Known Vulnerabilities for Application Server by Oracle
Listed below are 10 of the newest known vulnerabilities associated with "Application Server" by "Oracle".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-41459 json | Xerte Online Toolkits versions 3.15 and earlier contain an information disclosure vulnerability that allows unauthenticated a... | Not Provided | 2026-04-22 | 2026-04-22 |
| CVE-2026-41130 json | Craft CMS is a content management system (CMS). In versions on the 4.x branch through 4.17.8 and the 5.x branch through 5.9.1... | Not Provided | 2026-04-22 | 2026-04-22 |
| CVE-2026-40905 json | LinkAce is a self-hosted archive to collect website links. Prior to 2.5.4, a password reset poisoning vulnerability was ident... | Not Provided | 2026-04-21 | 2026-04-21 |
| CVE-2026-40608 json | Next AI Draw.io is a next.js web application that integrates AI capabilities with draw.io diagrams. Prior to 0.4.15, the embe... | Not Provided | 2026-04-21 | 2026-04-21 |
| CVE-2026-40487 json | Postiz is an AI social media scheduling tool. Prior to version 2.21.6, a file upload validation bypass allows any authenticat... | Not Provided | 2026-04-18 | 2026-04-20 |
| CVE-2026-40478 json | Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain... | Not Provided | 2026-04-17 | 2026-04-20 |
| CVE-2026-40477 json | Thymeleaf is a server-side Java template engine for web and standalone environments. Versions 3.1.3.RELEASE and prior contain... | Not Provided | 2026-04-17 | 2026-04-20 |
| CVE-2026-40434 json | Anviz CrossChex Standard lacks source verification in the client/server channel, enabling TCP packet injection by an attacke... | Not Provided | 2026-04-17 | 2026-04-17 |
| CVE-2026-40324 json | Hot Chocolate is an open-source GraphQL server. Prior to versions 12.22.7, 13.9.16, 14.3.1, and 15.1.14, Hot Chocolate's recu... | Not Provided | 2026-04-18 | 2026-04-20 |
| CVE-2026-40255 json | AdonisJS HTTP Server is a package for handling HTTP requests in the AdonisJS framework. In @adonisjs/http-server versions pri... | Not Provided | 2026-04-16 | 2026-04-16 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Oracle | Application Server | 9.2.0.7 | |||
| Application | Oracle | Application Server | 9.2.0.6 | |||
| Application | Oracle | Application Server | 9.0.4.3 | |||
| Application | Oracle | Application Server | 9.0.4.2 | |||
| Application | Oracle | Application Server | 9.0.4.1 | |||
| Application | Oracle | Application Server | 9.0.4.0 | |||
| Application | Oracle | Application Server | 9.0.4 | |||
| Application | Oracle | Application Server | 9.0.3.1 | |||
| Application | Oracle | Application Server | 9.0.3 | |||
| Application | Oracle | Application Server | 9.0.2.3 | |||
| Application | Oracle | Application Server | 9.0.2.2 | |||
| Application | Oracle | Application Server | 9.0.2.1 | |||
| Application | Oracle | Application Server | 9.0.2.0.1 | |||
| Application | Oracle | Application Server | 9.0.2.0.0 | |||
| Application | Oracle | Application Server | 9.0.2 | |||
| Application | Oracle | Application Server | 9.0.2 | |||
| Application | Oracle | Application Server | 9.0 | |||
| Application | Oracle | Application Server | 8.1.7 | |||
| Application | Oracle | Application Server | 7.0.4.4 | |||
| Application | Oracle | Application Server | 4.0.8.2 |