By vendor

Oracle vulnerabilities

Known CVEs affecting Oracle products, prioritized by severity, with SEC.co remediation and detection guidance.

2 published vulnerabilities

  • CVE-2026-35277HIGH 8.1

    Oracle REST Data Services contains a flaw that allows authenticated users with basic network access to read and modify sensitive data they shouldn't be able to access. An attacker with a low-privilege account can exploit this remotely without user interaction, potentially accessing, changing, or deleting critical information across the service. This is a significant risk because it bypasses normal data access controls.

  • CVE-2026-35266HIGH 7.9

    Oracle REST Data Services contains a vulnerability that allows an attacker with low-level network access and user credentials to manipulate critical data or disrupt service availability. The attack requires tricking another user into taking action, making it moderately difficult to exploit in practice. Versions 24.2.0 through 26.1.0 are affected. Success can lead to unauthorized access, modification, or deletion of sensitive information, as well as partial service outages.