Apex
This hub aggregates every CVE we track for Apex, a product in the hardware firmware space. Use it to gauge the current risk picture and drill into individual advisories.
12
CVEs tracked
4
Critical
2
High
0
In CISA KEV
Severity distribution
MEDIUM6CRITICAL4HIGH2
Monthly trend
0
0
0
1
0
0
0
0
0
0
0
0
0
1
0
0
0
0
1
0
1
0
0
0
2024-072026-06
Latest CVEs
The 12 most recently published vulnerabilities affecting Apex.
- CVE-2025-33244NVIDIA APEX for Linux contains a vulnerability where an unauthorized attacker could cause a deserialization of untrusted data. This vulnerability affects environments that use PyTorch versions earl...9.0
- CVE-2026-21931Vulnerability in the Oracle APEX Sample Applications product of Oracle APEX (component: Brookstrut Sample App). Supported versions that are affected are 23.2.0, 23.2.1, 24.1.0, 24.2.0 and 24.2.1....5.4
- CVE-2025-23295NVIDIA Apex for all platforms contains a vulnerability in a Python component where an attacker could cause a code injection issue by providing a malicious file. A successful exploit of this vulnera...7.8
- CVE-2024-47840Stored XSS through sidebar in Apex skin4.8
- CVE-2016-10305Trango Apex <= 2.1.1, ApexLynx < 2.0, ApexOrion < 2.0, ApexPlus <= 3.2.0, Giga <= 2.6.1, GigaLynx < 2.0, GigaOrion < 2.0, GigaPlus <= 3.2.3, GigaPro <= 1.4.1, StrataLink < 3.0, and StrataPro device...9.8
- CVE-2007-3860Unspecified vulnerability in Oracle Application Express (formerly Oracle HTML DB) 2.2.0.00.32 up to 3.0.0.00.20 allows developers to have an unknown impact via unknown attack vectors, aka APEX01. ...7.5
- CVE-2007-3854Multiple unspecified vulnerabilities in Oracle Database 9.0.1.5+, 9.2.0.7, and 10.1.0.5 allow remote authenticated users to have unknown impact via (1) SYS.DBMS_PRVTAQIS in the Advanced Queuing com...5.5
- CVE-2006-7158Cross-site scripting (XSS) vulnerability in Oracle Application Express (APEX) before 2.2.1, aka Oracle HTML DB, allows remote attackers to inject arbitrary web script or HTML via the NOTIFICATION_M...4.3
- CVE-2006-7138SQL injection vulnerability in wwv_flow_utilities.gen_popup_list in the WWV_FLOW_UTILITIES package for Oracle APEX/HTMLDB before 2.2 allows remote authenticated users to execute arbitrary SQL by mo...6.0
- CVE-2006-5599Cross-site scripting (XSS) vulnerability in Oracle Application Express (formerly HTML DB) before 2.2.1 allows remote attackers to inject arbitrary HTML or web script via the WWV_FLOW_ITEM_HELP pack...4.3
- CVE-2006-5351Multiple unspecified vulnerabilities in Oracle Application Express (formerly Oracle HTML DB) 1.5 up to 2.0 have unknown impact and remote attack vectors, aka Vuln# (1) APEX01, (2) APEX02, (3) APEX0...9.0
- CVE-2006-5352Multiple unspecified vulnerabilities in Oracle Application Express 1.5 up to 1.6.1 have unknown impact and remote attack vectors, aka Vuln# (1) APEX04, (2) APEX20, and (3) APEX21.10.0
Product normalization is registry-driven with AI assist and human review. How it works