Exploited CVEs / By vendor / Oracle
Oracle vulnerabilities actively exploited
44 Oracle CVEs on the CISA Known Exploited Vulnerabilities catalog, newest first. Refreshed daily.
Every CVE below is confirmed exploited in the wild, not just theoretically severe. The newest addition is CVE-2026-35273 (PeopleSoft Enterprise PeopleTools, added 2026-06-12). 13 of the 44 are used in ransomware campaigns. New CISA KEV entries appear here the day they are cataloged; the freshest across all vendors are on exploited this week.
Ask your own AI about Oracle exploited CVEs
Copy this prompt into Claude, ChatGPT, or Copilot. The facts are included, sourced from this page.
WebLogic Server: 12 exploited CVEs
| CVE | Product | Added to KEV | Signals |
|---|---|---|---|
| CVE-2024-21182 | WebLogic Server | 2026-06-01 | CVSS 7.5, EPSS 50% |
| CVE-2020-2883 | WebLogic Server | 2025-01-07 | CVSS 9.8, EPSS 95% |
| CVE-2020-14644 | WebLogic Server | 2024-09-18 | CVSS 9.8, EPSS 95% |
| CVE-2017-3506 | WebLogic Server | 2024-06-03 | CVSS 7.4, EPSS 96% |
| CVE-2023-21839 | WebLogic Server | 2023-05-01 | CVSS 7.5, EPSS 100% |
| CVE-2018-2628 | WebLogic Server | 2022-09-08 | CVSS 9.8, EPSS 99% |
| CVE-2017-10271 | WebLogic Server | 2022-02-10 | ransomware, CVSS 7.5, EPSS 100% |
| CVE-2019-2725 | WebLogic Server | 2022-01-10 | ransomware, CVSS 9.8, EPSS 100% |
| CVE-2015-4852 | WebLogic Server | 2021-11-03 | CVSS 9.8, EPSS 96% |
| CVE-2020-14750 | WebLogic Server | 2021-11-03 | CVSS 9.8, EPSS 99% |
| CVE-2020-14882 | WebLogic Server | 2021-11-03 | CVSS 9.8, EPSS 100% |
| CVE-2020-14883 | WebLogic Server | 2021-11-03 | CVSS 7.2, EPSS 98% |
Java SE: 7 exploited CVEs
| CVE | Product | Added to KEV | Signals |
|---|---|---|---|
| CVE-2012-5076 | Java SE | 2022-03-28 | CVSS 9.8, EPSS 91% |
| CVE-2013-2465 | Java SE | 2022-03-28 | ransomware, CVSS 9.8, EPSS 99% |
| CVE-2012-0507 | Java SE | 2022-03-03 | ransomware, CVSS 9.8, EPSS 98% |
| CVE-2012-1723 | Java SE | 2022-03-03 | ransomware, CVSS 9.8, EPSS 94% |
| CVE-2012-4681 | Java SE | 2022-03-03 | ransomware, CVSS 9.8, EPSS 99% |
| CVE-2015-2590 | Java SE | 2022-03-03 | CVSS 9.8, EPSS 25% |
| CVE-2015-4902 | Java SE | 2022-03-03 | CVSS 5.3, EPSS 13% |
Fusion Middleware: 6 exploited CVEs
| CVE | Product | Added to KEV | Signals |
|---|---|---|---|
| CVE-2025-61757 | Fusion Middleware | 2025-11-21 | CVSS 9.8, EPSS 88% |
| CVE-2020-2551 | Fusion Middleware | 2023-11-16 | CVSS 9.8, EPSS 93% |
| CVE-2021-35587 | Fusion Middleware | 2022-11-28 | CVSS 9.8, EPSS 96% |
| CVE-2012-1710 | Fusion Middleware | 2022-05-25 | ransomware, CVSS 9.8, EPSS 12% |
| CVE-2012-0518 | Fusion Middleware | 2022-03-28 | CVSS 4.7, EPSS 5% |
| CVE-2012-3152 | Fusion Middleware | 2021-11-03 | CVSS 9.1, EPSS 99% |
Java Runtime Environment (JRE): 4 exploited CVEs
| CVE | Product | Added to KEV | Signals |
|---|---|---|---|
| CVE-2010-0840 | Java Runtime Environment (JRE) | 2022-05-25 | CVSS 9.8, EPSS 96% |
| CVE-2013-0422 | Java Runtime Environment (JRE) | 2022-05-25 | ransomware, CVSS 9.8, EPSS 98% |
| CVE-2013-0431 | Java Runtime Environment (JRE) | 2022-05-25 | ransomware, CVSS 5.3, EPSS 90% |
| CVE-2013-2423 | Java Runtime Environment (JRE) | 2022-05-25 | CVSS 3.7, EPSS 85% |
E-Business Suite: 3 exploited CVEs
| CVE | Product | Added to KEV | Signals |
|---|---|---|---|
| CVE-2025-61884 | E-Business Suite | 2025-10-20 | ransomware, CVSS 7.5, EPSS 98% |
| CVE-2025-61882 | E-Business Suite | 2025-10-06 | ransomware, CVSS 9.8, EPSS 100% |
| CVE-2022-21587 | E-Business Suite | 2023-02-02 | ransomware, CVSS 9.8, EPSS 98% |
Other Oracle products
| CVE | Product | Added to KEV | Signals |
|---|---|---|---|
| CVE-2026-35273 | PeopleSoft Enterprise PeopleTools | 2026-06-12 | ransomware, CVSS 9.8, EPSS 92% |
| CVE-2024-20953 | Agile Product Lifecycle Management (PLM) | 2025-02-24 | CVSS 8.8, EPSS 3% |
| CVE-2024-21287 | Agile Product Lifecycle Management (PLM) | 2024-11-21 | CVSS 7.5, EPSS 2% |
| CVE-2022-21445 | ADF Faces | 2024-09-18 | CVSS 9.8, EPSS 62% |
| CVE-2016-3427 | Java SE and JRockit | 2023-05-12 | CVSS 9.8, EPSS 92% |
| CVE-2019-3010 | Solaris | 2022-05-25 | CVSS 8.8, EPSS 14% |
| CVE-2019-2616 | BI Publisher (Formerly XML Publisher) | 2022-03-25 | CVSS 7.2, EPSS 92% |
| CVE-2008-3431 | VirtualBox | 2022-03-03 | CVSS 8.8, EPSS 7% |
| CVE-2011-3544 | Java SE JDK and JRE | 2022-03-03 | CVSS 9.8, EPSS 97% |
| CVE-2020-14864 | Intelligence Enterprise Edition | 2022-01-18 | CVSS 7.5, EPSS 97% |
| CVE-2020-14871 | Solaris and Zettabyte File System (ZFS) | 2021-11-03 | CVSS 10.0, EPSS 80% |
| CVE-2020-2555 | Multiple Products | 2021-11-03 | CVSS 9.8, EPSS 97% |
Common questions about exploited Oracle CVEs
Which Oracle vulnerabilities are actively exploited?
As of July 2026, 44 Oracle CVEs are on the CISA Known Exploited Vulnerabilities catalog, meaning exploitation in the wild is confirmed. The most-listed products are WebLogic Server (12), Java SE (7), Fusion Middleware (6), Java Runtime Environment (JRE) (4). 13 are linked to ransomware campaigns.
What is the newest exploited Oracle CVE?
CVE-2026-35273, affecting PeopleSoft Enterprise PeopleTools, added to the CISA KEV catalog on 2026-06-12. This page refreshes daily, so the newest entry is always first in the table.
How urgent are these Oracle CVEs?
KEV listing is the strongest fix-first signal there is: it means confirmed exploitation, not a prediction. Patch these ahead of higher-CVSS issues that nobody is exploiting. Check the vendor advisory (linked below) for fixed versions and workarounds.
Can I ask my own AI about exploited Oracle CVEs?
Yes. This page includes a free copy-paste AI prompt carrying the newest Oracle KEV entries, with CVSS, EPSS, and ransomware context, into Claude, ChatGPT, or Copilot. The data is refreshed daily.
Authoritative references
All vendors, searchable with due dates and CSV export: the exploited-CVE tracker. Every vendor with a page: exploited by vendor.