Oracle jdeveloper
This hub aggregates every CVE we track for Oracle jdeveloper, a product in the devtools ci space. Use it to gauge the current risk picture and drill into individual advisories.
11
CVEs tracked
8
Critical
1
High
1
In CISA KEV
Severity distribution
CRITICAL8MEDIUM2HIGH1
Monthly trend
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
2024-082026-07
Latest CVEs
The 11 most recently published vulnerabilities affecting Oracle jdeveloper.
- CVE-2022–21445Уязвимость компонента ADF Faces программного средства Oracle Jdeveloper, позволяющая нарушителю выполнить произвольный код или получить полный контроль над приложением9.8
- CVE-2022-21445Vulnerability in the Oracle Application Development Framework (ADF) product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 12.2.1.3.0 and 12.2.1.4.0....KEV9.8
- CVE-2022-23305SQL injection in JDBC Appender in Apache Log4j V19.8
- CVE-2020-11022jQuery has a potential XSS vulnerability6.9
- CVE-2018-14719FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the blaze-ds-opt and blaze-ds-core classes from polymorphic deseria...9.8
- CVE-2018-14721FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to conduct server-side request forgery (SSRF) attacks by leveraging failure to block the axis2-jaxws class from polymorphic ...10.0
- CVE-2018-14720FasterXML jackson-databind 2.x before 2.9.7 might allow attackers to conduct external XML entity (XXE) attacks by leveraging failure to block unspecified JDK classes from polymorphic deserialization.9.8
- CVE-2018-14718FasterXML jackson-databind 2.x before 2.9.7 might allow remote attackers to execute arbitrary code by leveraging failure to block the slf4j-ext class from polymorphic deserialization.9.8
- CVE-2018-14371The getLocalePrefix function in ResourceManager.java in Eclipse Mojarra before 2.3.7 is affected by Directory Traversal via the loc parameter. A remote attacker can download configuration files or ...7.5
- CVE-2015-9251jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.6.1
- CVE-2017-5645In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events from another application, a specially crafted binary payload can be sent tha...9.8
Product normalization is registry-driven with AI assist and human review. How it works