bevictor伟德官网·(中国)唯一官方网站

首页网络安全威胁情报正文

【漏洞通报】CNNVD关于Oracle多个安全漏洞的通报

时间：2026年02月28日 15:48 来源： CNNVD 点击数：

近日，Oracle官方发布了多个安全漏洞的公告，其中Oracle产品本身漏洞68个，影响到Oracle产品的其他厂商漏洞160个。Oracle Mysql、Oracle E-Business Suite、Oracle Solaris、Oracle Supply Chain等多个产品和系统受漏洞影响。目前，Oracle官方已经发布了漏洞修复补丁，建议用户及时确认是否受到漏洞影响，尽快采取修补措施。

一、漏洞介绍

2026年1月20日，Oracle发布了2026年1月份安全更新，共228个漏洞的补丁程序，CNNVD对这些漏洞进行了收录。本次更新主要涵盖了Oracle Mysql、Oracle E-Business Suite、Oracle Solaris、Oracle Supply Chain、Oracle Financial Services Applications、Oracle Health Sciences Applications等。CNNVD对其危害等级进行了评价，其中超危漏洞20个，高危漏洞80个，中危漏洞108个，低危漏洞20个。Oracle多个产品和系统版本受漏洞影响，具体影响范围可访问Oracle官方网站查询：

https://www.oracle.com/security-alerts/cpujan2026.html

二、漏洞详情

此次更新共228个漏洞的补丁程序，包括66个新增漏洞的补丁程序、2个更新漏洞的补丁程序和160个影响Oracle产品的其他厂商漏洞的补丁程序。

此次更新共包括66个新增漏洞的补丁程序，其中超危漏洞2个，高危漏洞19个，中危漏洞41个，低危漏洞4个。

序号	漏洞名称	CNNVD编号	CVE编号	危害等级	官方链接
1	Oracle Supply Chain Products Suite 安全漏洞	CNNVD-202601-3113	CVE-2026-21969	超危	https://www.oracle.com/security-alerts/cpujan2026.html
2	Oracle Fusion Middleware 安全漏洞	CNNVD-202601-3152	CVE-2026-21962	超危	https://www.oracle.com/security-alerts/cpujan2026.html
3	Oracle Virtualization 安全漏洞	CNNVD-202601-3094	CVE-2026-21982	高危	https://www.oracle.com/security-alerts/cpujan2026.html
4	Oracle Virtualization 安全漏洞	CNNVD-202601-3095	CVE-2026-21986	高危	https://www.oracle.com/security-alerts/cpujan2026.html
5	Oracle Virtualization 安全漏洞	CNNVD-202601-3096	CVE-2026-21984	高危	https://www.oracle.com/security-alerts/cpujan2026.html
6	Oracle Virtualization 安全漏洞	CNNVD-202601-3097	CVE-2026-21957	高危	https://www.oracle.com/security-alerts/cpujan2026.html
7	Oracle Virtualization 安全漏洞	CNNVD-202601-3098	CVE-2026-21983	高危	https://www.oracle.com/security-alerts/cpujan2026.html
8	Oracle Virtualization 安全漏洞	CNNVD-202601-3099	CVE-2026-21989	高危	https://www.oracle.com/security-alerts/cpujan2026.html
9	Oracle Virtualization 安全漏洞	CNNVD-202601-3100	CVE-2026-21988	高危	https://www.oracle.com/security-alerts/cpujan2026.html
10	Oracle Virtualization 安全漏洞	CNNVD-202601-3101	CVE-2026-21990	高危	https://www.oracle.com/security-alerts/cpujan2026.html
11	Oracle Virtualization 安全漏洞	CNNVD-202601-3102	CVE-2026-21987	高危	https://www.oracle.com/security-alerts/cpujan2026.html
12	Oracle Virtualization 安全漏洞	CNNVD-202601-3103	CVE-2026-21956	高危	https://www.oracle.com/security-alerts/cpujan2026.html
13	Oracle Virtualization 安全漏洞	CNNVD-202601-3104	CVE-2026-21955	高危	https://www.oracle.com/security-alerts/cpujan2026.html
14	Oracle Supply Chain 安全漏洞	CNNVD-202601-3111	CVE-2026-21940	高危	https://www.oracle.com/security-alerts/cpujan2026.html
15	Oracle Siebel CRM 安全漏洞	CNNVD-202601-3114	CVE-2026-21926	高危	https://www.oracle.com/security-alerts/cpujan2026.html
16	Oracle Java SE 安全漏洞	CNNVD-202601-3135	CVE-2026-21945	高危	https://www.oracle.com/security-alerts/cpujan2026.html
17	Oracle Java SE 安全漏洞	CNNVD-202601-3136	CVE-2026-21932	高危	https://www.oracle.com/security-alerts/cpujan2026.html
18	Oracle Hospitality Applications 安全漏洞	CNNVD-202601-3140	CVE-2026-21967	高危	https://www.oracle.com/security-alerts/cpujan2026.html
19	Oracle Analytics 安全漏洞	CNNVD-202601-3149	CVE-2026-21976	高危	https://www.oracle.com/security-alerts/cpujan2026.html
20	Oracle Financial Services Applications 安全漏洞	CNNVD-202601-3150	CVE-2026-21973	高危	https://www.oracle.com/security-alerts/cpujan2026.html
21	Oracle Database Server 安全漏洞	CNNVD-202601-3156	CVE-2026-21939	高危	https://www.oracle.com/security-alerts/cpujan2026.html
22	Oracle Virtualization 安全漏洞	CNNVD-202601-3091	CVE-2026-21981	中危	https://www.oracle.com/security-alerts/cpujan2026.html
23	Oracle Virtualization 安全漏洞	CNNVD-202601-3092	CVE-2026-21985	中危	https://www.oracle.com/security-alerts/cpujan2026.html
24	Oracle Virtualization 安全漏洞	CNNVD-202601-3093	CVE-2026-21963	中危	https://www.oracle.com/security-alerts/cpujan2026.html
25	Oracle Utilities Applications 安全漏洞	CNNVD-202601-3105	CVE-2026-21924	中危	https://www.oracle.com/security-alerts/cpujan2026.html
26	Oracle Solaris 安全漏洞	CNNVD-202601-3107	CVE-2026-21935	中危	https://www.oracle.com/security-alerts/cpujan2026.html
27	Oracle Solaris 安全漏洞	CNNVD-202601-3108	CVE-2026-21942	中危	https://www.oracle.com/security-alerts/cpujan2026.html
28	Oracle Solaris 安全漏洞	CNNVD-202601-3109	CVE-2026-21928	中危	https://www.oracle.com/security-alerts/cpujan2026.html
29	Oracle Supply Chain Products Suite 安全漏洞	CNNVD-202601-3110	CVE-2026-21944	中危	https://www.oracle.com/security-alerts/cpujan2026.html
30	Oracle Solaris 安全漏洞	CNNVD-202601-3112	CVE-2026-21927	中危	https://www.oracle.com/security-alerts/cpujan2026.html
31	Oracle PeopleSoft 安全漏洞	CNNVD-202601-3115	CVE-2026-21971	中危	https://www.oracle.com/security-alerts/cpujan2026.html
32	Oracle PeopleSoft 安全漏洞	CNNVD-202601-3116	CVE-2026-21934	中危	https://www.oracle.com/security-alerts/cpujan2026.html
33	Oracle PeopleSoft 安全漏洞	CNNVD-202601-3117	CVE-2026-21938	中危	https://www.oracle.com/security-alerts/cpujan2026.html
34	Oracle PeopleSoft 安全漏洞	CNNVD-202601-3118	CVE-2026-21961	中危	https://www.oracle.com/security-alerts/cpujan2026.html
35	Oracle PeopleSoft 安全漏洞	CNNVD-202601-3119	CVE-2026-21951	中危	https://www.oracle.com/security-alerts/cpujan2026.html
36	Oracle MySQL 安全漏洞	CNNVD-202601-3120	CVE-2026-21948	中危	https://www.oracle.com/security-alerts/cpujan2026.html
37	Oracle MySQL 安全漏洞	CNNVD-202601-3121	CVE-2026-21941	中危	https://www.oracle.com/security-alerts/cpujan2026.html
38	Oracle MySQL 安全漏洞	CNNVD-202601-3123	CVE-2026-21952	中危	https://www.oracle.com/security-alerts/cpujan2026.html
39	Oracle MySQL 安全漏洞	CNNVD-202601-3124	CVE-2026-21964	中危	https://www.oracle.com/security-alerts/cpujan2026.html
40	Oracle MySQL 安全漏洞	CNNVD-202601-3125	CVE-2026-21936	中危	https://www.oracle.com/security-alerts/cpujan2026.html
41	Oracle MySQL 安全漏洞	CNNVD-202601-3126	CVE-2026-21950	中危	https://www.oracle.com/security-alerts/cpujan2026.html
42	Oracle MySQL 安全漏洞	CNNVD-202601-3127	CVE-2026-21968	中危	https://www.oracle.com/security-alerts/cpujan2026.html
43	Oracle MySQL 安全漏洞	CNNVD-202601-3128	CVE-2026-21937	中危	https://www.oracle.com/security-alerts/cpujan2026.html
44	Oracle MySQL 安全漏洞	CNNVD-202601-3129	CVE-2026-21929	中危	https://www.oracle.com/security-alerts/cpujan2026.html
45	Oracle MySQL 安全漏洞	CNNVD-202601-3130	CVE-2026-21949	中危	https://www.oracle.com/security-alerts/cpujan2026.html
46	Oracle Java SE 安全漏洞	CNNVD-202601-3131	CVE-2026-21925	中危	https://www.oracle.com/security-alerts/cpujan2026.html
47	Oracle JD Edwards 安全漏洞	CNNVD-202601-3132	CVE-2026-21946	中危	https://www.oracle.com/security-alerts/cpujan2026.html
48	Oracle Java SE 安全漏洞	CNNVD-202601-3134	CVE-2026-21933	中危	https://www.oracle.com/security-alerts/cpujan2026.html
49	Oracle Hyperion 安全漏洞	CNNVD-202601-3137	CVE-2026-21979	中危	https://www.oracle.com/security-alerts/cpujan2026.html
50	Oracle Hyperion 安全漏洞	CNNVD-202601-3138	CVE-2026-21922	中危	https://www.oracle.com/security-alerts/cpujan2026.html
51	Oracle Hospitality Applications 安全漏洞	CNNVD-202601-3139	CVE-2026-21966	中危	https://www.oracle.com/security-alerts/cpujan2026.html
52	Oracle Health Sciences Applications 安全漏洞	CNNVD-202601-3142	CVE-2026-21974	中危	https://www.oracle.com/security-alerts/cpujan2026.html
53	Oracle Health Sciences Applications 安全漏洞	CNNVD-202601-3143	CVE-2026-21923	中危	https://www.oracle.com/security-alerts/cpujan2026.html
54	Oracle Health Sciences Applications 安全漏洞	CNNVD-202601-3144	CVE-2026-21970	中危	https://www.oracle.com/security-alerts/cpujan2026.html
55	Oracle Health Sciences Applications 安全漏洞	CNNVD-202601-3145	CVE-2026-21980	中危	https://www.oracle.com/security-alerts/cpujan2026.html
56	Oracle Financial Services Applications 安全漏洞	CNNVD-202601-3146	CVE-2026-21978	中危	https://www.oracle.com/security-alerts/cpujan2026.html
57	Oracle Database Server 安全漏洞	CNNVD-202601-3147	CVE-2026-21975	中危	https://www.oracle.com/security-alerts/cpujan2026.html
58	Oracle E-Business Suite 安全漏洞	CNNVD-202601-3151	CVE-2026-21972	中危	https://www.oracle.com/security-alerts/cpujan2026.html
59	Oracle E-Business Suite 安全漏洞	CNNVD-202601-3153	CVE-2026-21960	中危	https://www.oracle.com/security-alerts/cpujan2026.html
60	Oracle E-Business Suite 安全漏洞	CNNVD-202601-3154	CVE-2026-21959	中危	https://www.oracle.com/security-alerts/cpujan2026.html
61	Oracle E-Business Suite 安全漏洞	CNNVD-202601-3155	CVE-2026-21943	中危	https://www.oracle.com/security-alerts/cpujan2026.html
62	Oracle APEX 安全漏洞	CNNVD-202601-3157	CVE-2026-21931	中危	https://www.oracle.com/security-alerts/cpujan2026.html
63	Oracle ZFS Storage Appliance Kit 安全漏洞	CNNVD-202601-3106	CVE-2026-21930	低危	https://www.oracle.com/security-alerts/cpujan2026.html
64	Oracle MySQL 安全漏洞	CNNVD-202601-3122	CVE-2026-21965	低危	https://www.oracle.com/security-alerts/cpujan2026.html
65	Oracle Java SE 安全漏洞	CNNVD-202601-3133	CVE-2026-21947	低危	https://www.oracle.com/security-alerts/cpujan2026.html
66	Oracle Zero Data Loss Recovery Appliance 安全漏洞	CNNVD-202601-3148	CVE-2026-21977	低危	https://www.oracle.com/security-alerts/cpujan2026.html

此次更新共包括2个更新漏洞的补丁程序，其中高危漏洞1个，低危漏洞1个。

序号	漏洞名称	CNNVD编号	CVE编号	危害等级	官方链接
1	Oracle Java SE 访问控制错误漏洞	CNNVD-202507-1981	CVE-2025-50059	高危	https://www.oracle.com/security-alerts/cpujul2025.html
2	Oracle Java SE 安全漏洞	CNNVD-202510-2690	CVE-2025-61755	低危	https://www.oracle.com/security-alerts/cpuoct2025.html

此次更新共包括160个影响Oracle产品的其他厂商漏洞的补丁程序，其中超危漏洞18个，高危漏洞60个，中危漏洞67个，低危漏洞15个。

序号	漏洞名称	CNNVD编号	CVE编号	危害等级	厂商	官方链接
1	dom4j 代码问题漏洞	CNNVD-202004-1133	CVE-2020-10683	超危	个人开发者	https://github.com/dom4j/dom4j/commit/a822852
2	Apache Xmlbeans 输入验证错误漏洞	CNNVD-202101-1146	CVE-2021-23926	超危	Apache基金会	https://issues.apache.org/jira/browse/XMLBEANS-517
3	iText 命令注入漏洞	CNNVD-202112-1333	CVE-2021-43113	超危	个人开发者	https://github.com/itext/itext7/releases/tag/7.1.17
4	Apache MINA 代码问题漏洞	CNNVD-202211-2918	CVE-2022-45047	超危	Apache基金会	https://www.mail-archive.com/dev@mina.apache.org/msg39312.html
5	Apache Xerces-C 资源管理错误漏洞	CNNVD-202402-1469	CVE-2024-23807	超危	Apache	https://github.com/apache/xerces-c/pull/54
6	Apache Zookeeper 安全漏洞	CNNVD-202411-762	CVE-2024-51504	超危	Apache	https://lists.apache.org/thread/b3qrmpkto5r6989qr61fw9y2x646kqlh
7	Apache MINA 安全漏洞	CNNVD-202412-2747	CVE-2024-52046	超危	Apache	https://lists.apache.org/thread/4wxktgjpggdbto15d515wdctohb0qmv8
8	LZ4 Java 安全漏洞	CNNVD-202511-3009	CVE-2025-12183	超危	个人开发者	https://github.com/yawkat/lz4-java/releases
9	Apache HTTP Server 访问控制错误漏洞	CNNVD-202507-1508	CVE-2025-23048	超危	Apache	https://httpd.apache.org/download.cgi
10	Apache Parquet 代码问题漏洞	CNNVD-202504-083	CVE-2025-30065	超危	Apache	https://lists.apache.org/thread/okzqb3kn479gqzxm21gg5vqr35om9gw5
11	Redis 输入验证错误漏洞	CNNVD-202510-449	CVE-2025-46817	超危	Redis	https://redis.io/
12	Eclipse JGit 代码问题漏洞	CNNVD-202505-3164	CVE-2025-4949	超危	Eclipse	https://projects.eclipse.org/projects/technology.jgit/releases/7.2.1
13	libxml2 安全漏洞	CNNVD-202506-1904	CVE-2025-49794	超危	GNOME	https://gitlab.gnome.org/GNOME/libxml2/-/releases
14	libxml2 缓冲区错误漏洞	CNNVD-202506-1901	CVE-2025-49796	超危	GNOME	https://gitlab.gnome.org/GNOME/libxml2/-/releases
15	Redis 资源管理错误漏洞	CNNVD-202510-401	CVE-2025-49844	超危	Redis	https://redis.io/
16	OpenJPEG 安全漏洞	CNNVD-202508-277	CVE-2025-54874	超危	Université catholique de Louvain	https://github.com/uclouvain/openjpeg/releases
17	Apache Tika 代码问题漏洞	CNNVD-202512-497	CVE-2025-66516	超危	Apache	https://tika.apache.org/
18	SQLite 安全漏洞	CNNVD-202507-2004	CVE-2025-6965	超危	SQLite	https://www.sqlite.org/
19	dom4j 安全漏洞	CNNVD-201808-625	CVE-2018-1000632	高危	debian	https://github.com/dom4j/dom4j/commit/e598eb43d418744c4dbf62f647dd2381c9ce9387
20	JDOM 代码问题漏洞	CNNVD-202106-1323	CVE-2021-33813	高危	个人开发者	https://github.com/hunterhacker/jdom。
21	Intel(R) oneAPI DPC++/C++ Compiler 安全漏洞	CNNVD-202301-905	CVE-2022-40196	高危	Intel	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00773.html
22	Intel oneAPI DPC++/C++ Compiler 缓冲区错误漏洞	CNNVD-202301-906	CVE-2022-41342	高危	Intel	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00773.html
23	X.org Server 资源管理错误漏洞	CNNVD-202303-2656	CVE-2023-1393	高危	X.org基金会	https://lists.x.org/archives/xorg/2023-March/061312.html
24	Samba 安全漏洞	CNNVD-202310-1009	CVE-2023-4091	高危	Samba	https://bugzilla.samba.org/show_bug.cgi?id=15439
25	Samba 安全漏洞	CNNVD-202310-1011	CVE-2023-4154	高危	Samba	https://www.samba.org/samba/security/CVE-2023-4154.html
26	logback 代码问题漏洞	CNNVD-202311-2206	CVE-2023-6378	高危	Quality Open Software	https://logback.qos.ch/download.html
27	Eclipse Jetty 安全漏洞	CNNVD-202505-1295	CVE-2024-13009	高危	Eclipse	https://jetty.org/download.html
28	Apache Kafka 安全漏洞	CNNVD-202411-2444	CVE-2024-31141	高危	Apache	https://lists.apache.org/thread/9whdzfr0zwdhr364604w5ssnzmg4v2lv
29	Apache HTTP Server 输入验证错误漏洞	CNNVD-202507-1505	CVE-2024-42516	高危	Apache	https://httpd.apache.org/download.cgi
30	Apache HTTP Server 代码问题漏洞	CNNVD-202507-1507	CVE-2024-43204	高危	Apache	https://httpd.apache.org/download.cgi
31	Apache Subversion 操作系统命令注入漏洞	CNNVD-202410-903	CVE-2024-45720	高危	Apache	https://subversion.apache.org/security/CVE-2024-45720-advisory.txt
32	Apache HTTP Server 安全漏洞	CNNVD-202507-1506	CVE-2024-47252	高危	Apache	https://httpd.apache.org/download.cgi
33	Perl 安全漏洞	CNNVD-202504-2010	CVE-2024-56406	高危	Perl	https://dev.perl.org/perl5/
34	Netplex Json-smart 安全漏洞	CNNVD-202502-472	CVE-2024-57699	高危	Netplex	https://github.com/netplex/json-smart-v2
35	Eclipse Jersey 竞争条件问题漏洞	CNNVD-202511-2052	CVE-2025-12383	高危	Eclipse	https://projects.eclipse.org/projects/ee4j.jersey
36	CPython 安全漏洞	CNNVD-202512-051	CVE-2025-13836	高危	Python	https://github.com/python/cpython/tags
37	VMware Spring Security 安全漏洞	CNNVD-202503-2153	CVE-2025-22228	高危	VMware	https://spring.io/security/cve-2025-22228
38	Axios 代码问题漏洞	CNNVD-202503-921	CVE-2025-27152	高危	Axios	https://github.com/axios/axios/security/advisories/GHSA-jr5f-v2jv-69x6
39	Node.js 安全漏洞	CNNVD-202507-2479	CVE-2025-27209	高危	Node.js	https://nodejs.org/zh-cn/download
40	Node.js 路径遍历漏洞	CNNVD-202507-2264	CVE-2025-27210	高危	Node.js	https://nodejs.org/en/download/current
41	FreeType 缓冲区错误漏洞	CNNVD-202503-1204	CVE-2025-27363	高危	FreeType	https://www.facebook.com/security/advisories/cve-2025-27363
42	Apache ActiveMQ 安全漏洞	CNNVD-202505-979	CVE-2025-27533	高危	Apache	https://activemq.apache.org/
43	Apache Kafka Client 安全漏洞	CNNVD-202506-1107	CVE-2025-27817	高危	Apache	https://kafka.apache.org/downloads
44	Apache Kafka 安全漏洞	CNNVD-202506-1103	CVE-2025-27818	高危	Apache	https://kafka.apache.org/downloads
45	Spring Security 安全漏洞	CNNVD-202509-2416	CVE-2025-41248	高危	Spring	https://spring.io/security/cve-2025-41248
46	Spring Framework 安全漏洞	CNNVD-202509-2565	CVE-2025-41249	高危	Spring	https://spring.io/security/cve-2025-41249
47	Apple多款产品安全漏洞	CNNVD-202509-1881	CVE-2025-43368	高危	Apple	https://support.apple.com/en-us/125108
48	Rack 安全漏洞	CNNVD-202505-1221	CVE-2025-46727	高危	Rack	https://github.com/rack/rack/releases
49	GStreamer 安全漏洞	CNNVD-202508-709	CVE-2025-47219	高危	GStreamer	https://gstreamer.freedesktop.org/
50	ModSecurity 安全漏洞	CNNVD-202505-3250	CVE-2025-47947	高危	OWASP ModSecurity	https://github.com/owasp-modsecurity/ModSecurity/releases
51	jq 安全漏洞	CNNVD-202505-3221	CVE-2025-48060	高危	jqlang	https://jqlang.org/
52	Apache Commons 访问控制错误漏洞	CNNVD-202505-3838	CVE-2025-48734	高危	Apache	https://commons.apache.org/
53	ModSecurity 安全漏洞	CNNVD-202506-092	CVE-2025-48866	高危	OWASP ModSecurity	https://github.com/owasp-modsecurity/ModSecurity/releases
54	Apache Commons Lang 安全漏洞	CNNVD-202507-1649	CVE-2025-48924	高危	Apache	https://commons.apache.org/proper/commons-lang/download_lang.cgi
55	Apache Commons FileUpload 安全漏洞	CNNVD-202506-1896	CVE-2025-48976	高危	Apache	https://commons.apache.org/fileupload/download_fileupload.cgi
56	Apache Tomcat 安全漏洞	CNNVD-202508-1369	CVE-2025-48989	高危	Apache	https://tomcat.apache.org/security-11.html
57	libxml2 安全漏洞	CNNVD-202506-1905	CVE-2025-49795	高危	GNOME	https://gitlab.gnome.org/GNOME/libxml2/-/releases
58	Eclipse Jetty 安全漏洞	CNNVD-202508-2327	CVE-2025-5115	高危	Eclipse	https://github.com/jetty/jetty.project/releases
59	Apache Tomcat 输入验证错误漏洞	CNNVD-202507-1406	CVE-2025-52520	高危	Apache	https://tomcat.apache.org/
60	FasterXML jackson-core 安全漏洞	CNNVD-202506-3167	CVE-2025-52999	高危	FasterXML	https://github.com/FasterXML/jackson-core/tags
61	libssh 缓冲区错误漏洞	CNNVD-202506-3086	CVE-2025-5318	高危	libssh	https://www.libssh.org/
62	Helm 代码注入漏洞	CNNVD-202507-1186	CVE-2025-53547	高危	CNCF	https://github.com/helm/helm/releases
63	aiohttp 环境问题漏洞	CNNVD-202507-1890	CVE-2025-53643	高危	aio-libs	https://docs.aiohttp.org/en/stable/
64	Apache Tika 安全漏洞	CNNVD-202508-2251	CVE-2025-54988	高危	Apache	https://tika.apache.org/
65	Netty 安全漏洞	CNNVD-202508-1386	CVE-2025-55163	高危	Netty	https://github.com/netty/netty/tags
66	Apache HTTP Server 安全漏洞	CNNVD-202512-691	CVE-2025-55753	高危	Apache	https://httpd.apache.org/download.cgi
67	Netty 环境问题漏洞	CNNVD-202509-235	CVE-2025-58056	高危	Netty	https://netty.io/
68	Microsoft JDBC Driver 输入验证错误漏洞	CNNVD-202510-1776	CVE-2025-59250	高危	Microsoft	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-59250
69	libxml2 安全漏洞	CNNVD-202506-1657	CVE-2025-6021	高危	GNOME	https://gitlab.gnome.org/GNOME/libxml2/-/releases
70	libpng 缓冲区错误漏洞	CNNVD-202511-2689	CVE-2025-64720	高危	The PNG Development Group	https://github.com/pnggroup/libpng/tags
71	libpng 缓冲区错误漏洞	CNNVD-202511-2687	CVE-2025-65018	高危	The PNG Development Group	https://github.com/pnggroup/libpng/tags
72	urllib3 安全漏洞	CNNVD-202512-670	CVE-2025-66418	高危	urllib3	https://github.com/urllib3/urllib3/releases
73	urllib3 安全漏洞	CNNVD-202512-668	CVE-2025-66471	高危	urllib3	https://github.com/urllib3/urllib3/releases
74	LZ4 Java 安全漏洞	CNNVD-202512-643	CVE-2025-66566	高危	个人开发者	https://github.com/yawkat/lz4-java/releases
75	Libxslt 安全漏洞	CNNVD-202507-1492	CVE-2025-7424	高危	Libxslt	https://download.gnome.org/sources/libxslt/
76	Libxslt 资源管理错误漏洞	CNNVD-202507-1491	CVE-2025-7425	高危	Libxslt	https://download.gnome.org/sources/libxslt/
77	curl 安全漏洞	CNNVD-202509-1818	CVE-2025-9086	高危	cURL	https://github.com/curl/curl/releases
78	LibTIFF 安全漏洞	CNNVD-202509-3630	CVE-2025-9900	高危	LibTIFF	https://libtiff.gitlab.io/libtiff/#
79	Apache Log4j 安全漏洞	CNNVD-202112-1493	CVE-2021-45105	中危	Apache基金会	https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
80	jQuery 代码问题漏洞	CNNVD-202203-074	CVE-2022-23395	中危	个人开发者	https://github.com/carhartl/jquery-cookie
81	Flexera InstallShield 安全漏洞	CNNVD-202401-2402	CVE-2023-29081	中危	Flexera	https://community.flexera.com/t5/Product-Downloads/ct-p/Downloads
82	Samba 安全漏洞	CNNVD-202310-1008	CVE-2023-42669	中危	Samba	https://www.samba.org/samba/security/CVE-2023-42669.html
83	Samba 安全漏洞	CNNVD-202311-274	CVE-2023-42670	中危	Samba	https://www.samba.org/samba/security/CVE-2023-42670.html
84	libtasn1 安全漏洞	CNNVD-202502-731	CVE-2024-12133	中危	gnutls	https://gitlab.com/gnutls/libtasn1/-/issues/52
85	jq 输入验证错误漏洞	CNNVD-202505-3180	CVE-2024-23337	中危	jqlang	https://jqlang.org/
86	Bouncy Castle 安全漏洞	CNNVD-202405-2620	CVE-2024-30171	中危	Bouncy Castle	https://www.bouncycastle.org/latest_releases.html
87	Requests 安全漏洞	CNNVD-202405-3594	CVE-2024-35195	中危	Python	https://github.com/psf/requests/releases/tag/v2.32
88	Express.js 跨站脚本漏洞	CNNVD-202409-692	CVE-2024-43796	中危	expressjs	https://github.com/expressjs/express/security/advisories/GHSA-qw6h-vgh9-j6wx
89	Apache Commons IO 资源管理错误漏洞	CNNVD-202410-209	CVE-2024-47554	中危	Apache	https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1
90	Eclipse Jetty 安全漏洞	CNNVD-202410-1360	CVE-2024-6763	中危	Eclipse	https://github.com/jetty/jetty.project/security/advisories/GHSA-qh8g-58pp-2wxh
91	Libxslt 安全漏洞	CNNVD-202509-3960	CVE-2025-10911	中危	Libxslt	https://github.com/GNOME/libxslt
92	node-forge 安全漏洞	CNNVD-202511-2712	CVE-2025-12816	中危	个人开发者	https://github.com/digitalbazaar/forge/tags
93	CPython 安全漏洞	CNNVD-202512-050	CVE-2025-13837	中危	Python	https://github.com/python/cpython/tags
94	Node.js 安全漏洞	CNNVD-202501-3939	CVE-2025-23084	中危	Node.js	https://nodejs.org/en/blog/vulnerability/january-2025-security-releases
95	Netty 资源管理错误漏洞	CNNVD-202502-786	CVE-2025-25193	中危	Netty	https://github.com/netty/netty/security/advisories/GHSA-389x-839f-4rhx
96	Dell Crypto-J 安全漏洞	CNNVD-202509-3954	CVE-2025-26333	中危	Dell	https://www.dell.com/support/kbdoc/en-us/000296144/dsa-2025-100-dell-bsafe-crypto-j-security-update
97	DOMPurify 安全漏洞	CNNVD-202502-1648	CVE-2025-26791	中危	个人开发者	https://github.com/cure53/DOMPurify/releases/tag/3.2.4
98	Apache POI 安全漏洞	CNNVD-202504-1558	CVE-2025-31672	中危	Apache	https://lists.apache.org/thread/k14w8vcjqy4h34hh5kzldko78kpylkq5
99	GnuTLS 资源管理错误漏洞	CNNVD-202507-1384	CVE-2025-32988	中危	GnuTLS	https://www.gnutls.org/download.html
100	GnuTLS 信任管理问题漏洞	CNNVD-202507-1386	CVE-2025-32989	中危	GnuTLS	https://www.gnutls.org/download.html
101	GnuTLS 安全漏洞	CNNVD-202507-1485	CVE-2025-32990	中危	GnuTLS	https://www.gnutls.org/download.html
102	VMware Spring Framework 安全漏洞	CNNVD-202506-1648	CVE-2025-41234	中危	VMware	https://spring.io/security/cve-2025-41234
103	VMware Spring Framework 安全漏洞	CNNVD-202508-2012	CVE-2025-41242	中危	VMware	https://spring.io/security/cve-2025-41242
104	Apple多款产品安全漏洞	CNNVD-202509-1939	CVE-2025-43272	中危	Apple	https://support.apple.com/en-us/125108
105	Apple多款产品安全漏洞	CNNVD-202509-1900	CVE-2025-43342	中危	Apple	https://support.apple.com/en-us/125108
106	Apple多款产品安全漏洞	CNNVD-202509-1890	CVE-2025-43356	中危	Apple	https://support.apple.com/en-us/125108
107	OpenSSL 安全漏洞	CNNVD-202505-3303	CVE-2025-4575	中危	OpenSSL	https://github.com/openssl/openssl/releases
108	Redis 代码注入漏洞	CNNVD-202510-439	CVE-2025-46818	中危	Redis	https://redis.io/
109	Redis 输入验证错误漏洞	CNNVD-202510-438	CVE-2025-46819	中危	Redis	https://redis.io/
110	GStreamer 安全漏洞	CNNVD-202508-708	CVE-2025-47183	中危	GStreamer	https://gstreamer.freedesktop.org/
111	Google Go 安全漏洞	CNNVD-202509-3228	CVE-2025-47910	中危	Google	https://pkg.go.dev/vuln/GO-2025-3955
112	libssh 缓冲区错误漏洞	CNNVD-202508-2444	CVE-2025-4877	中危	libssh	https://www.libssh.org/
113	Apache CXF 资源管理错误漏洞	CNNVD-202507-2005	CVE-2025-48795	中危	Apache	https://cxf.apache.org/
114	Apache HTTP Server 授权问题漏洞	CNNVD-202507-1516	CVE-2025-49812	中危	Apache	https://httpd.apache.org/download.cgi
115	ModSecurity 输入验证错误漏洞	CNNVD-202507-091	CVE-2025-52891	中危	OWASP ModSecurity	https://github.com/owasp-modsecurity/ModSecurity/releases
116	libssh 资源管理错误漏洞	CNNVD-202507-423	CVE-2025-5351	中危	libssh	https://www.libssh.org/
117	libssh 安全漏洞	CNNVD-202507-386	CVE-2025-5372	中危	libssh	https://www.libssh.org/
118	Connect2id Nimbus JOSE + JWT 安全漏洞	CNNVD-202507-1613	CVE-2025-53864	中危	Connect2id	https://connect2id.com/products/nimbus-jose-jwt/download
119	libssh 输入验证错误漏洞	CNNVD-202507-3330	CVE-2025-5449	中危	libssh	https://www.libssh.org/security/
120	ModSecurity 安全漏洞	CNNVD-202508-406	CVE-2025-54571	中危	OWASP ModSecurity	https://github.com/owasp-modsecurity/ModSecurity/releases
121	Apache Spark 安全漏洞	CNNVD-202510-2209	CVE-2025-55039	中危	Apache	https://spark.apache.org/
122	Apache Tomcat 安全漏洞	CNNVD-202510-3509	CVE-2025-55754	中危	Apache	https://tomcat.apache.org/
123	Netty 安全漏洞	CNNVD-202509-677	CVE-2025-58057	中危	Netty	https://netty.io/
124	Axios 安全漏洞	CNNVD-202509-1824	CVE-2025-58754	中危	Axios	https://github.com/axios/axios/releases/tag/v1.12.2
125	Expat 安全漏洞	CNNVD-202509-2278	CVE-2025-59375	中危	Expat	https://libexpat.github.io/
126	Netty 注入漏洞	CNNVD-202510-2089	CVE-2025-59419	中危	Netty	https://github.com/netty/netty/tags
127	Apache HTTP Server 安全漏洞	CNNVD-202512-689	CVE-2025-59775	中危	Apache	https://httpd.apache.org/download.cgi
128	libssh 安全漏洞	CNNVD-202507-688	CVE-2025-5987	中危	libssh	https://www.libssh.org/
129	Python 安全漏洞	CNNVD-202506-2001	CVE-2025-6069	中危	Python	https://www.python.org/downloads/
130	Apache Tomcat 安全漏洞	CNNVD-202510-3505	CVE-2025-61795	中危	Apache	https://tomcat.apache.org/
131	GnuTLS 代码问题漏洞	CNNVD-202507-1504	CVE-2025-6395	中危	GnuTLS	https://www.gnutls.org/download.html
132	libpng 缓冲区错误漏洞	CNNVD-202511-2690	CVE-2025-64505	中危	The PNG Development Group	https://github.com/pnggroup/libpng/tags
133	libpng 缓冲区错误漏洞	CNNVD-202511-2688	CVE-2025-64506	中危	The PNG Development Group	https://github.com/pnggroup/libpng/tags
134	JS-YAML 安全漏洞	CNNVD-202511-1593	CVE-2025-64718	中危	Nodeca	https://github.com/nodeca/js-yaml/tags
135	Apache HTTP Server 安全漏洞	CNNVD-202512-686	CVE-2025-66200	中危	Apache	https://httpd.apache.org/download.cgi
136	Netty 注入漏洞	CNNVD-202512-3127	CVE-2025-67735	中危	Netty	https://netty.io/downloads.html
137	Eclipse Jakarta Mail 安全漏洞	CNNVD-202507-2694	CVE-2025-7962	中危	Eclipse	https://jakarta.ee/specifications/mail/
138	LibTIFF 资源管理错误漏洞	CNNVD-202507-3371	CVE-2025-8176	中危	LibTIFF	https://libtiff.gitlab.io/libtiff/
139	LibTIFF 安全漏洞	CNNVD-202507-3372	CVE-2025-8177	中危	LibTIFF	https://libtiff.gitlab.io/libtiff/
140	CPython 安全漏洞	CNNVD-202507-3503	CVE-2025-8194	中危	Python	https://github.com/python/cpython
141	Python 安全漏洞	CNNVD-202510-915	CVE-2025-8291	中危	Python	https://docs.python.org/3/library/zipfile.html
142	pip 安全漏洞	CNNVD-202509-3859	CVE-2025-8869	中危	Python Packaging Authority	https://pip.pypa.io/en/stable/
143	Bouncy Castle 安全漏洞	CNNVD-202508-1017	CVE-2025-8885	中危	Bouncy Castle	https://www.bouncycastle.org/download/bouncy-castle-java/
144	OpenSSL 安全漏洞	CNNVD-202509-4472	CVE-2025-9230	中危	OpenSSL	https://www.openssl.org/
145	OpenSSL 安全漏洞	CNNVD-202509-4471	CVE-2025-9231	中危	OpenSSL	https://www.openssl.org/
146	Apache Subversion 安全漏洞	CNNVD-202412-780	CVE-2024-46901	低危	Apache	https://subversion.apache.org/security/CVE-2024-46901-advisory.txt
147	curl 安全漏洞	CNNVD-202509-1821	CVE-2025-10148	低危	cURL	https://github.com/curl/curl/releases
148	VMware Spring Framework 输入验证错误漏洞	CNNVD-202505-2590	CVE-2025-22233	低危	VMware	https://github.com/spring-projects/spring-framework/releases
149	libheif 代码问题漏洞	CNNVD-202504-3215	CVE-2025-43966	低危	struktur	https://github.com/strukturag/libheif/releases
150	libheif 代码问题漏洞	CNNVD-202504-3234	CVE-2025-43967	低危	struktur	https://github.com/strukturag/libheif/releases
151	libssh 资源管理错误漏洞	CNNVD-202507-2883	CVE-2025-4878	低危	libssh	https://www.libssh.org/files/
152	Apache HTTP Server 安全漏洞	CNNVD-202512-682	CVE-2025-58098	低危	Apache	https://httpd.apache.org/download.cgi
153	glib 输入验证错误漏洞	CNNVD-202506-1786	CVE-2025-6052	低危	GNOME	https://gitlab.gnome.org/GNOME/glib/
154	CPython 安全漏洞	CNNVD-202510-4411	CVE-2025-6075	低危	Python	https://github.com/python/cpython/tags
155	Apache HTTP Server 安全漏洞	CNNVD-202512-688	CVE-2025-65082	低危	Apache	https://httpd.apache.org/download.cgi
156	Apache Log4j 安全漏洞	CNNVD-202512-3348	CVE-2025-68161	低危	Apache	https://lists.apache.org/thread/xr33kyxq3sl67lwb61ggvm1fzc8k7dvx
157	libxml2 安全漏洞	CNNVD-202508-766	CVE-2025-8732	低危	GNOME	https://gitlab.gnome.org/GNOME/libxml2
158	Bouncy Castle 安全漏洞	CNNVD-202508-1337	CVE-2025-8916	低危	Bouncy Castle	https://github.com/bcgit/bc-java/commit/310b30a4fbf36d13f6cc201ffa7771715641e67e
159	LibTIFF 缓冲区错误漏洞	CNNVD-202508-1636	CVE-2025-8961	低危	LibTIFF	https://libtiff.gitlab.io/libtiff/
160	OpenSSL 安全漏洞	CNNVD-202509-4470	CVE-2025-9232	低危	OpenSSL	https://www.openssl.org/

三、修复建议

目前，Oracle官方已经发布补丁修复了上述漏洞，建议用户及时确认漏洞影响，尽快采取修补措施。Oracle官方补丁下载地址：

https://www.oracle.com/security-alerts/cpujan2026.html

下一条：【漏洞通报】CNNVD关于Apache Struts安全漏洞的通报