Cyber Resilience

← All vendors

Oracle

CPE vendor key: oracle · 679 CVEs published in the last 24 months.

CVEs (365 d)
359
▼ -79 vs prior 30d
Avg CVSS (365 d)
6.21
over 359 CVEs
Avg EPSS pct (365 d)
0.20
higher = more likely exploited
KEV hit rate (365 d)
1.1%
4 of 359 added to CISA KEV
LLM-credited CVEs
0
 

Monthly CVE volume — last 24 months

2024202520260101
Each point is one calendar month. Bars in the severity card to the right slice the same volume by CVSS band.

Severity mix

CritHighMedLow
Stacked by CVSS band (Critical / High / Medium / Low) using the best available metric per CVE.

Top affected products (24 mo)

mysql_server
107
mysql
78
vm_virtualbox
52
jre
39
jdk
39
graalvm_for_jdk
34
graalvm
33
e-business_suite
26
peoplesoft_enterprise_people
26
solaris
23
Distinct CVEs that include each product in their CPE configuration.

Top CWEs (24 mo)

CWE-284
144
CWE-400
114
CWE-863
61
CWE-200
35
CWE-306
32
CWE-770
27
CWE-269
23
CWE-732
21
CWE-79
16
CWE-352
14
Distinct CVEs assigned each weakness.

Recent CISA KEV adds (last 12 months)

AddedCVEProductKEV name
2026-06-12CVE-2026-35273 PeopleSoft Enterprise PeopleToolsOracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability
2026-06-01CVE-2024-21182WebLogic ServerOracle WebLogic Server Unspecified Vulnerability
2025-11-21CVE-2025-61757Fusion MiddlewareOracle Fusion Middleware Missing Authentication for Critical Function Vulnerability
2025-10-20CVE-2025-61884E-Business SuiteOracle E-Business Suite Server-Side Request Forgery (SSRF) Vulnerability
2025-10-06CVE-2025-61882E-Business SuiteOracle E-Business Suite Unspecified Vulnerability
Filtered to KEV rows where the CISA vendor name matches this vendor, to drop cross-OS noise (e.g. third-party Windows apps that CPE-map to Microsoft).

LLM-credited CVEs from this vendor

No LLM-credited CVEs for this vendor yet.

From mythos_attributed_cves: CVEs whose NVD description or vendor advisory credits an LLM-assisted discovery. Confidence is high for every row.

Generated 19 June 2026 13:18 UTC <span class="time-ago" data-iso="2026-06-19T13:18:30Z"></span>.