Oracle released their April 2017 Critical Patch Update, or CPU, that resolves a record breaking 299 vulnerabilities across all of their products. Of these 299 vulnerabilities, over 100 are remotely exploitable without authentication. Oracle Financial Services Applications with 47 vulnerabilities and Oracle Retail Applications and Oracle MySQL, which are tied at 39 fixes. Java, which is notorious for being used by exploit kits to install malware on vulnerable systems had 8 new security fixes, with 7 of them being exploitable. One of the vulnerabilities they discovered in Oracle E-Business would allow attackers to remotely read business data from databases without authorization.
Source: https://www.bleepingcomputer.com/news/security/oracle-delivers-a-whopping-299-fixes-in-april-2017s-critical-patch-update/