Application express
This hub aggregates every CVE we track for Application express, a product in the databases space. Use it to gauge the current risk picture and drill into individual advisories.
48
CVEs tracked
4
Critical
5
High
1
In CISA KEV
Severity distribution
MEDIUM39HIGH5CRITICAL4
Monthly trend
0
0
0
1
0
0
1
0
0
0
0
0
1
0
0
0
0
0
0
0
0
0
0
0
2024-072026-06
Latest CVEs
The 15 most recently published vulnerabilities affecting Application express.
- CVE-2025-50067Vulnerability in Oracle Application Express (component: Strategic Planner Starter App). Supported versions that are affected are 24.2.4 and 24.2.5. Easily exploitable vulnerability allows low pri...9.0
- CVE-2025-21557Vulnerability in Oracle Application Express (component: General). Supported versions that are affected are 23.2 and 24.1. Easily exploitable vulnerability allows low privileged attacker with netw...5.4
- CVE-2024-21261Vulnerability in Oracle Application Express (component: General). Supported versions that are affected are 23.2 and 24.1. Difficult to exploit vulnerability allows low privileged attacker with ne...4.9
- CVE-2023-21983Vulnerability in the Application Express Administration product of Oracle Application Express (component: None). Supported versions that are affected are Application Express Administration: 18.2-2...5.6
- CVE-2023-21975Vulnerability in the Application Express Customers Plugin product of Oracle Application Express (component: User Account). Supported versions that are affected are Application Express Customers Pl...9.0
- CVE-2023-21974Vulnerability in the Application Express Team Calendar Plugin product of Oracle Application Express (component: User Account). Supported versions that are affected are Application Express Team Cal...9.0
- CVE-2022-24728Cross-site Scripting in CKEditor45.4
- CVE-2022-24729Regular expression Denial of Service in dialog plugin6.5
- CVE-2021-41165HTML comments vulnerability allowing to execute JavaScript code8.2
- CVE-2021-41164Advanced Content Filter (ACF) vulnerability allowing to execute JavaScript code using malformed HTML8.2
- CVE-2021-41184XSS in the `of` option of the `.position()` util6.5
- CVE-2021-41183XSS in `*Text` options of the Datepicker widget6.5
- CVE-2021-41182XSS in the `altField` option of the Datepicker widget6.5
- CVE-2021-37695Execution of JavaScript code using malformed HTML in ckeditor7.3
- CVE-2021-32809Arbitrary HTML injection vulnerability in ckeditor4.6
Product normalization is registry-driven with AI assist and human review. How it works