Oracle has just released a critical patch for a vulnerability in WebLogic Server Web Services. CVE-2019-2729 fixes a deserialization vulnerability via the XML decoder in Oracle WebLogic Server Web Services. This remote code execution vulnerability can be exploited remotely without authentication, i.e. it can be exploited over a network without requiring a username and password. Link 1, Link 2 (via Tweet of @PhantomofMobile).