MEIFP – Most Exploited Internet-Facing Products

Oracle

Products: Agile PLM Framework · Identity Manager · MySQL Server · Oracle Concurrent Processing · Oracle Configurator · Oracle WebLogic Server · PeopleSoft Enterprise PeopleTools · WebLogic Server

269.8

Score

CVEs

Active

PoC

KEV

Rank

Period:

Product:

CVE ID	Published	CVSS	Exploit	KEV	AC	PR	Auto	Score(hover)	Affected Products	Description
CVE-2026-35273	2026-06-11	9.8v3.1	ACTIVE		Low	None	YES	40.6	PeopleSoft Enterprise PeopleTools	Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: Updates Environment Management). Supported versions that are affected are 8.61 and 8.62. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleS
CVE-2026-34304	2026-04-21	4.9v3.1	POC	—	Low	High	no	0.0	MySQL Server	Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.45, 8.4.0-8.4.8 and 9.0.0-9.6.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server.
CVE-2026-34305	2026-04-21	7.5v3.1	POC	—	Low	None	no	0.0	Oracle WebLogic Server	Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Services). Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0, 14.1.2.0.0 and 15.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to co
CVE-2025-61757	2025-10-21	9.8v3.1	ACTIVE		Low	None	YES	40.6	Identity Manager	Vulnerability in the Identity Manager product of Oracle Fusion Middleware (component: REST WebServices). Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Identity Manager.
CVE-2025-61884	2025-10-12	7.5v3.1	ACTIVE		Low	None	YES	40.6	Oracle Configurator	Vulnerability in the Oracle Configurator product of Oracle E-Business Suite (component: Runtime UI). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Configurator. Successful
CVE-2025-61882	2025-10-05	9.8v3.1	ACTIVE		Low	None	YES	40.6	Oracle Concurrent Processing	Vulnerability in the Oracle Concurrent Processing product of Oracle E-Business Suite (component: BI Publisher Integration). Supported versions that are affected are 12.2.3-12.2.14. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Con
CVE-2024-21287	2024-11-18	7.5v3.1	ACTIVE		Low	None	YES	40.6	Agile PLM Framework	Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Orac
CVE-2024-21182	2024-07-16	7.5v3.1	ACTIVE		Low	None	YES	40.6	WebLogic Server	Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Ser
CVE-2024-20953	2024-02-17	8.8v3.1	ACTIVE		Low	Low	no	26.4	Agile PLM Framework	Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Agile PLM. Successful attacks of this vulner

Each CVE: 10 pts base (Active only), boosted by:

KEV×2.0AC: Low×1.2PR: None×1.3PR: Low×1.1Auto×1.3