Oracle agile plm

This hub aggregates every CVE we track for Oracle agile plm, a product in the enterprise software space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Oracle agile plm.

• CVE-2026-46859Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Security). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unauthenticate...9.8Jun 16, 2026
• CVE-2026-21940Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: User and User Group). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows una...7.5Jan 20, 2026
• CVE-2025-21565Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Install). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows unaut...7.5Jan 21, 2025
• CVE-2025-21564Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Agile Integration Services). The supported version that is affected is 9.3.6. Easily exploitable vulnera...8.1Jan 21, 2025
• CVE-2025-21556Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Agile Integration Services). The supported version that is affected is 9.3.6. Easily exploitable vulnera...9.9Jan 21, 2025
• CVE-2024-20953Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Export). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privileged a...KEV8.8Feb 17, 2024
• CVE-2020-10650A deserialization flaw was discovered in jackson-databind through 2.9.10.4. It could allow an unauthenticated user to perform code execution via ignite-jta or quartz-core: org.apache.ignite.cache.j...8.1Dec 26, 2022
• CVE-2022-21467Vulnerability in the Oracle Agile PLM product of Oracle Supply Chain (component: Attachments). The supported version that is affected is 9.3.6. Easily exploitable vulnerability allows low privilege...6.5Apr 19, 2022
• CVE-2021-41184XSS in the `of` option of the `.position()` util6.5Oct 26, 2021
• CVE-2021-42340DoS via memory leak with WebSocket connections7.5Oct 14, 2021
• CVE-2021-26272It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted URL-like text into the editor, and then press Enter or Space (in the Autolink pl...6.5Jan 26, 2021
• CVE-2021-26271It was possible to execute a ReDoS-type attack inside CKEditor 4 before 4.16 by persuading a victim to paste crafted text into the Styles input of specific dialogs (in the Advanced Tab for Dialogs ...6.5Jan 26, 2021
• CVE-2020-35491FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.SharedPoolDataSource.8.1Dec 17, 2020
• CVE-2020-25649A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from...7.5Dec 3, 2020
• CVE-2020-24616FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).8.1Aug 25, 2020