Oracle issued Critical Patch Update for April 2016, fixing 136 vulnerabilities in different products. Update includes patches for Oracle Database Server, Fusion Middleware, MySQL Server, Java, Peoplesoft, E-Business Suite and other applications.
Many of the vulnerabilities are remotely exploitable, so we advise to install those patches ASAP. Java users should also install patches, since details of remote code execution vulnerability CVE-2016-0636 are publicly exposed.
The list of vulnerable software and patches are available here: http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
We encourage everybody to install patches.