Application server

This hub aggregates every CVE we track for Application server, a product in the databases space. Use it to gauge the current risk picture and drill into individual advisories.

Severity distribution

Monthly trend

The 15 most recently published vulnerabilities affecting Application server.

• CVE-2025-8386AVEVA Application Server IDE Basic Cross-site Scripting6.9Nov 14, 2025
• CVE-2024-7113Allocation of Resources Without Limits or Throttling in AVEVA SuiteLink Server7.5Aug 13, 2024
• CVE-2023-34982AVEVA Operations Control Logger External Control of File Name or Path 5.5Nov 15, 2023
• CVE-2023-33873AVEVA Operations Control Logger Execution with Unnecessary Privileges 7.8Nov 15, 2023
• CVE-2016-15023SiteFusion Application Server Extension getextension.php path traversal3.5Jan 31, 2023
• CVE-2020-6262Service Data Download in SAP Application Server ABAP (ST-PI, before versions 2008_1_46C, 2008_1_620, 2008_1_640, 2008_1_700, 2008_1_710, 740) allows an attacker to inject code that can be executed ...8.8May 12, 2020
• CVE-2020-1967Segmentation fault in SSL_check_chain7.5Apr 21, 2020
• CVE-2018-5407Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks via a side-channel timing attack on 'port contention'.4.7Nov 15, 2018
• CVE-2018-0734Timing attack against DSA5.9Oct 30, 2018
• CVE-2018-0735Timing attack against ECDSA signature generation5.9Oct 29, 2018
• CVE-2017-14995The Management Console in WSO2 Application Server 5.3.0, WSO2 Business Process Server 3.6.0, WSO2 Business Rules Server 2.2.0, WSO2 Complex Event Processor 4.2.0, WSO2 Dashboard Server 2.0.0, WSO2 ...6.1Oct 3, 2017
• CVE-2017-14651WSO2 Data Analytics Server 3.1.0 has XSS in carbon/resources/add_collection_ajaxprocessor.jsp via the collectionName or parentPath parameter.4.8Sep 21, 2017
• CVE-2016-2183The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for ...7.5Sep 1, 2016
• CVE-2010-0067Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Application Server 10.1.2.3 and 10.1.3.4 allows remote attackers to affect confidentiality via unknown vectors.5.0Jan 13, 2010
• CVE-2010-0066Unspecified vulnerability in the Access Manager Identity Server component in Oracle Application Server 7.0.4.3 and 10.1.4.2 allows remote attackers to affect integrity via unknown vectors.5.0Jan 13, 2010