracle Business Process Management Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Oracle Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Outside In Technology		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle Service Bus		vers:unknown/*
vers:unknown/* Oracle / Oracle Unified Directory		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Enterprise Capture		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Service Delivery Platform		vers:unknown/*
vers:unknown/* Oracle / WebCenter Sites		vers:unknown/*

CVE-2025-41249

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-285 - Improper Authorization

Affected products

Known affected 20 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Data Integrator		vers:unknown/*
vers:unknown/* Oracle / Fusion Middleware		vers:unknown/*
vers:unknown/* Oracle / Identity Manager Connector		vers:unknown/*
vers:unknown/* Oracle / Managed File Transfer		vers:unknown/*
vers:unknown/* Oracle / Oracle Business Process Management Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Oracle Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Outside In Technology		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle Service Bus		vers:unknown/*
vers:unknown/* Oracle / Oracle Unified Directory		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Enterprise Capture		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Service Delivery Platform		vers:unknown/*
vers:unknown/* Oracle / WebCenter Sites		vers:unknown/*

CVE-2025-43967

Oracle Hyperion Financial Reporting (version 11.2.23) has a denial of service vulnerability (CVSS 7.5), while libheif library versions prior to 1.19.6 have a NULL pointer dereference issue in the ImageItem_Grid::get_decoder function.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-476 - NULL Pointer Dereference

Affected products

Known affected 20 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Data Integrator		vers:unknown/*
vers:unknown/* Oracle / Fusion Middleware		vers:unknown/*
vers:unknown/* Oracle / Identity Manager Connector		vers:unknown/*
vers:unknown/* Oracle / Managed File Transfer		vers:unknown/*
vers:unknown/* Oracle / Oracle Business Process Management Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Oracle Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Outside In Technology		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle Service Bus		vers:unknown/*
vers:unknown/* Oracle / Oracle Unified Directory		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Enterprise Capture		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Service Delivery Platform		vers:unknown/*
vers:unknown/* Oracle / WebCenter Sites		vers:unknown/*

CVE-2025-48924

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CWE-674 - Uncontrolled Recursion

Affected products

Known affected 20 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Data Integrator		vers:unknown/*
vers:unknown/* Oracle / Fusion Middleware		vers:unknown/*
vers:unknown/* Oracle / Identity Manager Connector		vers:unknown/*
vers:unknown/* Oracle / Managed File Transfer		vers:unknown/*
vers:unknown/* Oracle / Oracle Business Process Management Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Oracle Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Outside In Technology		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle Service Bus		vers:unknown/*
vers:unknown/* Oracle / Oracle Unified Directory		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Enterprise Capture		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Service Delivery Platform		vers:unknown/*
vers:unknown/* Oracle / WebCenter Sites		vers:unknown/*

CVE-2025-48976

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 20 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Data Integrator		vers:unknown/*
vers:unknown/* Oracle / Fusion Middleware		vers:unknown/*
vers:unknown/* Oracle / Identity Manager Connector		vers:unknown/*
vers:unknown/* Oracle / Managed File Transfer		vers:unknown/*
vers:unknown/* Oracle / Oracle Business Process Management Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Oracle Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Outside In Technology		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle Service Bus		vers:unknown/*
vers:unknown/* Oracle / Oracle Unified Directory		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Enterprise Capture		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Service Delivery Platform		vers:unknown/*
vers:unknown/* Oracle / WebCenter Sites		vers:unknown/*

CVE-2025-49796

Multiple vulnerabilities across Oracle Banking Branch and Oracle Communications Cloud Native Core Certificate Management products, as well as libxml2, could lead to critical data compromise and denial of service, with CVSS scores reaching 9.1.

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE-125 - Out-of-bounds Read

Affected products

Known affected 20 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Data Integrator		vers:unknown/*
vers:unknown/* Oracle / Fusion Middleware		vers:unknown/*
vers:unknown/* Oracle / Identity Manager Connector		vers:unknown/*
vers:unknown/* Oracle / Managed File Transfer		vers:unknown/*
vers:unknown/* Oracle / Oracle Business Process Management Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Oracle Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Outside In Technology		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle Service Bus		vers:unknown/*
vers:unknown/* Oracle / Oracle Unified Directory		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Enterprise Capture		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Service Delivery Platform		vers:unknown/*
vers:unknown/* Oracle / WebCenter Sites		vers:unknown/*

CVE-2025-53864

Multiple vulnerabilities across Oracle WebLogic Server, Oracle GoldenGate, and Connect2id Nimbus JOSE + JWT allow unauthenticated attackers to exploit denial of service conditions, affecting various versions with CVSS scores of 5.8.

5.8 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

CWE-674 - Uncontrolled Recursion

Affected products

Known affected 20 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Data Integrator		vers:unknown/*
vers:unknown/* Oracle / Fusion Middleware		vers:unknown/*
vers:unknown/* Oracle / Identity Manager Connector		vers:unknown/*
vers:unknown/* Oracle / Managed File Transfer		vers:unknown/*
vers:unknown/* Oracle / Oracle Business Process Management Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Oracle Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Outside In Technology		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle Service Bus		vers:unknown/*
vers:unknown/* Oracle / Oracle Unified Directory		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Enterprise Capture		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Service Delivery Platform		vers:unknown/*
vers:unknown/* Oracle / WebCenter Sites		vers:unknown/*

CVE-2025-54571

Recent vulnerabilities in Oracle HTTP Server and ModSecurity allow for denial of service and potential XSS attacks, affecting specific versions with significant severity scores.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-252 - Unchecked Return Value

Affected products

Known affected 20 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Data Integrator		vers:unknown/*
vers:unknown/* Oracle / Fusion Middleware		vers:unknown/*
vers:unknown/* Oracle / Identity Manager Connector		vers:unknown/*
vers:unknown/* Oracle / Managed File Transfer		vers:unknown/*
vers:unknown/* Oracle / Oracle Business Process Management Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Oracle Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Outside In Technology		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle Service Bus		vers:unknown/*
vers:unknown/* Oracle / Oracle Unified Directory		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Enterprise Capture		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Service Delivery Platform		vers:unknown/*
vers:unknown/* Oracle / WebCenter Sites		vers:unknown/*

CVE-2025-54874

Oracle Fusion Middleware has a critical vulnerability (CVSS 9.8) allowing unauthenticated access, while OpenJPEG versions 2.5.1 to 2.5.3 contain a flaw leading to out-of-bounds heap memory writes.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-457 - Use of Uninitialized Variable

Affected products

Known affected 20 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Data Integrator		vers:unknown/*
vers:unknown/* Oracle / Fusion Middleware		vers:unknown/*
vers:unknown/* Oracle / Identity Manager Connector		vers:unknown/*
vers:unknown/* Oracle / Managed File Transfer		vers:unknown/*
vers:unknown/* Oracle / Oracle Business Process Management Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Oracle Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Outside In Technology		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle Service Bus		vers:unknown/*
vers:unknown/* Oracle / Oracle Unified Directory		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Enterprise Capture		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Service Delivery Platform		vers:unknown/*
vers:unknown/* Oracle / WebCenter Sites		vers:unknown/*

CVE-2025-54988

Apache Tika versions 1.13 to 3.2.1 have a critical XXE vulnerability, while Oracle PeopleSoft's OpenSearch component in versions 8.60 to 8.62 is also affected by an easily exploitable vulnerability.

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-611 - Improper Restriction of XML External Entity Reference

Affected products

Known affected 20 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Data Integrator		vers:unknown/*
vers:unknown/* Oracle / Fusion Middleware		vers:unknown/*
vers:unknown/* Oracle / Identity Manager Connector		vers:unknown/*
vers:unknown/* Oracle / Managed File Transfer		vers:unknown/*
vers:unknown/* Oracle / Oracle Business Process Management Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Oracle Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Outside In Technology		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle Service Bus		vers:unknown/*
vers:unknown/* Oracle / Oracle Unified Directory		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Enterprise Capture		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Service Delivery Platform		vers:unknown/*
vers:unknown/* Oracle / WebCenter Sites		vers:unknown/*

CVE-2025-55163

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 20 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Data Integrator		vers:unknown/*
vers:unknown/* Oracle / Fusion Middleware		vers:unknown/*
vers:unknown/* Oracle / Identity Manager Connector		vers:unknown/*
vers:unknown/* Oracle / Managed File Transfer		vers:unknown/*
vers:unknown/* Oracle / Oracle Business Process Management Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Oracle Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Outside In Technology		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle Service Bus		vers:unknown/*
vers:unknown/* Oracle / Oracle Unified Directory		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Enterprise Capture		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Service Delivery Platform		vers:unknown/*
vers:unknown/* Oracle / WebCenter Sites		vers:unknown/*

CVE-2025-59375

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 20 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Data Integrator		vers:unknown/*
vers:unknown/* Oracle / Fusion Middleware		vers:unknown/*
vers:unknown/* Oracle / Identity Manager Connector		vers:unknown/*
vers:unknown/* Oracle / Managed File Transfer		vers:unknown/*
vers:unknown/* Oracle / Oracle Business Process Management Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Oracle Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Outside In Technology		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle Service Bus		vers:unknown/*
vers:unknown/* Oracle / Oracle Unified Directory		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Enterprise Capture		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Service Delivery Platform		vers:unknown/*
vers:unknown/* Oracle / WebCenter Sites		vers:unknown/*

CVE-2025-66516

10.0 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-611 - Improper Restriction of XML External Entity Reference

Affected products

Known affected 20 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Data Integrator		vers:unknown/*
vers:unknown/* Oracle / Fusion Middleware		vers:unknown/*
vers:unknown/* Oracle / Identity Manager Connector		vers:unknown/*
vers:unknown/* Oracle / Managed File Transfer		vers:unknown/*
vers:unknown/* Oracle / Oracle Business Process Management Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Oracle Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Outside In Technology		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle Service Bus		vers:unknown/*
vers:unknown/* Oracle / Oracle Unified Directory		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Enterprise Capture		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Service Delivery Platform		vers:unknown/*
vers:unknown/* Oracle / WebCenter Sites		vers:unknown/*

CVE-2026-21962

A critical vulnerability in Oracle HTTP Server and Oracle Weblogic Server Proxy Plug-in allows unauthenticated attackers to compromise systems, affecting specific versions with a CVSS score of 10.0.

10.0 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

Affected products

Known affected 20 products

Product	Identifier	Version	Remediation
vers:unknown/* Oracle / Data Integrator		vers:unknown/*
vers:unknown/* Oracle / Fusion Middleware		vers:unknown/*
vers:unknown/* Oracle / Identity Manager Connector		vers:unknown/*
vers:unknown/* Oracle / Managed File Transfer		vers:unknown/*
vers:unknown/* Oracle / Oracle Business Process Management Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Coherence		vers:unknown/*
vers:unknown/* Oracle / Oracle Global Lifecycle Management NextGen OUI Framework		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server		vers:unknown/*
vers:unknown/* Oracle / Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Oracle Identity Manager		vers:unknown/*
vers:unknown/* Oracle / Oracle Outside In Technology		vers:unknown/*
vers:unknown/* Oracle / Oracle SOA Suite		vers:unknown/*
vers:unknown/* Oracle / Oracle Security Service		vers:unknown/*
vers:unknown/* Oracle / Oracle Service Bus		vers:unknown/*
vers:unknown/* Oracle / Oracle Unified Directory		vers:unknown/*
vers:unknown/* Oracle / Oracle WebCenter Enterprise Capture		vers:unknown/*
vers:unknown/* Oracle / Oracle WebLogic Server		vers:unknown/*
vers:unknown/* Oracle / Oracle Weblogic Server Proxy Plug-in		vers:unknown/*
vers:unknown/* Oracle / Service Delivery Platform		vers:unknown/*
vers:unknown/* Oracle / WebCenter Sites		vers:unknown/*

References

29 references

URL	Category
https://www.oracle.com/security-alerts/cpujan2026.html	external
https://vulnerabilities.ncsc.nl/csaf/v2/2021/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Oracle heeft kwetsbaarheden verholpen in verschillende producten, waaronder Oracle HTTP Server, Oracle WebLogic Server, en Oracle Fusion Middleware.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden in de Oracle producten stellen ongeauthenticeerde aanvallers in staat om toegang te krijgen tot gevoelige gegevens, Denial-of-Service (DoS) aanvallen uit te voeren, en de integriteit van systemen te compromitteren. Specifieke kwetsbaarheden omvatten onjuist beheer van HTTP-headers, ongecontroleerde recursie, en onvoldoende bufferbeperkingen, wat kan leiden tot systeemcrashes en gegevensverlies.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Oracle heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
        "title": "CWE-79"
      },
      {
        "category": "general",
        "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
        "title": "CWE-94"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)",
        "title": "CWE-113"
      },
      {
        "category": "general",
        "text": "Improper Output Neutralization for Logs",
        "title": "CWE-117"
      },
      {
        "category": "general",
        "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
        "title": "CWE-119"
      },
      {
        "category": "general",
        "text": "Heap-based Buffer Overflow",
        "title": "CWE-122"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Read",
        "title": "CWE-125"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Escape, Meta, or Control Sequences",
        "title": "CWE-150"
      },
      {
        "category": "general",
        "text": "Generation of Error Message Containing Sensitive Information",
        "title": "CWE-209"
      },
      {
        "category": "general",
        "text": "Unchecked Return Value",
        "title": "CWE-252"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      },
      {
        "category": "general",
        "text": "Improper Authorization",
        "title": "CWE-285"
      },
      {
        "category": "general",
        "text": "Authentication Bypass by Alternate Name",
        "title": "CWE-289"
      },
      {
        "category": "general",
        "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
        "title": "CWE-362"
      },
      {
        "category": "general",
        "text": "Uncontrolled Resource Consumption",
        "title": "CWE-400"
      },
      {
        "category": "general",
        "text": "Improper Resource Shutdown or Release",
        "title": "CWE-404"
      },
      {
        "category": "general",
        "text": "Use of Uninitialized Variable",
        "title": "CWE-457"
      },
      {
        "category": "general",
        "text": "NULL Pointer Dereference",
        "title": "CWE-476"
      },
      {
        "category": "general",
        "text": "Improper Restriction of XML External Entity Reference",
        "title": "CWE-611"
      },
      {
        "category": "general",
        "text": "Uncontrolled Recursion",
        "title": "CWE-674"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Write",
        "title": "CWE-787"
      },
      {
        "category": "general",
        "text": "Improper Control of Document Type Definition",
        "title": "CWE-827"
      },
      {
        "category": "general",
        "text": "Access of Resource Using Incompatible Type (\u0027Type Confusion\u0027)",
        "title": "CWE-843"
      },
      {
        "category": "general",
        "text": "Incorrect Authorization",
        "title": "CWE-863"
      },
      {
        "category": "general",
        "text": "Server-Side Request Forgery (SSRF)",
        "title": "CWE-918"
      },
      {
        "category": "general",
        "text": "CWE-937",
        "title": "CWE-937"
      },
      {
        "category": "general",
        "text": "CWE-1035",
        "title": "CWE-1035"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://www.oracle.com/security-alerts/cpujan2026.html"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Oracle Fusion Middleware",
    "tracking": {
      "current_release_date": "2026-01-21T10:08:59.379774Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2026-0027",
      "initial_release_date": "2026-01-21T10:08:59.379774Z",
      "revision_history": [
        {
          "date": "2026-01-21T10:08:59.379774Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "Data Integrator"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "Fusion Middleware"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": "Identity Manager Connector"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-4"
                }
              }
            ],
            "category": "product_name",
            "name": "Managed File Transfer"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-5"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Business Process Management Suite"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-6"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Coherence"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-7"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Global Lifecycle Management NextGen OUI Framework"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-8"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle HTTP Server"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-9"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle HTTP Server, Oracle Weblogic Server Proxy Plug-in"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-10"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Identity Manager"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-11"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Outside In Technology"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-12"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle SOA Suite"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-13"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Security Service"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-14"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Service Bus"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-15"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Unified Directory"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-16"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle WebCenter Enterprise Capture"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-17"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle WebLogic Server"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-18"
                }
              }
            ],
            "category": "product_name",
            "name": "Oracle Weblogic Server Proxy Plug-in"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-19"
                }
              }
            ],
            "category": "product_name",
            "name": "Service Delivery Platform"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-20"
                }
              }
            ],
            "category": "product_name",
            "name": "WebCenter Sites"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-45105",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Recursion",
          "title": "CWE-674"
        },
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
          "title": "CWE-94"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Apache Log4j, Oracle products, and various dependencies expose systems to denial-of-service and remote code execution risks, necessitating updates to secure versions.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2021-45105 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2021/cve-2021-45105.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20"
          ]
        }
      ],
      "title": "CVE-2021-45105"
    },
    {
      "cve": "CVE-2022-41342",
      "notes": [
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle products, including the Oracle HTTP Server and Database, allow for potential privilege escalation, remote code execution, and denial of service, with varying CVSS scores indicating significant risk.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2022-41342 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2022/cve-2022-41342.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20"
          ]
        }
      ],
      "title": "CVE-2022-41342"
    },
    {
      "cve": "CVE-2024-13009",
      "cwe": {
        "id": "CWE-404",
        "name": "Improper Resource Shutdown or Release"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Resource Shutdown or Release",
          "title": "CWE-404"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle JD Edwards, Oracle Middleware, Eclipse Jetty, HPE Telco IP Mediation, and SAP Commerce Cloud expose systems to unauthorized access and data corruption, with CVSS scores reaching 7.2.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-13009 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-13009.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.2,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20"
          ]
        }
      ],
      "title": "CVE-2024-13009"
    },
    {
      "cve": "CVE-2024-42516",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "other",
          "text": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)",
          "title": "CWE-113"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities in Apache HTTP Server and Oracle HTTP Server, including CVE-2023-38709 and CVE-2024-42516, expose systems to risks such as HTTP response splitting, SSRF, and unauthorized access.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-42516 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-42516.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20"
          ]
        }
      ],
      "title": "CVE-2024-42516"
    },
    {
      "cve": "CVE-2024-43204",
      "cwe": {
        "id": "CWE-918",
        "name": "Server-Side Request Forgery (SSRF)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Server-Side Request Forgery (SSRF)",
          "title": "CWE-918"
        },
        {
          "category": "description",
          "text": "Apache HTTP Server versions prior to 2.4.64 are vulnerable to multiple security issues, including SSRF and HTTP response splitting, affecting mod_proxy and mod_headers configurations, with critical vulnerabilities also identified in Oracle HTTP Server.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-43204 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-43204.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20"
          ]
        }
      ],
      "title": "CVE-2024-43204"
    },
    {
      "cve": "CVE-2024-47252",
      "cwe": {
        "id": "CWE-150",
        "name": "Improper Neutralization of Escape, Meta, or Control Sequences"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Escape, Meta, or Control Sequences",
          "title": "CWE-150"
        },
        {
          "category": "other",
          "text": "Improper Output Neutralization for Logs",
          "title": "CWE-117"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities in Apache HTTP Server versions 2.4.63 and earlier, including insufficient escaping in mod_ssl, allow untrusted clients to compromise log integrity and potentially lead to unauthorized access and denial of service.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-47252 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-47252.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20"
          ]
        }
      ],
      "title": "CVE-2024-47252"
    },
    {
      "cve": "CVE-2024-47554",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Oracle Middleware, Documaker, and Apache Commons IO allow for denial of service attacks, with CVSS scores ranging from 4.3 to 7.5, affecting various versions of these products.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-47554 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-47554.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20"
          ]
        }
      ],
      "title": "CVE-2024-47554"
    },
    {
      "cve": "CVE-2024-56406",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "other",
          "text": "Heap-based Buffer Overflow",
          "title": "CWE-122"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities in Oracle Fusion Middleware and Perl, including heap buffer overflows and denial of service risks, affect various versions, with CVSS scores indicating significant severity.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2024-56406 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2024/cve-2024-56406.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.6,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20"
          ]
        }
      ],
      "title": "CVE-2024-56406"
    },
    {
      "cve": "CVE-2025-4949",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of XML External Entity Reference",
          "title": "CWE-611"
        },
        {
          "category": "other",
          "text": "Improper Control of Document Type Definition",
          "title": "CWE-827"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Oracle Database Server, Oracle Fusion Middleware, and Eclipse JGit expose systems to unauthorized access, severe impacts, and information disclosure through various attack vectors.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:A/VC:H/VI:N/VA:N/SC:H/SI:N/SA:N/S:N/AU:Y/R:U/V:D/RE:L/U:Green",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-4949 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-4949.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20"
          ]
        }
      ],
      "title": "CVE-2025-4949"
    },
    {
      "cve": "CVE-2025-5115",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2 and unauthenticated issues in Oracle products, can lead to denial of service across various platforms such as Eclipse Jetty and SAP Commerce Cloud.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-5115 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-5115.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20"
          ]
        }
      ],
      "title": "CVE-2025-5115"
    },
    {
      "cve": "CVE-2025-12383",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Oracle Database Server versions 23.4.0-23.26.0 have a vulnerability in the Fleet Patching and Provisioning component, while Eclipse Jersey versions 2.45, 3.0.16, and 3.1.9 may ignore critical SSL configurations due to a race condition.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-12383 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-12383.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20"
          ]
        }
      ],
      "title": "CVE-2025-12383"
    },
    {
      "cve": "CVE-2025-23048",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities in Apache HTTP Server versions 2.4.35 to 2.4.63 and Oracle HTTP Server allow unauthorized access, data modification, and denial of service, particularly through TLS session resumption and other exploit vectors.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-23048 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-23048.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20"
          ]
        }
      ],
      "title": "CVE-2025-23048"
    },
    {
      "cve": "CVE-2025-26333",
      "cwe": {
        "id": "CWE-209",
        "name": "Generation of Error Message Containing Sensitive Information"
      },
      "notes": [
        {
          "category": "other",
          "text": "Generation of Error Message Containing Sensitive Information",
          "title": "CWE-209"
        },
        {
          "category": "description",
          "text": "Oracle Database Server and Oracle GoldenGate have Security-in-Depth issues related to Dell BSAFE Crypto-J, which cannot be exploited within their respective contexts, although error messages may expose sensitive information.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-26333 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-26333.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20"
          ]
        }
      ],
      "title": "CVE-2025-26333"
    },
    {
      "cve": "CVE-2025-31672",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities have been identified across various Oracle and Apache POI products, including improper input validation and unauthorized data access, affecting versions 5.4.0 and earlier, with CVSS scores of 5.3.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-31672 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-31672.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20"
          ]
        }
      ],
      "title": "CVE-2025-31672"
    },
    {
      "cve": "CVE-2025-41248",
      "cwe": {
        "id": "CWE-289",
        "name": "Authentication Bypass by Alternate Name"
      },
      "notes": [
        {
          "category": "other",
          "text": "Authentication Bypass by Alternate Name",
          "title": "CWE-289"
        },
        {
          "category": "other",
          "text": "Incorrect Authorization",
          "title": "CWE-863"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle Financial Services Model Management and Spring Framework versions expose critical data and may lead to authorization bypass, with significant confidentiality impacts.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-41248 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41248.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20"
          ]
        }
      ],
      "title": "CVE-2025-41248"
    },
    {
      "cve": "CVE-2025-41249",
      "cwe": {
        "id": "CWE-285",
        "name": "Improper Authorization"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Authorization",
          "title": "CWE-285"
        },
        {
          "category": "other",
          "text": "Incorrect Authorization",
          "title": "CWE-863"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities have been identified in Oracle Financial Services and Retail products, as well as the Spring Framework, allowing unauthorized access to sensitive data and potentially leading to information disclosure.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-41249 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-41249.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20"
          ]
        }
      ],
      "title": "CVE-2025-41249"
    },
    {
      "cve": "CVE-2025-43967",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "notes": [
        {
          "category": "other",
          "text": "NULL Pointer Dereference",
          "title": "CWE-476"
        },
        {
          "category": "description",
          "text": "Oracle Hyperion Financial Reporting (version 11.2.23) has a denial of service vulnerability (CVSS 7.5), while libheif library versions prior to 1.19.6 have a NULL pointer dereference issue in the ImageItem_Grid::get_decoder function.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43967 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43967.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20"
          ]
        }
      ],
      "title": "CVE-2025-43967"
    },
    {
      "cve": "CVE-2025-48924",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Recursion",
          "title": "CWE-674"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities have been identified in Oracle WebLogic Server and Oracle Communications ASAP, both allowing unauthenticated partial denial of service, alongside an uncontrolled recursion issue in Apache Commons Lang leading to potential application crashes.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-48924 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48924.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20"
          ]
        }
      ],
      "title": "CVE-2025-48924"
    },
    {
      "cve": "CVE-2025-48976",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "description",
          "text": "Multiple denial-of-service vulnerabilities have been identified in Oracle Application Testing Suite, Oracle Agile PLM, Apache Commons FileUpload, and HPE IceWall Identity Manager, with CVSS scores of 7.5 for some products.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-48976 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-48976.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20"
          ]
        }
      ],
      "title": "CVE-2025-48976"
    },
    {
      "cve": "CVE-2025-49796",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Oracle Banking Branch and Oracle Communications Cloud Native Core Certificate Management products, as well as libxml2, could lead to critical data compromise and denial of service, with CVSS scores reaching 9.1.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-49796 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-49796.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20"
          ]
        }
      ],
      "title": "CVE-2025-49796"
    },
    {
      "cve": "CVE-2025-53864",
      "cwe": {
        "id": "CWE-674",
        "name": "Uncontrolled Recursion"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Recursion",
          "title": "CWE-674"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities across Oracle WebLogic Server, Oracle GoldenGate, and Connect2id Nimbus JOSE + JWT allow unauthenticated attackers to exploit denial of service conditions, affecting various versions with CVSS scores of 5.8.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-53864 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-53864.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.8,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20"
          ]
        }
      ],
      "title": "CVE-2025-53864"
    },
    {
      "cve": "CVE-2025-54571",
      "cwe": {
        "id": "CWE-252",
        "name": "Unchecked Return Value"
      },
      "notes": [
        {
          "category": "other",
          "text": "Unchecked Return Value",
          "title": "CWE-252"
        },
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        },
        {
          "category": "description",
          "text": "Recent vulnerabilities in Oracle HTTP Server and ModSecurity allow for denial of service and potential XSS attacks, affecting specific versions with significant severity scores.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-54571 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54571.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20"
          ]
        }
      ],
      "title": "CVE-2025-54571"
    },
    {
      "cve": "CVE-2025-54874",
      "cwe": {
        "id": "CWE-457",
        "name": "Use of Uninitialized Variable"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use of Uninitialized Variable",
          "title": "CWE-457"
        },
        {
          "category": "description",
          "text": "Oracle Fusion Middleware has a critical vulnerability (CVSS 9.8) allowing unauthenticated access, while OpenJPEG versions 2.5.1 to 2.5.3 contain a flaw leading to out-of-bounds heap memory writes.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-54874 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54874.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20"
          ]
        }
      ],
      "title": "CVE-2025-54874"
    },
    {
      "cve": "CVE-2025-54988",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of XML External Entity Reference",
          "title": "CWE-611"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Apache Tika versions 1.13 to 3.2.1 have a critical XXE vulnerability, while Oracle PeopleSoft\u0027s OpenSearch component in versions 8.60 to 8.62 is also affected by an easily exploitable vulnerability.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-54988 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-54988.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20"
          ]
        }
      ],
      "title": "CVE-2025-54988"
    },
    {
      "cve": "CVE-2025-55163",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Recent updates to Netty and Oracle Communications products address critical vulnerabilities, including the \u0027MadeYouReset\u0027 attack in HTTP/2, which can lead to denial of service and resource exhaustion.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-55163 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-55163.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20"
          ]
        }
      ],
      "title": "CVE-2025-55163"
    },
    {
      "cve": "CVE-2025-59375",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities, including a memory amplification issue in libexpat and a DoS vulnerability in Oracle Communications Network Analytics, can lead to denial-of-service attacks without enabling arbitrary code execution.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-59375 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59375.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20"
          ]
        }
      ],
      "title": "CVE-2025-59375"
    },
    {
      "cve": "CVE-2025-66516",
      "cwe": {
        "id": "CWE-611",
        "name": "Improper Restriction of XML External Entity Reference"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of XML External Entity Reference",
          "title": "CWE-611"
        },
        {
          "category": "other",
          "text": "CWE-1035",
          "title": "CWE-1035"
        },
        {
          "category": "other",
          "text": "CWE-937",
          "title": "CWE-937"
        },
        {
          "category": "description",
          "text": "Apache Tika has a critical XML External Entity (XXE) injection vulnerability affecting multiple modules, particularly in PDF parsing, allowing remote attackers to exploit crafted files for sensitive information disclosure or remote code execution.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-66516 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-66516.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20"
          ]
        }
      ],
      "title": "CVE-2025-66516"
    },
    {
      "cve": "CVE-2026-21962",
      "notes": [
        {
          "category": "description",
          "text": "A critical vulnerability in Oracle HTTP Server and Oracle Weblogic Server Proxy Plug-in allows unauthenticated attackers to compromise systems, affecting specific versions with a CVSS score of 10.0.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3",
          "CSAFPID-4",
          "CSAFPID-5",
          "CSAFPID-6",
          "CSAFPID-7",
          "CSAFPID-8",
          "CSAFPID-9",
          "CSAFPID-10",
          "CSAFPID-11",
          "CSAFPID-12",
          "CSAFPID-13",
          "CSAFPID-14",
          "CSAFPID-15",
          "CSAFPID-16",
          "CSAFPID-17",
          "CSAFPID-18",
          "CSAFPID-19",
          "CSAFPID-20"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-21962 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-21962.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 10.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3",
            "CSAFPID-4",
            "CSAFPID-5",
            "CSAFPID-6",
            "CSAFPID-7",
            "CSAFPID-8",
            "CSAFPID-9",
            "CSAFPID-10",
            "CSAFPID-11",
            "CSAFPID-12",
            "CSAFPID-13",
            "CSAFPID-14",
            "CSAFPID-15",
            "CSAFPID-16",
            "CSAFPID-17",
            "CSAFPID-18",
            "CSAFPID-19",
            "CSAFPID-20"
          ]
        }
      ],
      "title": "CVE-2026-21962"
    }
  ]
}

NCSC-2026-0063

Vulnerability from csaf_ncscnl - Published: 2026-02-13 13:24 - Updated: 2026-02-13 13:24

Summary

Kwetsbaarheden verholpen in Apple macOS

Notes

Feiten: Apple heeft kwetsbaarheden verholpen in macOS, inclusief versies Sequoia 15.7.4, Tahoe 26.3 en Sonoma 14.8.4.

Interpretaties: De kwetsbaarheden omvatten onder andere problemen met geheugencorruptie, ongeautoriseerde toegang tot gevoelige gebruikersdata, en logboekproblemen die konden leiden tot ongeautoriseerde toegang tot locatie-informatie. De updates bevatten verbeterde validatieprocessen en state management om deze risico's te mitigeren.

Oplossingen: Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-20: Improper Input Validation

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

CWE-284: Improper Access Control

CWE-416: Use After Free

CWE-770: Allocation of Resources Without Limits or Throttling

CWE-787: Out-of-bounds Write

CWE-823: Use of Out-of-range Pointer Offset

CWE-825: Expired Pointer Dereference

CVE-2025-14174

The webkit2gtk3 update to version 2.50.4 addresses multiple security vulnerabilities, including memory corruption and buffer overflow, while a high-severity out of bounds memory access vulnerability in ANGLE affects Google Chrome and other Chromium-based browsers.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43338

An out-of-bounds access issue was resolved in macOS Tahoe 26 and macOS Sonoma 14.8.2, preventing potential app termination or memory corruption from malicious media files through improved bounds checking.

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43402

macOS Tahoe 26.1 has resolved issues related to unexpected system termination and process memory corruption through enhanced memory handling.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43403

Authorization issues regarding sensitive user data access have been resolved in macOS Sequoia 15.7.4 and macOS Sonoma 14.8.4, addressing potential risks of unauthorized app access.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-285 - Improper Authorization

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43417

macOS Sonoma 14.8.4 addresses a path handling issue that could allow applications to access user-sensitive data through improved logic.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43529

The webkit2gtk3 update to version 2.50.4 addresses multiple security vulnerabilities, including use-after-free and memory corruption issues, potentially allowing arbitrary code execution through malicious web content.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-416 - Use After Free

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-43533

Apple addressed multiple memory corruption vulnerabilities across its operating systems, including watchOS, iOS, iPadOS, macOS, visionOS, and tvOS, through improved input validation and enhanced bounds checks to prevent crashes from malicious HID devices.

3.5 (Low)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE-20 - Improper Input Validation

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-46283

macOS Tahoe 26.2 addressed a logic issue through improved validation, which could have allowed unauthorized access to sensitive user data by applications.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-46290

macOS Sequoia 15.7.4 and macOS Sonoma 14.8.4 have addressed a logic issue that could allow remote attackers to cause a denial-of-service through improved checks.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-693 - Protection Mechanism Failure

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-46300

macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-46301

macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-46302

macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-46303

macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-46304

macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-46305

macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-46310

macOS Sequoia 15.7.4 and macOS Sonoma 14.8.4 have resolved a vulnerability that allowed attackers with root privileges to delete protected system files through enhanced state management.

6.0 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H

CWE-269 - Improper Privilege Management

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2025-59375

Multiple vulnerabilities, including memory amplification in libexpat and denial-of-service issues in Oracle Communications Network Analytics and Apple Software, expose systems to potential disruptions without enabling arbitrary code execution.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20601

macOS Tahoe 26.3 has resolved a permissions issue that allowed applications to monitor keystrokes without user consent by implementing additional restrictions.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20602

macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 have addressed a denial-of-service vulnerability related to app cache handling, enhancing overall system stability.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20603

macOS Tahoe 26.3 has enhanced redaction capabilities to prevent apps with root privileges from accessing sensitive private information.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20605

Recent updates in macOS Sequoia 15.7.4 and iOS 18.7.5 have resolved a memory handling issue that could cause an app to crash a system process.

4.6 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20606

The vulnerability allowing apps to bypass Privacy preferences in macOS and iOS has been addressed by removing the problematic code across various versions.

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20608

Recent updates in several operating systems and Safari have addressed unexpected process crashes caused by maliciously crafted web content through enhanced state management.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20609

Various operating systems have addressed improved memory handling to mitigate risks of denial-of-service and memory content disclosure from processing malicious files.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20610

macOS Tahoe 26.3 has fixed an issue with symlink handling that previously allowed applications to gain root privileges.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20611

An out-of-bounds access vulnerability affecting various Apple operating systems was resolved, which could lead to app termination or memory corruption when handling malicious media files.

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20612

macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 have addressed a privacy issue that allowed apps to access sensitive user data through enhanced checks.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20614

A path handling vulnerability allowing apps to gain root privileges has been resolved in macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 through enhanced validation measures.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20615

A path handling vulnerability allowing apps to gain root privileges has been resolved in iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, and visionOS 26.3 through enhanced validation measures.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20616

An out-of-bounds write vulnerability in various Apple operating systems has been resolved through enhanced bounds checking, preventing unexpected app terminations when handling malicious USD files.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20617

A race condition affecting multiple Apple operating systems, including watchOS, tvOS, macOS, visionOS, iOS, and iPadOS, was fixed, which could have allowed apps to gain root privileges due to improved state handling.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20618

macOS Tahoe 26.3 has improved temporary file handling, resolving an issue that could allow applications to access user-sensitive data.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20619

A logging issue in macOS Sequoia 15.7.4 and macOS Tahoe 26.3 has been resolved, enhancing data redaction to prevent unauthorized access to sensitive user information by applications.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20620

An out-of-bounds read vulnerability was resolved in macOS versions 15.7.4, 26.3, and 14.8.4, potentially allowing attackers to read kernel memory or cause unexpected system termination.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20621

Recent updates to macOS and iOS have resolved issues related to memory handling that could cause unexpected system termination or kernel memory corruption.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20623

A permissions issue in macOS Tahoe 26.3 was resolved by removing vulnerable code that could allow unauthorized access to protected user data.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20624

Recent updates in macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 have addressed an injection issue that could allow apps to access sensitive user data through improved validation.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20625

Recent updates in macOS and visionOS addressed a parsing issue in directory path handling, enhancing path validation to prevent unauthorized access to sensitive user data by applications.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20626

macOS Sequoia 15.7.4, iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed the issue of malicious apps gaining root privileges through enhanced checks.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-862 - Missing Authorization

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20627

Recent updates in watchOS 26.3 and iOS 26.3 have resolved an issue with environment variable handling that could allow unauthorized access to sensitive user data through improved validation.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-20 - Improper Input Validation

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20628

A permissions vulnerability that could allow an application to escape its sandbox has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-284 - Improper Access Control

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20629

macOS Tahoe 26.3 has resolved a privacy issue that allowed applications to access user-sensitive data through improper handling of temporary files.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20630

macOS Tahoe 26.3 has resolved a permissions issue that previously allowed applications to access protected user data, implementing additional restrictions to enhance security.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-277 - Insecure Inherited Permissions

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20634

Recent updates to watchOS, tvOS, macOS, iOS, and iPadOS have addressed memory handling vulnerabilities that could lead to process memory disclosure when processing maliciously crafted images.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20635

Recent updates have enhanced memory handling and state management across various operating systems, effectively reducing the risk of unexpected process crashes from malicious web content.

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20636

iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed unexpected process crashes due to malicious web content through enhanced memory handling.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20641

A privacy vulnerability that enabled applications to detect other installed apps has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20644

Apple has addressed the issue of unexpected process crashes caused by malicious web content through enhanced memory handling in its operating systems and Safari version 26.3.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20646

macOS Tahoe 26.3 has resolved a logging vulnerability that allowed malicious applications to access sensitive location data through enhanced data redaction techniques.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20647

macOS Tahoe 26.3 has resolved unauthorized access issues by implementing enhanced data protection measures that prevent apps from accessing sensitive user data.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20648

A privacy issue in macOS Tahoe 26.3 was addressed by relocating sensitive data to a secure location, effectively preventing unauthorized access to notifications from other iCloud devices by malicious applications.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20649

A logging issue allowing potential exposure of sensitive information has been resolved through enhanced data redaction in watchOS 26.3, iOS 26.3, iPadOS 26.3, tvOS 26.3, and macOS Tahoe 26.3.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20650

A denial-of-service vulnerability in Bluetooth packets has been addressed across multiple Apple operating systems, including iOS and macOS, allowing potential exploitation by attackers in privileged network positions.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20652

Recent updates to macOS, iOS, iPadOS, visionOS, and Safari have addressed a vulnerability related to improved memory handling that could enable remote attackers to execute denial-of-service attacks.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20653

A parsing issue in directory path handling was resolved, enhancing path validation to prevent unauthorized access to sensitive user data across multiple macOS and iOS versions.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20654

The unexpected system termination issue caused by app behavior has been resolved through enhanced memory management in operating systems including watchOS, tvOS, macOS, visionOS, iOS, and iPadOS, all updated to version 26.3.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20656

A logic issue allowing app access to user Safari history has been resolved in iOS 18.7.5, iPadOS 18.7.5, Safari 26.3, and macOS Tahoe 26.3 through enhanced validation measures.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20658

macOS Tahoe 26.3 has resolved a package validation vulnerability that could allow applications to gain root privileges by blocking the affected package.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20660

A path handling vulnerability in several Apple operating systems and Safari versions has been addressed, which previously allowed remote users to write arbitrary files.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20662

An authorization issue in macOS Sequoia 15.7.4 and macOS Tahoe 26.3 has been resolved, which previously allowed physical access to a locked device to expose sensitive user information.

4.6 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20666

macOS Tahoe 26.3 resolves an authorization issue that allowed apps to access sensitive user data through enhanced state management.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-285 - Improper Authorization

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20667

A logic issue that could allow an app to escape its sandbox has been resolved in multiple OS updates, including watchOS 26.3 and iOS 26.3.

8.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20669

macOS Tahoe 26.3 addressed a parsing issue in directory path handling, enhancing path validation to prevent unauthorized access to sensitive user data by applications.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20671

A logic issue allowing network traffic interception by an attacker in a privileged position has been resolved across multiple Apple operating systems, including watchOS, tvOS, macOS, iOS, and visionOS.

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20673

A logic issue was resolved in multiple macOS and iOS versions, with a note that disabling 'Load remote content in messages' may not influence all mail previews.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20675

Recent updates across various operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS, have addressed user information disclosure vulnerabilities related to malicious image processing through enhanced bounds checks.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-125 - Out-of-bounds Read

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20676

The recent updates in iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have resolved user tracking issues through Safari web extensions by enhancing state management.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20677

A race condition in multiple Apple operating systems was resolved, which could have allowed shortcuts to bypass sandbox restrictions.

9.0 (Critical)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20680

Recent updates in macOS Tahoe 26.3 and iOS 18.7.5 have introduced additional restrictions to prevent sandboxed apps from accessing sensitive user data.

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20681

macOS Tahoe 26.3 resolves a privacy issue by enhancing private data redaction for log entries, preventing unauthorized access to user contact information by apps.

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

CVE-2026-20700

Multiple Apple operating systems have been affected by memory corruption vulnerabilities that could allow arbitrary code execution, with fixes implemented in version 26.3 and reports of exploitation in earlier iOS versions.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / macOS Sequoia		vers:unknown/*
vers:unknown/* Apple / macOS Sonoma		vers:unknown/*
vers:unknown/* Apple / macOS Tahoe		vers:unknown/*

References

74 references

URL	Category
https://support.apple.com/en-us/126348	external
https://support.apple.com/en-us/126349	external
https://support.apple.com/en-us/126350	external
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Apple heeft kwetsbaarheden verholpen in macOS, inclusief versies Sequoia 15.7.4, Tahoe 26.3 en Sonoma 14.8.4.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden omvatten onder andere problemen met geheugencorruptie, ongeautoriseerde toegang tot gevoelige gebruikersdata, en logboekproblemen die konden leiden tot ongeautoriseerde toegang tot locatie-informatie. De updates bevatten verbeterde validatieprocessen en state management om deze risico\u0027s te mitigeren.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
        "title": "CWE-79"
      },
      {
        "category": "general",
        "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
        "title": "CWE-119"
      },
      {
        "category": "general",
        "text": "Exposure of Sensitive Information to an Unauthorized Actor",
        "title": "CWE-200"
      },
      {
        "category": "general",
        "text": "Improper Access Control",
        "title": "CWE-284"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Write",
        "title": "CWE-787"
      },
      {
        "category": "general",
        "text": "Use of Out-of-range Pointer Offset",
        "title": "CWE-823"
      },
      {
        "category": "general",
        "text": "Expired Pointer Dereference",
        "title": "CWE-825"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://support.apple.com/en-us/126348"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://support.apple.com/en-us/126349"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://support.apple.com/en-us/126350"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Apple macOS",
    "tracking": {
      "current_release_date": "2026-02-13T13:24:06.433550Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2026-0063",
      "initial_release_date": "2026-02-13T13:24:06.433550Z",
      "revision_history": [
        {
          "date": "2026-02-13T13:24:06.433550Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "macOS Sequoia"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "macOS Sonoma"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-3"
                }
              }
            ],
            "category": "product_name",
            "name": "macOS Tahoe"
          }
        ],
        "category": "vendor",
        "name": "Apple"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-14174",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "other",
          "text": "Use of Out-of-range Pointer Offset",
          "title": "CWE-823"
        },
        {
          "category": "description",
          "text": "The webkit2gtk3 update to version 2.50.4 addresses multiple security vulnerabilities, including memory corruption and buffer overflow, while a high-severity out of bounds memory access vulnerability in ANGLE affects Google Chrome and other Chromium-based browsers.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-14174 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-14174.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-14174"
    },
    {
      "cve": "CVE-2025-43338",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
          "title": "CWE-79"
        },
        {
          "category": "description",
          "text": "An out-of-bounds access issue was resolved in macOS Tahoe 26 and macOS Sonoma 14.8.2, preventing potential app termination or memory corruption from malicious media files through improved bounds checking.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43338 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43338.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-43338"
    },
    {
      "cve": "CVE-2025-43402",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "description",
          "text": "macOS Tahoe 26.1 has resolved issues related to unexpected system termination and process memory corruption through enhanced memory handling.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43402 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43402.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-43402"
    },
    {
      "cve": "CVE-2025-43403",
      "cwe": {
        "id": "CWE-285",
        "name": "Improper Authorization"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Authorization",
          "title": "CWE-285"
        },
        {
          "category": "description",
          "text": "Authorization issues regarding sensitive user data access have been resolved in macOS Sequoia 15.7.4 and macOS Sonoma 14.8.4, addressing potential risks of unauthorized app access.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43403 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43403.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-43403"
    },
    {
      "cve": "CVE-2025-43417",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        },
        {
          "category": "description",
          "text": "macOS Sonoma 14.8.4 addresses a path handling issue that could allow applications to access user-sensitive data through improved logic.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43417 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43417.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-43417"
    },
    {
      "cve": "CVE-2025-43529",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "other",
          "text": "Expired Pointer Dereference",
          "title": "CWE-825"
        },
        {
          "category": "description",
          "text": "The webkit2gtk3 update to version 2.50.4 addresses multiple security vulnerabilities, including use-after-free and memory corruption issues, potentially allowing arbitrary code execution through malicious web content.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43529 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43529.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-43529"
    },
    {
      "cve": "CVE-2025-43533",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "description",
          "text": "Apple addressed multiple memory corruption vulnerabilities across its operating systems, including watchOS, iOS, iPadOS, macOS, visionOS, and tvOS, through improved input validation and enhanced bounds checks to prevent crashes from malicious HID devices.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43533 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43533.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-43533"
    },
    {
      "cve": "CVE-2025-46283",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "description",
          "text": "macOS Tahoe 26.2 addressed a logic issue through improved validation, which could have allowed unauthorized access to sensitive user data by applications.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46283 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46283.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-46283"
    },
    {
      "cve": "CVE-2025-46290",
      "cwe": {
        "id": "CWE-693",
        "name": "Protection Mechanism Failure"
      },
      "notes": [
        {
          "category": "other",
          "text": "Protection Mechanism Failure",
          "title": "CWE-693"
        },
        {
          "category": "other",
          "text": "Improper Check or Handling of Exceptional Conditions",
          "title": "CWE-703"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4 and macOS Sonoma 14.8.4 have addressed a logic issue that could allow remote attackers to cause a denial-of-service through improved checks.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46290 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46290.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-46290"
    },
    {
      "cve": "CVE-2025-46300",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46300 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46300.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-46300"
    },
    {
      "cve": "CVE-2025-46301",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46301 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46301.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-46301"
    },
    {
      "cve": "CVE-2025-46302",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46302 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46302.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-46302"
    },
    {
      "cve": "CVE-2025-46303",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46303 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46303.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-46303"
    },
    {
      "cve": "CVE-2025-46304",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46304 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46304.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-46304"
    },
    {
      "cve": "CVE-2025-46305",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46305 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46305.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-46305"
    },
    {
      "cve": "CVE-2025-46310",
      "cwe": {
        "id": "CWE-269",
        "name": "Improper Privilege Management"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Privilege Management",
          "title": "CWE-269"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4 and macOS Sonoma 14.8.4 have resolved a vulnerability that allowed attackers with root privileges to delete protected system files through enhanced state management.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46310 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46310.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.0,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-46310"
    },
    {
      "cve": "CVE-2025-59375",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities, including memory amplification in libexpat and denial-of-service issues in Oracle Communications Network Analytics and Apple Software, expose systems to potential disruptions without enabling arbitrary code execution.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-59375 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59375.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2025-59375"
    },
    {
      "cve": "CVE-2026-20601",
      "notes": [
        {
          "category": "description",
          "text": "macOS Tahoe 26.3 has resolved a permissions issue that allowed applications to monitor keystrokes without user consent by implementing additional restrictions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20601 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20601.json"
        }
      ],
      "title": "CVE-2026-20601"
    },
    {
      "cve": "CVE-2026-20602",
      "notes": [
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 have addressed a denial-of-service vulnerability related to app cache handling, enhancing overall system stability.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20602 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20602.json"
        }
      ],
      "title": "CVE-2026-20602"
    },
    {
      "cve": "CVE-2026-20603",
      "notes": [
        {
          "category": "description",
          "text": "macOS Tahoe 26.3 has enhanced redaction capabilities to prevent apps with root privileges from accessing sensitive private information.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20603 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20603.json"
        }
      ],
      "title": "CVE-2026-20603"
    },
    {
      "cve": "CVE-2026-20605",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "Recent updates in macOS Sequoia 15.7.4 and iOS 18.7.5 have resolved a memory handling issue that could cause an app to crash a system process.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20605 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20605.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20605"
    },
    {
      "cve": "CVE-2026-20606",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "description",
          "text": "The vulnerability allowing apps to bypass Privacy preferences in macOS and iOS has been addressed by removing the problematic code across various versions.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20606 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20606.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20606"
    },
    {
      "cve": "CVE-2026-20608",
      "notes": [
        {
          "category": "description",
          "text": "Recent updates in several operating systems and Safari have addressed unexpected process crashes caused by maliciously crafted web content through enhanced state management.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20608 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20608.json"
        }
      ],
      "title": "CVE-2026-20608"
    },
    {
      "cve": "CVE-2026-20609",
      "notes": [
        {
          "category": "description",
          "text": "Various operating systems have addressed improved memory handling to mitigate risks of denial-of-service and memory content disclosure from processing malicious files.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20609 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20609.json"
        }
      ],
      "title": "CVE-2026-20609"
    },
    {
      "cve": "CVE-2026-20610",
      "cwe": {
        "id": "CWE-59",
        "name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)",
          "title": "CWE-59"
        },
        {
          "category": "description",
          "text": "macOS Tahoe 26.3 has fixed an issue with symlink handling that previously allowed applications to gain root privileges.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20610 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20610.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20610"
    },
    {
      "cve": "CVE-2026-20611",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "An out-of-bounds access vulnerability affecting various Apple operating systems was resolved, which could lead to app termination or memory corruption when handling malicious media files.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20611 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20611.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20611"
    },
    {
      "cve": "CVE-2026-20612",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 have addressed a privacy issue that allowed apps to access sensitive user data through enhanced checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20612 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20612.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20612"
    },
    {
      "cve": "CVE-2026-20614",
      "notes": [
        {
          "category": "description",
          "text": "A path handling vulnerability allowing apps to gain root privileges has been resolved in macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 through enhanced validation measures.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20614 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20614.json"
        }
      ],
      "title": "CVE-2026-20614"
    },
    {
      "cve": "CVE-2026-20615",
      "notes": [
        {
          "category": "description",
          "text": "A path handling vulnerability allowing apps to gain root privileges has been resolved in iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, and visionOS 26.3 through enhanced validation measures.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20615 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20615.json"
        }
      ],
      "title": "CVE-2026-20615"
    },
    {
      "cve": "CVE-2026-20616",
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds write vulnerability in various Apple operating systems has been resolved through enhanced bounds checking, preventing unexpected app terminations when handling malicious USD files.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20616 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20616.json"
        }
      ],
      "title": "CVE-2026-20616"
    },
    {
      "cve": "CVE-2026-20617",
      "notes": [
        {
          "category": "description",
          "text": "A race condition affecting multiple Apple operating systems, including watchOS, tvOS, macOS, visionOS, iOS, and iPadOS, was fixed, which could have allowed apps to gain root privileges due to improved state handling.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20617 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20617.json"
        }
      ],
      "title": "CVE-2026-20617"
    },
    {
      "cve": "CVE-2026-20618",
      "notes": [
        {
          "category": "description",
          "text": "macOS Tahoe 26.3 has improved temporary file handling, resolving an issue that could allow applications to access user-sensitive data.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20618 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20618.json"
        }
      ],
      "title": "CVE-2026-20618"
    },
    {
      "cve": "CVE-2026-20619",
      "notes": [
        {
          "category": "description",
          "text": "A logging issue in macOS Sequoia 15.7.4 and macOS Tahoe 26.3 has been resolved, enhancing data redaction to prevent unauthorized access to sensitive user information by applications.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20619 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20619.json"
        }
      ],
      "title": "CVE-2026-20619"
    },
    {
      "cve": "CVE-2026-20620",
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds read vulnerability was resolved in macOS versions 15.7.4, 26.3, and 14.8.4, potentially allowing attackers to read kernel memory or cause unexpected system termination.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20620 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20620.json"
        }
      ],
      "title": "CVE-2026-20620"
    },
    {
      "cve": "CVE-2026-20621",
      "notes": [
        {
          "category": "description",
          "text": "Recent updates to macOS and iOS have resolved issues related to memory handling that could cause unexpected system termination or kernel memory corruption.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20621 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20621.json"
        }
      ],
      "title": "CVE-2026-20621"
    },
    {
      "cve": "CVE-2026-20623",
      "notes": [
        {
          "category": "description",
          "text": "A permissions issue in macOS Tahoe 26.3 was resolved by removing vulnerable code that could allow unauthorized access to protected user data.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20623 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20623.json"
        }
      ],
      "title": "CVE-2026-20623"
    },
    {
      "cve": "CVE-2026-20624",
      "notes": [
        {
          "category": "description",
          "text": "Recent updates in macOS Sequoia 15.7.4, macOS Tahoe 26.3, and macOS Sonoma 14.8.4 have addressed an injection issue that could allow apps to access sensitive user data through improved validation.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20624 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20624.json"
        }
      ],
      "title": "CVE-2026-20624"
    },
    {
      "cve": "CVE-2026-20625",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        },
        {
          "category": "description",
          "text": "Recent updates in macOS and visionOS addressed a parsing issue in directory path handling, enhancing path validation to prevent unauthorized access to sensitive user data by applications.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20625 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20625.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20625"
    },
    {
      "cve": "CVE-2026-20626",
      "cwe": {
        "id": "CWE-862",
        "name": "Missing Authorization"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Authorization",
          "title": "CWE-862"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4, iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed the issue of malicious apps gaining root privileges through enhanced checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20626 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20626.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20626"
    },
    {
      "cve": "CVE-2026-20627",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "description",
          "text": "Recent updates in watchOS 26.3 and iOS 26.3 have resolved an issue with environment variable handling that could allow unauthorized access to sensitive user data through improved validation.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20627 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20627.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20627"
    },
    {
      "cve": "CVE-2026-20628",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "description",
          "text": "A permissions vulnerability that could allow an application to escape its sandbox has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20628 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20628.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20628"
    },
    {
      "cve": "CVE-2026-20629",
      "notes": [
        {
          "category": "description",
          "text": "macOS Tahoe 26.3 has resolved a privacy issue that allowed applications to access user-sensitive data through improper handling of temporary files.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20629 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20629.json"
        }
      ],
      "title": "CVE-2026-20629"
    },
    {
      "cve": "CVE-2026-20630",
      "cwe": {
        "id": "CWE-277",
        "name": "Insecure Inherited Permissions"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insecure Inherited Permissions",
          "title": "CWE-277"
        },
        {
          "category": "description",
          "text": "macOS Tahoe 26.3 has resolved a permissions issue that previously allowed applications to access protected user data, implementing additional restrictions to enhance security.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20630 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20630.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20630"
    },
    {
      "cve": "CVE-2026-20634",
      "notes": [
        {
          "category": "description",
          "text": "Recent updates to watchOS, tvOS, macOS, iOS, and iPadOS have addressed memory handling vulnerabilities that could lead to process memory disclosure when processing maliciously crafted images.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20634 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20634.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20634"
    },
    {
      "cve": "CVE-2026-20635",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "Recent updates have enhanced memory handling and state management across various operating systems, effectively reducing the risk of unexpected process crashes from malicious web content.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20635 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20635.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20635"
    },
    {
      "cve": "CVE-2026-20636",
      "notes": [
        {
          "category": "description",
          "text": "iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed unexpected process crashes due to malicious web content through enhanced memory handling.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20636 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20636.json"
        }
      ],
      "title": "CVE-2026-20636"
    },
    {
      "cve": "CVE-2026-20641",
      "notes": [
        {
          "category": "description",
          "text": "A privacy vulnerability that enabled applications to detect other installed apps has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20641 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20641.json"
        }
      ],
      "title": "CVE-2026-20641"
    },
    {
      "cve": "CVE-2026-20644",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "description",
          "text": "Apple has addressed the issue of unexpected process crashes caused by malicious web content through enhanced memory handling in its operating systems and Safari version 26.3.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20644 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20644.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20644"
    },
    {
      "cve": "CVE-2026-20646",
      "notes": [
        {
          "category": "description",
          "text": "macOS Tahoe 26.3 has resolved a logging vulnerability that allowed malicious applications to access sensitive location data through enhanced data redaction techniques.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20646 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20646.json"
        }
      ],
      "title": "CVE-2026-20646"
    },
    {
      "cve": "CVE-2026-20647",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "description",
          "text": "macOS Tahoe 26.3 has resolved unauthorized access issues by implementing enhanced data protection measures that prevent apps from accessing sensitive user data.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20647 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20647.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20647"
    },
    {
      "cve": "CVE-2026-20648",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "description",
          "text": "A privacy issue in macOS Tahoe 26.3 was addressed by relocating sensitive data to a secure location, effectively preventing unauthorized access to notifications from other iCloud devices by malicious applications.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20648 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20648.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20648"
    },
    {
      "cve": "CVE-2026-20649",
      "notes": [
        {
          "category": "description",
          "text": "A logging issue allowing potential exposure of sensitive information has been resolved through enhanced data redaction in watchOS 26.3, iOS 26.3, iPadOS 26.3, tvOS 26.3, and macOS Tahoe 26.3.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20649 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20649.json"
        }
      ],
      "title": "CVE-2026-20649"
    },
    {
      "cve": "CVE-2026-20650",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "description",
          "text": "A denial-of-service vulnerability in Bluetooth packets has been addressed across multiple Apple operating systems, including iOS and macOS, allowing potential exploitation by attackers in privileged network positions.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20650 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20650.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20650"
    },
    {
      "cve": "CVE-2026-20652",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "description",
          "text": "Recent updates to macOS, iOS, iPadOS, visionOS, and Safari have addressed a vulnerability related to improved memory handling that could enable remote attackers to execute denial-of-service attacks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20652 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20652.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20652"
    },
    {
      "cve": "CVE-2026-20653",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        },
        {
          "category": "description",
          "text": "A parsing issue in directory path handling was resolved, enhancing path validation to prevent unauthorized access to sensitive user data across multiple macOS and iOS versions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20653 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20653.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20653"
    },
    {
      "cve": "CVE-2026-20654",
      "notes": [
        {
          "category": "description",
          "text": "The unexpected system termination issue caused by app behavior has been resolved through enhanced memory management in operating systems including watchOS, tvOS, macOS, visionOS, iOS, and iPadOS, all updated to version 26.3.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20654 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20654.json"
        }
      ],
      "title": "CVE-2026-20654"
    },
    {
      "cve": "CVE-2026-20656",
      "notes": [
        {
          "category": "description",
          "text": "A logic issue allowing app access to user Safari history has been resolved in iOS 18.7.5, iPadOS 18.7.5, Safari 26.3, and macOS Tahoe 26.3 through enhanced validation measures.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20656 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20656.json"
        }
      ],
      "title": "CVE-2026-20656"
    },
    {
      "cve": "CVE-2026-20658",
      "notes": [
        {
          "category": "description",
          "text": "macOS Tahoe 26.3 has resolved a package validation vulnerability that could allow applications to gain root privileges by blocking the affected package.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20658 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20658.json"
        }
      ],
      "title": "CVE-2026-20658"
    },
    {
      "cve": "CVE-2026-20660",
      "notes": [
        {
          "category": "description",
          "text": "A path handling vulnerability in several Apple operating systems and Safari versions has been addressed, which previously allowed remote users to write arbitrary files.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20660 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20660.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20660"
    },
    {
      "cve": "CVE-2026-20662",
      "notes": [
        {
          "category": "description",
          "text": "An authorization issue in macOS Sequoia 15.7.4 and macOS Tahoe 26.3 has been resolved, which previously allowed physical access to a locked device to expose sensitive user information.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20662 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20662.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20662"
    },
    {
      "cve": "CVE-2026-20666",
      "cwe": {
        "id": "CWE-285",
        "name": "Improper Authorization"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Authorization",
          "title": "CWE-285"
        },
        {
          "category": "description",
          "text": "macOS Tahoe 26.3 resolves an authorization issue that allowed apps to access sensitive user data through enhanced state management.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20666 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20666.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20666"
    },
    {
      "cve": "CVE-2026-20667",
      "notes": [
        {
          "category": "description",
          "text": "A logic issue that could allow an app to escape its sandbox has been resolved in multiple OS updates, including watchOS 26.3 and iOS 26.3.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20667 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20667.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20667"
    },
    {
      "cve": "CVE-2026-20669",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        },
        {
          "category": "description",
          "text": "macOS Tahoe 26.3 addressed a parsing issue in directory path handling, enhancing path validation to prevent unauthorized access to sensitive user data by applications.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20669 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20669.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20669"
    },
    {
      "cve": "CVE-2026-20671",
      "notes": [
        {
          "category": "description",
          "text": "A logic issue allowing network traffic interception by an attacker in a privileged position has been resolved across multiple Apple operating systems, including watchOS, tvOS, macOS, iOS, and visionOS.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20671 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20671.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20671"
    },
    {
      "cve": "CVE-2026-20673",
      "notes": [
        {
          "category": "description",
          "text": "A logic issue was resolved in multiple macOS and iOS versions, with a note that disabling \u0027Load remote content in messages\u0027 may not influence all mail previews.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20673 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20673.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20673"
    },
    {
      "cve": "CVE-2026-20675",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "Recent updates across various operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS, have addressed user information disclosure vulnerabilities related to malicious image processing through enhanced bounds checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20675 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20675.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20675"
    },
    {
      "cve": "CVE-2026-20676",
      "notes": [
        {
          "category": "description",
          "text": "The recent updates in iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have resolved user tracking issues through Safari web extensions by enhancing state management.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20676 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20676.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20676"
    },
    {
      "cve": "CVE-2026-20677",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "description",
          "text": "A race condition in multiple Apple operating systems was resolved, which could have allowed shortcuts to bypass sandbox restrictions.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20677 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20677.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20677"
    },
    {
      "cve": "CVE-2026-20680",
      "notes": [
        {
          "category": "description",
          "text": "Recent updates in macOS Tahoe 26.3 and iOS 18.7.5 have introduced additional restrictions to prevent sandboxed apps from accessing sensitive user data.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20680 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20680.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20680"
    },
    {
      "cve": "CVE-2026-20681",
      "notes": [
        {
          "category": "description",
          "text": "macOS Tahoe 26.3 resolves a privacy issue by enhancing private data redaction for log entries, preventing unauthorized access to user contact information by apps.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20681 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20681.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20681"
    },
    {
      "cve": "CVE-2026-20700",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "Multiple Apple operating systems have been affected by memory corruption vulnerabilities that could allow arbitrary code execution, with fixes implemented in version 26.3 and reports of exploitation in earlier iOS versions.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2",
          "CSAFPID-3"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20700 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20700.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2",
            "CSAFPID-3"
          ]
        }
      ],
      "title": "CVE-2026-20700"
    }
  ]
}

NCSC-2026-0064

Vulnerability from csaf_ncscnl - Published: 2026-02-13 13:35 - Updated: 2026-02-13 13:35

Summary

Kwetsbaarheden verholpen in Apple iOS en iPadOS

Notes

Feiten: Apple heeft kwetsbaarheden verholpen in iOS en iPadOS.

Interpretaties: De kwetsbaarheden omvatten verschillende problemen zoals geheugenbeschadiging, bufferoverloop, en gebruik na vrijgave, die konden leiden tot ongeautoriseerde toegang tot gevoelige gegevens, onverwachte procescrashes en andere stabiliteitsproblemen. De kwetsbaarheden werden voornamelijk veroorzaakt door inadequate invoervalidatie en kwetsbaarheden in de verwerking van schadelijke inhoud. De updates zijn gericht op het verbeteren van de beveiliging en stabiliteit van de betrokken besturingssystemen. Apple meldt dat zij een rapport hebben ontvangen dat de kwetsbaarheid met kenmerk CVE-2026-20700 mogelijk is misbruikt bij een zeer gerichte aanval, waarbij een iOS device met versienummer vóór 26 het slachtoffer is. Meer detailinformatie is niet vrijgegeven. De kwetsbaarheid stelt een kwaadwillende in staat om willekeurige code uit te voeren. Voor succesvol misbruik moet de kwaadwillende voorafgaande rechten hebben om geheugen te mogen beschrijven.

Oplossingen: Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.

Kans: medium

Schade: high

CWE-20: Improper Input Validation

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-416: Use After Free

CWE-770: Allocation of Resources Without Limits or Throttling

CWE-787: Out-of-bounds Write

CWE-823: Use of Out-of-range Pointer Offset

CWE-825: Expired Pointer Dereference

CVE-2025-14174

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2025-43529

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-416 - Use After Free

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2025-43533

3.5 (Low)


                        
                          CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE-20 - Improper Input Validation

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2025-43537

iOS 18.7.5 and iPadOS 18.7.5 addressed a path handling vulnerability that could allow malicious backup files to alter protected system files.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2025-46300

macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2025-46301

macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2025-46302

macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2025-46303

macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2025-46304

macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2025-46305

macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2025-59375

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-770 - Allocation of Resources Without Limits or Throttling

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20605

Recent updates in macOS Sequoia 15.7.4 and iOS 18.7.5 have resolved a memory handling issue that could cause an app to crash a system process.

4.6 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20606

The vulnerability allowing apps to bypass Privacy preferences in macOS and iOS has been addressed by removing the problematic code across various versions.

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20608

Recent updates in several operating systems and Safari have addressed unexpected process crashes caused by maliciously crafted web content through enhanced state management.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20609

Various operating systems have addressed improved memory handling to mitigate risks of denial-of-service and memory content disclosure from processing malicious files.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20611

An out-of-bounds access vulnerability affecting various Apple operating systems was resolved, which could lead to app termination or memory corruption when handling malicious media files.

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20615

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20616

An out-of-bounds write vulnerability in various Apple operating systems has been resolved through enhanced bounds checking, preventing unexpected app terminations when handling malicious USD files.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20617

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20621

Recent updates to macOS and iOS have resolved issues related to memory handling that could cause unexpected system termination or kernel memory corruption.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20626

macOS Sequoia 15.7.4, iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed the issue of malicious apps gaining root privileges through enhanced checks.

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-862 - Missing Authorization

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20627

Recent updates in watchOS 26.3 and iOS 26.3 have resolved an issue with environment variable handling that could allow unauthorized access to sensitive user data through improved validation.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-20 - Improper Input Validation

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20628

A permissions vulnerability that could allow an application to escape its sandbox has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.

7.1 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N

CWE-284 - Improper Access Control

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20634

Recent updates to watchOS, tvOS, macOS, iOS, and iPadOS have addressed memory handling vulnerabilities that could lead to process memory disclosure when processing maliciously crafted images.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20635

Recent updates have enhanced memory handling and state management across various operating systems, effectively reducing the risk of unexpected process crashes from malicious web content.

4.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20636

iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed unexpected process crashes due to malicious web content through enhanced memory handling.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20638

A logic issue that could expose identifying information for users with Live Caller ID app extensions disabled has been resolved in iOS 26.3 and iPadOS 26.3.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-284 - Improper Access Control

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20640

iOS 26.3 and iPadOS 26.3 addressed an inconsistent user interface issue that could allow an attacker with physical access to capture sensitive data during iPhone Mirroring with Mac.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20641

A privacy vulnerability that enabled applications to detect other installed apps has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20642

An input validation vulnerability in iOS 26.3 and iPadOS 26.3 allowed physical access to an iOS device to potentially enable unauthorized access to photos from the lock screen, which has now been addressed.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20644

Apple has addressed the issue of unexpected process crashes caused by malicious web content through enhanced memory handling in its operating systems and Safari version 26.3.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20645

An inconsistent user interface issue in iOS 26.3 and iPadOS 18.7.5 was resolved, which could have allowed an attacker with physical access to a locked device to view sensitive user information.

4.6 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-1021 - Improper Restriction of Rendered UI Layers or Frames

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20649

A logging issue allowing potential exposure of sensitive information has been resolved through enhanced data redaction in watchOS 26.3, iOS 26.3, iPadOS 26.3, tvOS 26.3, and macOS Tahoe 26.3.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20650

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20652

Recent updates to macOS, iOS, iPadOS, visionOS, and Safari have addressed a vulnerability related to improved memory handling that could enable remote attackers to execute denial-of-service attacks.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-400 - Uncontrolled Resource Consumption

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20653

A parsing issue in directory path handling was resolved, enhancing path validation to prevent unauthorized access to sensitive user data across multiple macOS and iOS versions.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20654

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20655

An authorization issue affecting iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 has been resolved, which previously allowed physical access to a locked device to expose sensitive user information.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20656

A logic issue allowing app access to user Safari history has been resolved in iOS 18.7.5, iPadOS 18.7.5, Safari 26.3, and macOS Tahoe 26.3 through enhanced validation measures.

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20660

A path handling vulnerability in several Apple operating systems and Safari versions has been addressed, which previously allowed remote users to write arbitrary files.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20661

4.6 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20663

The issue of app enumeration of installed applications was addressed in iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 through the implementation of sanitized logging.

3.3 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWE-532 - Insertion of Sensitive Information into Log File

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20667

A logic issue that could allow an app to escape its sandbox has been resolved in multiple OS updates, including watchOS 26.3 and iOS 26.3.

8.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20671

3.1 (Low)


                        
                          CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20673

A logic issue was resolved in multiple macOS and iOS versions, with a note that disabling 'Load remote content in messages' may not influence all mail previews.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20674

iOS 26.3 and iPadOS 26.3 resolved a privacy issue by eliminating sensitive data that could be accessed by an attacker with physical access to a locked device.

4.6 (Medium)


                        
                          CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20675

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CWE-125 - Out-of-bounds Read

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20676

The recent updates in iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have resolved user tracking issues through Safari web extensions by enhancing state management.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20677

A race condition in multiple Apple operating systems was resolved, which could have allowed shortcuts to bypass sandbox restrictions.

9.0 (Critical)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20678

An authorization issue allowing potential access to sensitive user data has been resolved in iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 through improved state management.

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20680

Recent updates in macOS Tahoe 26.3 and iOS 18.7.5 have introduced additional restrictions to prevent sandboxed apps from accessing sensitive user data.

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20682

A logic issue in iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 was resolved, which previously allowed unauthorized access to deleted user notes.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

CVE-2026-20700

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer

Affected products

Known affected 2 products

Product	Identifier	Version	Remediation
vers:unknown/* Apple / iOS		vers:unknown/*
vers:unknown/* Apple / iPadOS		vers:unknown/*

References

55 references

URL	Category
https://support.apple.com/en-us/126346	external
https://support.apple.com/en-us/126347	external
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self
https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE"
      }
    },
    "lang": "nl",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "The Netherlands Cyber Security Center (henceforth: NCSC-NL) maintains this page to enhance access to its information and security advisories. The use of this security advisory is subject to the following terms and conditions:\n\n    NCSC-NL makes every reasonable effort to ensure that the content of this page is kept up to date, and that it is accurate and complete. Nevertheless, NCSC-NL cannot entirely rule out the possibility of errors, and therefore cannot give any warranty in respect of its completeness, accuracy or continuous keeping up-to-date. The information contained in this security advisory is intended solely for the purpose of providing general information to professional users. No rights can be derived from the information provided therein.\n\n    NCSC-NL and the Kingdom of the Netherlands assume no legal liability or responsibility for any damage resulting from either the use or inability of use of this security advisory. This includes damage resulting from the inaccuracy of incompleteness of the information contained in the advisory.\n    This security advisory is subject to Dutch law. All disputes related to or arising from the use of this advisory will be submitted to the competent court in The Hague. This choice of means also applies to the court in summary proceedings."
      },
      {
        "category": "description",
        "text": "Apple heeft kwetsbaarheden verholpen in iOS en iPadOS.",
        "title": "Feiten"
      },
      {
        "category": "description",
        "text": "De kwetsbaarheden omvatten verschillende problemen zoals geheugenbeschadiging, bufferoverloop, en gebruik na vrijgave, die konden leiden tot ongeautoriseerde toegang tot gevoelige gegevens, onverwachte procescrashes en andere stabiliteitsproblemen. De kwetsbaarheden werden voornamelijk veroorzaakt door inadequate invoervalidatie en kwetsbaarheden in de verwerking van schadelijke inhoud. De updates zijn gericht op het verbeteren van de beveiliging en stabiliteit van de betrokken besturingssystemen.\n\nApple meldt dat zij een rapport hebben ontvangen dat de kwetsbaarheid met kenmerk CVE-2026-20700 mogelijk is misbruikt bij een zeer gerichte aanval, waarbij een iOS device met versienummer v\u00f3\u00f3r 26 het slachtoffer is. Meer detailinformatie is niet vrijgegeven. De kwetsbaarheid stelt een kwaadwillende in staat om willekeurige code uit te voeren. Voor succesvol misbruik moet de kwaadwillende voorafgaande rechten hebben om geheugen te mogen beschrijven.",
        "title": "Interpretaties"
      },
      {
        "category": "description",
        "text": "Apple heeft updates uitgebracht om de kwetsbaarheden te verhelpen. Zie bijgevoegde referenties voor meer informatie.",
        "title": "Oplossingen"
      },
      {
        "category": "general",
        "text": "medium",
        "title": "Kans"
      },
      {
        "category": "general",
        "text": "high",
        "title": "Schade"
      },
      {
        "category": "general",
        "text": "Improper Input Validation",
        "title": "CWE-20"
      },
      {
        "category": "general",
        "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
        "title": "CWE-119"
      },
      {
        "category": "general",
        "text": "Use After Free",
        "title": "CWE-416"
      },
      {
        "category": "general",
        "text": "Allocation of Resources Without Limits or Throttling",
        "title": "CWE-770"
      },
      {
        "category": "general",
        "text": "Out-of-bounds Write",
        "title": "CWE-787"
      },
      {
        "category": "general",
        "text": "Use of Out-of-range Pointer Offset",
        "title": "CWE-823"
      },
      {
        "category": "general",
        "text": "Expired Pointer Dereference",
        "title": "CWE-825"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "cert@ncsc.nl",
      "name": "Nationaal Cyber Security Centrum",
      "namespace": "https://www.ncsc.nl/"
    },
    "references": [
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://support.apple.com/en-us/126346"
      },
      {
        "category": "external",
        "summary": "Reference",
        "url": "https://support.apple.com/en-us/126347"
      }
    ],
    "title": "Kwetsbaarheden verholpen in Apple iOS en iPadOS",
    "tracking": {
      "current_release_date": "2026-02-13T13:35:03.870920Z",
      "generator": {
        "date": "2025-08-04T16:30:00Z",
        "engine": {
          "name": "V.A.",
          "version": "1.3"
        }
      },
      "id": "NCSC-2026-0064",
      "initial_release_date": "2026-02-13T13:35:03.870920Z",
      "revision_history": [
        {
          "date": "2026-02-13T13:35:03.870920Z",
          "number": "1.0.0",
          "summary": "Initiele versie"
        }
      ],
      "status": "final",
      "version": "1.0.0"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-1"
                }
              }
            ],
            "category": "product_name",
            "name": "iOS"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "vers:unknown/*",
                "product": {
                  "name": "vers:unknown/*",
                  "product_id": "CSAFPID-2"
                }
              }
            ],
            "category": "product_name",
            "name": "iPadOS"
          }
        ],
        "category": "vendor",
        "name": "Apple"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-14174",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "other",
          "text": "Use of Out-of-range Pointer Offset",
          "title": "CWE-823"
        },
        {
          "category": "description",
          "text": "The webkit2gtk3 update to version 2.50.4 addresses multiple security vulnerabilities, including memory corruption and buffer overflow, while a high-severity out of bounds memory access vulnerability in ANGLE affects Google Chrome and other Chromium-based browsers.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/AU:N/R:U/V:D/RE:M/U:Amber",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-14174 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-14174.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2025-14174"
    },
    {
      "cve": "CVE-2025-43529",
      "cwe": {
        "id": "CWE-416",
        "name": "Use After Free"
      },
      "notes": [
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "other",
          "text": "Expired Pointer Dereference",
          "title": "CWE-825"
        },
        {
          "category": "description",
          "text": "The webkit2gtk3 update to version 2.50.4 addresses multiple security vulnerabilities, including use-after-free and memory corruption issues, potentially allowing arbitrary code execution through malicious web content.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43529 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43529.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2025-43529"
    },
    {
      "cve": "CVE-2025-43533",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "description",
          "text": "Apple addressed multiple memory corruption vulnerabilities across its operating systems, including watchOS, iOS, iPadOS, macOS, visionOS, and tvOS, through improved input validation and enhanced bounds checks to prevent crashes from malicious HID devices.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43533 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43533.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.5,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2025-43533"
    },
    {
      "cve": "CVE-2025-43537",
      "notes": [
        {
          "category": "description",
          "text": "iOS 18.7.5 and iPadOS 18.7.5 addressed a path handling vulnerability that could allow malicious backup files to alter protected system files.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-43537 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-43537.json"
        }
      ],
      "title": "CVE-2025-43537"
    },
    {
      "cve": "CVE-2025-46300",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46300 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46300.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2025-46300"
    },
    {
      "cve": "CVE-2025-46301",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46301 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46301.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2025-46301"
    },
    {
      "cve": "CVE-2025-46302",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46302 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46302.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2025-46302"
    },
    {
      "cve": "CVE-2025-46303",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46303 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46303.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2025-46303"
    },
    {
      "cve": "CVE-2025-46304",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46304 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46304.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2025-46304"
    },
    {
      "cve": "CVE-2025-46305",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4, iOS 18.7.5, iPadOS 18.7.5, and macOS Sonoma 14.8.4 have addressed unexpected process crashes caused by malicious HID devices through enhanced bounds checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-46305 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-46305.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2025-46305"
    },
    {
      "cve": "CVE-2025-59375",
      "cwe": {
        "id": "CWE-770",
        "name": "Allocation of Resources Without Limits or Throttling"
      },
      "notes": [
        {
          "category": "other",
          "text": "Allocation of Resources Without Limits or Throttling",
          "title": "CWE-770"
        },
        {
          "category": "description",
          "text": "Multiple vulnerabilities, including memory amplification in libexpat and denial-of-service issues in Oracle Communications Network Analytics and Apple Software, expose systems to potential disruptions without enabling arbitrary code execution.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2025-59375 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2025/cve-2025-59375.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2025-59375"
    },
    {
      "cve": "CVE-2026-20605",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "Recent updates in macOS Sequoia 15.7.4 and iOS 18.7.5 have resolved a memory handling issue that could cause an app to crash a system process.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20605 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20605.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20605"
    },
    {
      "cve": "CVE-2026-20606",
      "cwe": {
        "id": "CWE-200",
        "name": "Exposure of Sensitive Information to an Unauthorized Actor"
      },
      "notes": [
        {
          "category": "other",
          "text": "Exposure of Sensitive Information to an Unauthorized Actor",
          "title": "CWE-200"
        },
        {
          "category": "description",
          "text": "The vulnerability allowing apps to bypass Privacy preferences in macOS and iOS has been addressed by removing the problematic code across various versions.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20606 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20606.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20606"
    },
    {
      "cve": "CVE-2026-20608",
      "notes": [
        {
          "category": "description",
          "text": "Recent updates in several operating systems and Safari have addressed unexpected process crashes caused by maliciously crafted web content through enhanced state management.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20608 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20608.json"
        }
      ],
      "title": "CVE-2026-20608"
    },
    {
      "cve": "CVE-2026-20609",
      "notes": [
        {
          "category": "description",
          "text": "Various operating systems have addressed improved memory handling to mitigate risks of denial-of-service and memory content disclosure from processing malicious files.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20609 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20609.json"
        }
      ],
      "title": "CVE-2026-20609"
    },
    {
      "cve": "CVE-2026-20611",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "An out-of-bounds access vulnerability affecting various Apple operating systems was resolved, which could lead to app termination or memory corruption when handling malicious media files.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20611 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20611.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20611"
    },
    {
      "cve": "CVE-2026-20615",
      "notes": [
        {
          "category": "description",
          "text": "A path handling vulnerability allowing apps to gain root privileges has been resolved in iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, macOS Sonoma 14.8.4, and visionOS 26.3 through enhanced validation measures.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20615 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20615.json"
        }
      ],
      "title": "CVE-2026-20615"
    },
    {
      "cve": "CVE-2026-20616",
      "notes": [
        {
          "category": "description",
          "text": "An out-of-bounds write vulnerability in various Apple operating systems has been resolved through enhanced bounds checking, preventing unexpected app terminations when handling malicious USD files.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20616 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20616.json"
        }
      ],
      "title": "CVE-2026-20616"
    },
    {
      "cve": "CVE-2026-20617",
      "notes": [
        {
          "category": "description",
          "text": "A race condition affecting multiple Apple operating systems, including watchOS, tvOS, macOS, visionOS, iOS, and iPadOS, was fixed, which could have allowed apps to gain root privileges due to improved state handling.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20617 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20617.json"
        }
      ],
      "title": "CVE-2026-20617"
    },
    {
      "cve": "CVE-2026-20621",
      "notes": [
        {
          "category": "description",
          "text": "Recent updates to macOS and iOS have resolved issues related to memory handling that could cause unexpected system termination or kernel memory corruption.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20621 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20621.json"
        }
      ],
      "title": "CVE-2026-20621"
    },
    {
      "cve": "CVE-2026-20626",
      "cwe": {
        "id": "CWE-862",
        "name": "Missing Authorization"
      },
      "notes": [
        {
          "category": "other",
          "text": "Missing Authorization",
          "title": "CWE-862"
        },
        {
          "category": "description",
          "text": "macOS Sequoia 15.7.4, iOS 26.3, iPadOS 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed the issue of malicious apps gaining root privileges through enhanced checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20626 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20626.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20626"
    },
    {
      "cve": "CVE-2026-20627",
      "cwe": {
        "id": "CWE-20",
        "name": "Improper Input Validation"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Input Validation",
          "title": "CWE-20"
        },
        {
          "category": "description",
          "text": "Recent updates in watchOS 26.3 and iOS 26.3 have resolved an issue with environment variable handling that could allow unauthorized access to sensitive user data through improved validation.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20627 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20627.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20627"
    },
    {
      "cve": "CVE-2026-20628",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "description",
          "text": "A permissions vulnerability that could allow an application to escape its sandbox has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20628 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20628.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20628"
    },
    {
      "cve": "CVE-2026-20634",
      "notes": [
        {
          "category": "description",
          "text": "Recent updates to watchOS, tvOS, macOS, iOS, and iPadOS have addressed memory handling vulnerabilities that could lead to process memory disclosure when processing maliciously crafted images.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20634 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20634.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20634"
    },
    {
      "cve": "CVE-2026-20635",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "Recent updates have enhanced memory handling and state management across various operating systems, effectively reducing the risk of unexpected process crashes from malicious web content.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20635 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20635.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20635"
    },
    {
      "cve": "CVE-2026-20636",
      "notes": [
        {
          "category": "description",
          "text": "iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have addressed unexpected process crashes due to malicious web content through enhanced memory handling.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20636 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20636.json"
        }
      ],
      "title": "CVE-2026-20636"
    },
    {
      "cve": "CVE-2026-20638",
      "cwe": {
        "id": "CWE-284",
        "name": "Improper Access Control"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Access Control",
          "title": "CWE-284"
        },
        {
          "category": "description",
          "text": "A logic issue that could expose identifying information for users with Live Caller ID app extensions disabled has been resolved in iOS 26.3 and iPadOS 26.3.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20638 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20638.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20638"
    },
    {
      "cve": "CVE-2026-20640",
      "notes": [
        {
          "category": "description",
          "text": "iOS 26.3 and iPadOS 26.3 addressed an inconsistent user interface issue that could allow an attacker with physical access to capture sensitive data during iPhone Mirroring with Mac.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20640 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20640.json"
        }
      ],
      "title": "CVE-2026-20640"
    },
    {
      "cve": "CVE-2026-20641",
      "notes": [
        {
          "category": "description",
          "text": "A privacy vulnerability that enabled applications to detect other installed apps has been resolved across multiple operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20641 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20641.json"
        }
      ],
      "title": "CVE-2026-20641"
    },
    {
      "cve": "CVE-2026-20642",
      "notes": [
        {
          "category": "description",
          "text": "An input validation vulnerability in iOS 26.3 and iPadOS 26.3 allowed physical access to an iOS device to potentially enable unauthorized access to photos from the lock screen, which has now been addressed.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20642 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20642.json"
        }
      ],
      "title": "CVE-2026-20642"
    },
    {
      "cve": "CVE-2026-20644",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "other",
          "text": "Use After Free",
          "title": "CWE-416"
        },
        {
          "category": "other",
          "text": "Out-of-bounds Write",
          "title": "CWE-787"
        },
        {
          "category": "description",
          "text": "Apple has addressed the issue of unexpected process crashes caused by malicious web content through enhanced memory handling in its operating systems and Safari version 26.3.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20644 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20644.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20644"
    },
    {
      "cve": "CVE-2026-20645",
      "cwe": {
        "id": "CWE-1021",
        "name": "Improper Restriction of Rendered UI Layers or Frames"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Rendered UI Layers or Frames",
          "title": "CWE-1021"
        },
        {
          "category": "description",
          "text": "An inconsistent user interface issue in iOS 26.3 and iPadOS 18.7.5 was resolved, which could have allowed an attacker with physical access to a locked device to view sensitive user information.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20645 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20645.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20645"
    },
    {
      "cve": "CVE-2026-20649",
      "notes": [
        {
          "category": "description",
          "text": "A logging issue allowing potential exposure of sensitive information has been resolved through enhanced data redaction in watchOS 26.3, iOS 26.3, iPadOS 26.3, tvOS 26.3, and macOS Tahoe 26.3.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20649 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20649.json"
        }
      ],
      "title": "CVE-2026-20649"
    },
    {
      "cve": "CVE-2026-20650",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "description",
          "text": "A denial-of-service vulnerability in Bluetooth packets has been addressed across multiple Apple operating systems, including iOS and macOS, allowing potential exploitation by attackers in privileged network positions.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20650 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20650.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20650"
    },
    {
      "cve": "CVE-2026-20652",
      "cwe": {
        "id": "CWE-400",
        "name": "Uncontrolled Resource Consumption"
      },
      "notes": [
        {
          "category": "other",
          "text": "Uncontrolled Resource Consumption",
          "title": "CWE-400"
        },
        {
          "category": "description",
          "text": "Recent updates to macOS, iOS, iPadOS, visionOS, and Safari have addressed a vulnerability related to improved memory handling that could enable remote attackers to execute denial-of-service attacks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20652 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20652.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20652"
    },
    {
      "cve": "CVE-2026-20653",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
          "title": "CWE-22"
        },
        {
          "category": "description",
          "text": "A parsing issue in directory path handling was resolved, enhancing path validation to prevent unauthorized access to sensitive user data across multiple macOS and iOS versions.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20653 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20653.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20653"
    },
    {
      "cve": "CVE-2026-20654",
      "notes": [
        {
          "category": "description",
          "text": "The unexpected system termination issue caused by app behavior has been resolved through enhanced memory management in operating systems including watchOS, tvOS, macOS, visionOS, iOS, and iPadOS, all updated to version 26.3.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20654 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20654.json"
        }
      ],
      "title": "CVE-2026-20654"
    },
    {
      "cve": "CVE-2026-20655",
      "notes": [
        {
          "category": "description",
          "text": "An authorization issue affecting iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 has been resolved, which previously allowed physical access to a locked device to expose sensitive user information.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20655 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20655.json"
        }
      ],
      "title": "CVE-2026-20655"
    },
    {
      "cve": "CVE-2026-20656",
      "notes": [
        {
          "category": "description",
          "text": "A logic issue allowing app access to user Safari history has been resolved in iOS 18.7.5, iPadOS 18.7.5, Safari 26.3, and macOS Tahoe 26.3 through enhanced validation measures.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20656 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20656.json"
        }
      ],
      "title": "CVE-2026-20656"
    },
    {
      "cve": "CVE-2026-20660",
      "notes": [
        {
          "category": "description",
          "text": "A path handling vulnerability in several Apple operating systems and Safari versions has been addressed, which previously allowed remote users to write arbitrary files.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20660 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20660.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20660"
    },
    {
      "cve": "CVE-2026-20661",
      "notes": [
        {
          "category": "description",
          "text": "An authorization issue affecting iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 has been resolved, which previously allowed physical access to a locked device to expose sensitive user information.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20661 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20661.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20661"
    },
    {
      "cve": "CVE-2026-20663",
      "cwe": {
        "id": "CWE-532",
        "name": "Insertion of Sensitive Information into Log File"
      },
      "notes": [
        {
          "category": "other",
          "text": "Insertion of Sensitive Information into Log File",
          "title": "CWE-532"
        },
        {
          "category": "description",
          "text": "The issue of app enumeration of installed applications was addressed in iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 through the implementation of sanitized logging.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20663 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20663.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20663"
    },
    {
      "cve": "CVE-2026-20667",
      "notes": [
        {
          "category": "description",
          "text": "A logic issue that could allow an app to escape its sandbox has been resolved in multiple OS updates, including watchOS 26.3 and iOS 26.3.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20667 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20667.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20667"
    },
    {
      "cve": "CVE-2026-20671",
      "notes": [
        {
          "category": "description",
          "text": "A logic issue allowing network traffic interception by an attacker in a privileged position has been resolved across multiple Apple operating systems, including watchOS, tvOS, macOS, iOS, and visionOS.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20671 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20671.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.1,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20671"
    },
    {
      "cve": "CVE-2026-20673",
      "notes": [
        {
          "category": "description",
          "text": "A logic issue was resolved in multiple macOS and iOS versions, with a note that disabling \u0027Load remote content in messages\u0027 may not influence all mail previews.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20673 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20673.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20673"
    },
    {
      "cve": "CVE-2026-20674",
      "notes": [
        {
          "category": "description",
          "text": "iOS 26.3 and iPadOS 26.3 resolved a privacy issue by eliminating sensitive data that could be accessed by an attacker with physical access to a locked device.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20674 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20674.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20674"
    },
    {
      "cve": "CVE-2026-20675",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "notes": [
        {
          "category": "other",
          "text": "Out-of-bounds Read",
          "title": "CWE-125"
        },
        {
          "category": "description",
          "text": "Recent updates across various operating systems, including watchOS, tvOS, macOS, iOS, and iPadOS, have addressed user information disclosure vulnerabilities related to malicious image processing through enhanced bounds checks.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20675 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20675.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20675"
    },
    {
      "cve": "CVE-2026-20676",
      "notes": [
        {
          "category": "description",
          "text": "The recent updates in iOS 26.3, iPadOS 26.3, Safari 26.3, macOS Tahoe 26.3, and visionOS 26.3 have resolved user tracking issues through Safari web extensions by enhancing state management.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20676 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20676.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20676"
    },
    {
      "cve": "CVE-2026-20677",
      "cwe": {
        "id": "CWE-362",
        "name": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
      },
      "notes": [
        {
          "category": "other",
          "text": "Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)",
          "title": "CWE-362"
        },
        {
          "category": "description",
          "text": "A race condition in multiple Apple operating systems was resolved, which could have allowed shortcuts to bypass sandbox restrictions.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20677 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20677.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.0,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20677"
    },
    {
      "cve": "CVE-2026-20678",
      "notes": [
        {
          "category": "description",
          "text": "An authorization issue allowing potential access to sensitive user data has been resolved in iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 through improved state management.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20678 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20678.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20678"
    },
    {
      "cve": "CVE-2026-20680",
      "notes": [
        {
          "category": "description",
          "text": "Recent updates in macOS Tahoe 26.3 and iOS 18.7.5 have introduced additional restrictions to prevent sandboxed apps from accessing sensitive user data.",
          "title": "Summary"
        },
        {
          "category": "general",
          "text": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
          "title": "CVSSV4"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20680 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20680.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20680"
    },
    {
      "cve": "CVE-2026-20682",
      "notes": [
        {
          "category": "description",
          "text": "A logic issue in iOS 26.3, iPadOS 26.3, iOS 18.7.5, and iPadOS 18.7.5 was resolved, which previously allowed unauthorized access to deleted user notes.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20682 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20682.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20682"
    },
    {
      "cve": "CVE-2026-20700",
      "cwe": {
        "id": "CWE-119",
        "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
      },
      "notes": [
        {
          "category": "other",
          "text": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
          "title": "CWE-119"
        },
        {
          "category": "description",
          "text": "Multiple Apple operating systems have been affected by memory corruption vulnerabilities that could allow arbitrary code execution, with fixes implemented in version 26.3 and reports of exploitation in earlier iOS versions.",
          "title": "Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-1",
          "CSAFPID-2"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2026-20700 | NCSC-NL Website",
          "url": "https://vulnerabilities.ncsc.nl/csaf/v2/2026/cve-2026-20700.json"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "CSAFPID-1",
            "CSAFPID-2"
          ]
        }
      ],
      "title": "CVE-2026-20700"
    }
  ]
}

OPENSUSE-SU-2025-20055-1

Vulnerability from csaf_opensuse - Published: 2025-11-19 09:37 - Updated: 2025-11-19 09:37

Summary

Security update for expat

Severity

Important

Notes

Title of the patch: Security update for expat

Description of the patch: This update for expat fixes the following issues: - CVE-2025-59375: Fixed large dynamic memory allocations via a small document submitted for parsing (bsc#1249584)

Patchnames: openSUSE-Leap-16.0-29

CVE-2025-59375

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:expat-2.7.1-160000.3.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:expat-2.7.1-160000.3.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:expat-2.7.1-160000.3.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:expat-2.7.1-160000.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.x86_64	—	Vendor Fix

Threats

Impact important

References

6 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://bugzilla.suse.com/1249584	self
https://www.suse.com/security/cve/CVE-2025-59375/	self
https://www.suse.com/security/cve/CVE-2025-59375	external
https://bugzilla.suse.com/1249584	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for expat",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for expat fixes the following issues:\n\n- CVE-2025-59375: Fixed large dynamic memory allocations via a small document submitted for parsing (bsc#1249584)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Leap-16.0-29",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025-20055-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1249584",
        "url": "https://bugzilla.suse.com/1249584"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-59375 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-59375/"
      }
    ],
    "title": "Security update for expat",
    "tracking": {
      "current_release_date": "2025-11-19T09:37:50Z",
      "generator": {
        "date": "2025-11-19T09:37:50Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2025-20055-1",
      "initial_release_date": "2025-11-19T09:37:50Z",
      "revision_history": [
        {
          "date": "2025-11-19T09:37:50Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-2.7.1-160000.3.1.aarch64",
                "product": {
                  "name": "expat-2.7.1-160000.3.1.aarch64",
                  "product_id": "expat-2.7.1-160000.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat-devel-2.7.1-160000.3.1.aarch64",
                "product": {
                  "name": "libexpat-devel-2.7.1-160000.3.1.aarch64",
                  "product_id": "libexpat-devel-2.7.1-160000.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat1-2.7.1-160000.3.1.aarch64",
                "product": {
                  "name": "libexpat1-2.7.1-160000.3.1.aarch64",
                  "product_id": "libexpat1-2.7.1-160000.3.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-2.7.1-160000.3.1.ppc64le",
                "product": {
                  "name": "expat-2.7.1-160000.3.1.ppc64le",
                  "product_id": "expat-2.7.1-160000.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat-devel-2.7.1-160000.3.1.ppc64le",
                "product": {
                  "name": "libexpat-devel-2.7.1-160000.3.1.ppc64le",
                  "product_id": "libexpat-devel-2.7.1-160000.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat1-2.7.1-160000.3.1.ppc64le",
                "product": {
                  "name": "libexpat1-2.7.1-160000.3.1.ppc64le",
                  "product_id": "libexpat1-2.7.1-160000.3.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-2.7.1-160000.3.1.s390x",
                "product": {
                  "name": "expat-2.7.1-160000.3.1.s390x",
                  "product_id": "expat-2.7.1-160000.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat-devel-2.7.1-160000.3.1.s390x",
                "product": {
                  "name": "libexpat-devel-2.7.1-160000.3.1.s390x",
                  "product_id": "libexpat-devel-2.7.1-160000.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat1-2.7.1-160000.3.1.s390x",
                "product": {
                  "name": "libexpat1-2.7.1-160000.3.1.s390x",
                  "product_id": "libexpat1-2.7.1-160000.3.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-2.7.1-160000.3.1.x86_64",
                "product": {
                  "name": "expat-2.7.1-160000.3.1.x86_64",
                  "product_id": "expat-2.7.1-160000.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat-devel-2.7.1-160000.3.1.x86_64",
                "product": {
                  "name": "libexpat-devel-2.7.1-160000.3.1.x86_64",
                  "product_id": "libexpat-devel-2.7.1-160000.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat1-2.7.1-160000.3.1.x86_64",
                "product": {
                  "name": "libexpat1-2.7.1-160000.3.1.x86_64",
                  "product_id": "libexpat1-2.7.1-160000.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 16.0",
                "product": {
                  "name": "openSUSE Leap 16.0",
                  "product_id": "openSUSE Leap 16.0"
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-2.7.1-160000.3.1.aarch64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.aarch64"
        },
        "product_reference": "expat-2.7.1-160000.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-2.7.1-160000.3.1.ppc64le as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.ppc64le"
        },
        "product_reference": "expat-2.7.1-160000.3.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-2.7.1-160000.3.1.s390x as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.s390x"
        },
        "product_reference": "expat-2.7.1-160000.3.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-2.7.1-160000.3.1.x86_64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.x86_64"
        },
        "product_reference": "expat-2.7.1-160000.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat-devel-2.7.1-160000.3.1.aarch64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.aarch64"
        },
        "product_reference": "libexpat-devel-2.7.1-160000.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat-devel-2.7.1-160000.3.1.ppc64le as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.ppc64le"
        },
        "product_reference": "libexpat-devel-2.7.1-160000.3.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat-devel-2.7.1-160000.3.1.s390x as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.s390x"
        },
        "product_reference": "libexpat-devel-2.7.1-160000.3.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat-devel-2.7.1-160000.3.1.x86_64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.x86_64"
        },
        "product_reference": "libexpat-devel-2.7.1-160000.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat1-2.7.1-160000.3.1.aarch64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.aarch64"
        },
        "product_reference": "libexpat1-2.7.1-160000.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat1-2.7.1-160000.3.1.ppc64le as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.ppc64le"
        },
        "product_reference": "libexpat1-2.7.1-160000.3.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat1-2.7.1-160000.3.1.s390x as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.s390x"
        },
        "product_reference": "libexpat1-2.7.1-160000.3.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat1-2.7.1-160000.3.1.x86_64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.x86_64"
        },
        "product_reference": "libexpat1-2.7.1-160000.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-59375",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-59375"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.aarch64",
          "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.ppc64le",
          "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.s390x",
          "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.x86_64",
          "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.aarch64",
          "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.ppc64le",
          "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.s390x",
          "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.x86_64",
          "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.aarch64",
          "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.ppc64le",
          "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.s390x",
          "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-59375",
          "url": "https://www.suse.com/security/cve/CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1249584 for CVE-2025-59375",
          "url": "https://bugzilla.suse.com/1249584"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.aarch64",
            "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.ppc64le",
            "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.s390x",
            "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.x86_64",
            "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.aarch64",
            "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.ppc64le",
            "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.s390x",
            "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.x86_64",
            "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.aarch64",
            "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.ppc64le",
            "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.s390x",
            "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.aarch64",
            "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.ppc64le",
            "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.s390x",
            "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.x86_64",
            "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.aarch64",
            "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.ppc64le",
            "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.s390x",
            "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.x86_64",
            "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.aarch64",
            "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.ppc64le",
            "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.s390x",
            "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-19T09:37:50Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-59375"
    }
  ]
}

OPENSUSE-SU-2025:15573-1

Vulnerability from csaf_opensuse - Published: 2025-09-23 00:00 - Updated: 2025-09-23 00:00

Summary

expat-2.7.2-1.1 on GA media

Severity

Moderate

Notes

Title of the patch: expat-2.7.2-1.1 on GA media

Description of the patch: These are all security issues fixed in the expat-2.7.2-1.1 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2025-15573

CVE-2025-59375

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 20 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:expat-2.7.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:expat-2.7.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:expat-2.7.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:expat-2.7.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexpat1-2.7.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexpat1-2.7.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexpat1-2.7.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexpat1-2.7.2-1.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.x86_64	—	Vendor Fix

Threats

Impact important

References

5 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2025-59375/	self
https://www.suse.com/security/cve/CVE-2025-59375	external
https://bugzilla.suse.com/1249584	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "expat-2.7.2-1.1 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the expat-2.7.2-1.1 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2025-15573",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_15573-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-59375 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-59375/"
      }
    ],
    "title": "expat-2.7.2-1.1 on GA media",
    "tracking": {
      "current_release_date": "2025-09-23T00:00:00Z",
      "generator": {
        "date": "2025-09-23T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2025:15573-1",
      "initial_release_date": "2025-09-23T00:00:00Z",
      "revision_history": [
        {
          "date": "2025-09-23T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-2.7.2-1.1.aarch64",
                "product": {
                  "name": "expat-2.7.2-1.1.aarch64",
                  "product_id": "expat-2.7.2-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat-devel-2.7.2-1.1.aarch64",
                "product": {
                  "name": "libexpat-devel-2.7.2-1.1.aarch64",
                  "product_id": "libexpat-devel-2.7.2-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat-devel-32bit-2.7.2-1.1.aarch64",
                "product": {
                  "name": "libexpat-devel-32bit-2.7.2-1.1.aarch64",
                  "product_id": "libexpat-devel-32bit-2.7.2-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat1-2.7.2-1.1.aarch64",
                "product": {
                  "name": "libexpat1-2.7.2-1.1.aarch64",
                  "product_id": "libexpat1-2.7.2-1.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat1-32bit-2.7.2-1.1.aarch64",
                "product": {
                  "name": "libexpat1-32bit-2.7.2-1.1.aarch64",
                  "product_id": "libexpat1-32bit-2.7.2-1.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-2.7.2-1.1.ppc64le",
                "product": {
                  "name": "expat-2.7.2-1.1.ppc64le",
                  "product_id": "expat-2.7.2-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat-devel-2.7.2-1.1.ppc64le",
                "product": {
                  "name": "libexpat-devel-2.7.2-1.1.ppc64le",
                  "product_id": "libexpat-devel-2.7.2-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat-devel-32bit-2.7.2-1.1.ppc64le",
                "product": {
                  "name": "libexpat-devel-32bit-2.7.2-1.1.ppc64le",
                  "product_id": "libexpat-devel-32bit-2.7.2-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat1-2.7.2-1.1.ppc64le",
                "product": {
                  "name": "libexpat1-2.7.2-1.1.ppc64le",
                  "product_id": "libexpat1-2.7.2-1.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat1-32bit-2.7.2-1.1.ppc64le",
                "product": {
                  "name": "libexpat1-32bit-2.7.2-1.1.ppc64le",
                  "product_id": "libexpat1-32bit-2.7.2-1.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-2.7.2-1.1.s390x",
                "product": {
                  "name": "expat-2.7.2-1.1.s390x",
                  "product_id": "expat-2.7.2-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat-devel-2.7.2-1.1.s390x",
                "product": {
                  "name": "libexpat-devel-2.7.2-1.1.s390x",
                  "product_id": "libexpat-devel-2.7.2-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat-devel-32bit-2.7.2-1.1.s390x",
                "product": {
                  "name": "libexpat-devel-32bit-2.7.2-1.1.s390x",
                  "product_id": "libexpat-devel-32bit-2.7.2-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat1-2.7.2-1.1.s390x",
                "product": {
                  "name": "libexpat1-2.7.2-1.1.s390x",
                  "product_id": "libexpat1-2.7.2-1.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat1-32bit-2.7.2-1.1.s390x",
                "product": {
                  "name": "libexpat1-32bit-2.7.2-1.1.s390x",
                  "product_id": "libexpat1-32bit-2.7.2-1.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-2.7.2-1.1.x86_64",
                "product": {
                  "name": "expat-2.7.2-1.1.x86_64",
                  "product_id": "expat-2.7.2-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat-devel-2.7.2-1.1.x86_64",
                "product": {
                  "name": "libexpat-devel-2.7.2-1.1.x86_64",
                  "product_id": "libexpat-devel-2.7.2-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat-devel-32bit-2.7.2-1.1.x86_64",
                "product": {
                  "name": "libexpat-devel-32bit-2.7.2-1.1.x86_64",
                  "product_id": "libexpat-devel-32bit-2.7.2-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat1-2.7.2-1.1.x86_64",
                "product": {
                  "name": "libexpat1-2.7.2-1.1.x86_64",
                  "product_id": "libexpat1-2.7.2-1.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat1-32bit-2.7.2-1.1.x86_64",
                "product": {
                  "name": "libexpat1-32bit-2.7.2-1.1.x86_64",
                  "product_id": "libexpat1-32bit-2.7.2-1.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-2.7.2-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:expat-2.7.2-1.1.aarch64"
        },
        "product_reference": "expat-2.7.2-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-2.7.2-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:expat-2.7.2-1.1.ppc64le"
        },
        "product_reference": "expat-2.7.2-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-2.7.2-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:expat-2.7.2-1.1.s390x"
        },
        "product_reference": "expat-2.7.2-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-2.7.2-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:expat-2.7.2-1.1.x86_64"
        },
        "product_reference": "expat-2.7.2-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat-devel-2.7.2-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.aarch64"
        },
        "product_reference": "libexpat-devel-2.7.2-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat-devel-2.7.2-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.ppc64le"
        },
        "product_reference": "libexpat-devel-2.7.2-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat-devel-2.7.2-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.s390x"
        },
        "product_reference": "libexpat-devel-2.7.2-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat-devel-2.7.2-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.x86_64"
        },
        "product_reference": "libexpat-devel-2.7.2-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat-devel-32bit-2.7.2-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.aarch64"
        },
        "product_reference": "libexpat-devel-32bit-2.7.2-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat-devel-32bit-2.7.2-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.ppc64le"
        },
        "product_reference": "libexpat-devel-32bit-2.7.2-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat-devel-32bit-2.7.2-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.s390x"
        },
        "product_reference": "libexpat-devel-32bit-2.7.2-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat-devel-32bit-2.7.2-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.x86_64"
        },
        "product_reference": "libexpat-devel-32bit-2.7.2-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat1-2.7.2-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexpat1-2.7.2-1.1.aarch64"
        },
        "product_reference": "libexpat1-2.7.2-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat1-2.7.2-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexpat1-2.7.2-1.1.ppc64le"
        },
        "product_reference": "libexpat1-2.7.2-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat1-2.7.2-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexpat1-2.7.2-1.1.s390x"
        },
        "product_reference": "libexpat1-2.7.2-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat1-2.7.2-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexpat1-2.7.2-1.1.x86_64"
        },
        "product_reference": "libexpat1-2.7.2-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat1-32bit-2.7.2-1.1.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.aarch64"
        },
        "product_reference": "libexpat1-32bit-2.7.2-1.1.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat1-32bit-2.7.2-1.1.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.ppc64le"
        },
        "product_reference": "libexpat1-32bit-2.7.2-1.1.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat1-32bit-2.7.2-1.1.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.s390x"
        },
        "product_reference": "libexpat1-32bit-2.7.2-1.1.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat1-32bit-2.7.2-1.1.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.x86_64"
        },
        "product_reference": "libexpat1-32bit-2.7.2-1.1.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-59375",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-59375"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:expat-2.7.2-1.1.aarch64",
          "openSUSE Tumbleweed:expat-2.7.2-1.1.ppc64le",
          "openSUSE Tumbleweed:expat-2.7.2-1.1.s390x",
          "openSUSE Tumbleweed:expat-2.7.2-1.1.x86_64",
          "openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.aarch64",
          "openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.ppc64le",
          "openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.s390x",
          "openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.x86_64",
          "openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.aarch64",
          "openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.ppc64le",
          "openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.s390x",
          "openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.x86_64",
          "openSUSE Tumbleweed:libexpat1-2.7.2-1.1.aarch64",
          "openSUSE Tumbleweed:libexpat1-2.7.2-1.1.ppc64le",
          "openSUSE Tumbleweed:libexpat1-2.7.2-1.1.s390x",
          "openSUSE Tumbleweed:libexpat1-2.7.2-1.1.x86_64",
          "openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.aarch64",
          "openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.ppc64le",
          "openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.s390x",
          "openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-59375",
          "url": "https://www.suse.com/security/cve/CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1249584 for CVE-2025-59375",
          "url": "https://bugzilla.suse.com/1249584"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:expat-2.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:expat-2.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:expat-2.7.2-1.1.s390x",
            "openSUSE Tumbleweed:expat-2.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.s390x",
            "openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.s390x",
            "openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:libexpat1-2.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:libexpat1-2.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:libexpat1-2.7.2-1.1.s390x",
            "openSUSE Tumbleweed:libexpat1-2.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.s390x",
            "openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:expat-2.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:expat-2.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:expat-2.7.2-1.1.s390x",
            "openSUSE Tumbleweed:expat-2.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.s390x",
            "openSUSE Tumbleweed:libexpat-devel-2.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.s390x",
            "openSUSE Tumbleweed:libexpat-devel-32bit-2.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:libexpat1-2.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:libexpat1-2.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:libexpat1-2.7.2-1.1.s390x",
            "openSUSE Tumbleweed:libexpat1-2.7.2-1.1.x86_64",
            "openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.aarch64",
            "openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.ppc64le",
            "openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.s390x",
            "openSUSE Tumbleweed:libexpat1-32bit-2.7.2-1.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-09-23T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-59375"
    }
  ]
}

OPENSUSE-SU-2025:20055-1

Vulnerability from csaf_opensuse - Published: 2025-11-19 09:37 - Updated: 2025-11-19 09:37

Summary

Security update for expat

Severity

Important

Notes

Title of the patch: Security update for expat

Description of the patch: This update for expat fixes the following issues: - CVE-2025-59375: Fixed large dynamic memory allocations via a small document submitted for parsing (bsc#1249584)

Patchnames: openSUSE-Leap-16.0-29

CVE-2025-59375

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 12 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 16.0:expat-2.7.1-160000.3.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:expat-2.7.1-160000.3.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:expat-2.7.1-160000.3.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:expat-2.7.1-160000.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.x86_64	—	Vendor Fix

Threats

Impact important

References

6 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://bugzilla.suse.com/1249584	self
https://www.suse.com/security/cve/CVE-2025-59375/	self
https://www.suse.com/security/cve/CVE-2025-59375	external
https://bugzilla.suse.com/1249584	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for expat",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for expat fixes the following issues:\n\n- CVE-2025-59375: Fixed large dynamic memory allocations via a small document submitted for parsing (bsc#1249584)\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Leap-16.0-29",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2025_20055-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1249584",
        "url": "https://bugzilla.suse.com/1249584"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2025-59375 page",
        "url": "https://www.suse.com/security/cve/CVE-2025-59375/"
      }
    ],
    "title": "Security update for expat",
    "tracking": {
      "current_release_date": "2025-11-19T09:37:50Z",
      "generator": {
        "date": "2025-11-19T09:37:50Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2025:20055-1",
      "initial_release_date": "2025-11-19T09:37:50Z",
      "revision_history": [
        {
          "date": "2025-11-19T09:37:50Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-2.7.1-160000.3.1.aarch64",
                "product": {
                  "name": "expat-2.7.1-160000.3.1.aarch64",
                  "product_id": "expat-2.7.1-160000.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat-devel-2.7.1-160000.3.1.aarch64",
                "product": {
                  "name": "libexpat-devel-2.7.1-160000.3.1.aarch64",
                  "product_id": "libexpat-devel-2.7.1-160000.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat1-2.7.1-160000.3.1.aarch64",
                "product": {
                  "name": "libexpat1-2.7.1-160000.3.1.aarch64",
                  "product_id": "libexpat1-2.7.1-160000.3.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-2.7.1-160000.3.1.ppc64le",
                "product": {
                  "name": "expat-2.7.1-160000.3.1.ppc64le",
                  "product_id": "expat-2.7.1-160000.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat-devel-2.7.1-160000.3.1.ppc64le",
                "product": {
                  "name": "libexpat-devel-2.7.1-160000.3.1.ppc64le",
                  "product_id": "libexpat-devel-2.7.1-160000.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat1-2.7.1-160000.3.1.ppc64le",
                "product": {
                  "name": "libexpat1-2.7.1-160000.3.1.ppc64le",
                  "product_id": "libexpat1-2.7.1-160000.3.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-2.7.1-160000.3.1.s390x",
                "product": {
                  "name": "expat-2.7.1-160000.3.1.s390x",
                  "product_id": "expat-2.7.1-160000.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat-devel-2.7.1-160000.3.1.s390x",
                "product": {
                  "name": "libexpat-devel-2.7.1-160000.3.1.s390x",
                  "product_id": "libexpat-devel-2.7.1-160000.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat1-2.7.1-160000.3.1.s390x",
                "product": {
                  "name": "libexpat1-2.7.1-160000.3.1.s390x",
                  "product_id": "libexpat1-2.7.1-160000.3.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "expat-2.7.1-160000.3.1.x86_64",
                "product": {
                  "name": "expat-2.7.1-160000.3.1.x86_64",
                  "product_id": "expat-2.7.1-160000.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat-devel-2.7.1-160000.3.1.x86_64",
                "product": {
                  "name": "libexpat-devel-2.7.1-160000.3.1.x86_64",
                  "product_id": "libexpat-devel-2.7.1-160000.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libexpat1-2.7.1-160000.3.1.x86_64",
                "product": {
                  "name": "libexpat1-2.7.1-160000.3.1.x86_64",
                  "product_id": "libexpat1-2.7.1-160000.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 16.0",
                "product": {
                  "name": "openSUSE Leap 16.0",
                  "product_id": "openSUSE Leap 16.0"
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-2.7.1-160000.3.1.aarch64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.aarch64"
        },
        "product_reference": "expat-2.7.1-160000.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-2.7.1-160000.3.1.ppc64le as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.ppc64le"
        },
        "product_reference": "expat-2.7.1-160000.3.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-2.7.1-160000.3.1.s390x as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.s390x"
        },
        "product_reference": "expat-2.7.1-160000.3.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "expat-2.7.1-160000.3.1.x86_64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.x86_64"
        },
        "product_reference": "expat-2.7.1-160000.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat-devel-2.7.1-160000.3.1.aarch64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.aarch64"
        },
        "product_reference": "libexpat-devel-2.7.1-160000.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat-devel-2.7.1-160000.3.1.ppc64le as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.ppc64le"
        },
        "product_reference": "libexpat-devel-2.7.1-160000.3.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat-devel-2.7.1-160000.3.1.s390x as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.s390x"
        },
        "product_reference": "libexpat-devel-2.7.1-160000.3.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat-devel-2.7.1-160000.3.1.x86_64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.x86_64"
        },
        "product_reference": "libexpat-devel-2.7.1-160000.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat1-2.7.1-160000.3.1.aarch64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.aarch64"
        },
        "product_reference": "libexpat1-2.7.1-160000.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat1-2.7.1-160000.3.1.ppc64le as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.ppc64le"
        },
        "product_reference": "libexpat1-2.7.1-160000.3.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat1-2.7.1-160000.3.1.s390x as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.s390x"
        },
        "product_reference": "libexpat1-2.7.1-160000.3.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libexpat1-2.7.1-160000.3.1.x86_64 as component of openSUSE Leap 16.0",
          "product_id": "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.x86_64"
        },
        "product_reference": "libexpat1-2.7.1-160000.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 16.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2025-59375",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2025-59375"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.aarch64",
          "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.ppc64le",
          "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.s390x",
          "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.x86_64",
          "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.aarch64",
          "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.ppc64le",
          "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.s390x",
          "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.x86_64",
          "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.aarch64",
          "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.ppc64le",
          "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.s390x",
          "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2025-59375",
          "url": "https://www.suse.com/security/cve/CVE-2025-59375"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1249584 for CVE-2025-59375",
          "url": "https://bugzilla.suse.com/1249584"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.aarch64",
            "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.ppc64le",
            "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.s390x",
            "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.x86_64",
            "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.aarch64",
            "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.ppc64le",
            "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.s390x",
            "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.x86_64",
            "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.aarch64",
            "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.ppc64le",
            "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.s390x",
            "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.aarch64",
            "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.ppc64le",
            "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.s390x",
            "openSUSE Leap 16.0:expat-2.7.1-160000.3.1.x86_64",
            "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.aarch64",
            "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.ppc64le",
            "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.s390x",
            "openSUSE Leap 16.0:libexpat-devel-2.7.1-160000.3.1.x86_64",
            "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.aarch64",
            "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.ppc64le",
            "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.s390x",
            "openSUSE Leap 16.0:libexpat1-2.7.1-160000.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2025-11-19T09:37:50Z",
          "details": "important"
        }
      ],
      "title": "CVE-2025-59375"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2025-59375 (GCVE-0-2025-59375)

Tags

Sightings

Nomenclature