The Hacker News

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Oracle fixes CVE-2026-21992 (CVSS 9.8) flaw enabling unauthenticated RCE via HTTP, risking full system compromise.
ZDNet

Data leak, phishing security flaws disclosed in Oracle iPlanet Web Server

Tracked as CVE-2020-9315 and CVE-2020-9314, the security flaws allow for sensitive data exposure and limited injection attacks. First discovered by Nightwatch Cybersecurity researchers on January 19, ...
Computerworld

Oracle issues largest patch bundle ever, fixing 276 security flaws

Oracle has released a new quarterly batch of security updates for more than 80 products from its software portfolio, fixing 276 vulnerabilities. This is the largest Oracle Critical Patch Update (CPU) ...
ZDNet

Time to get patching: Oracle's quarterly Critical Patch Update arrives with 520 fixes

Enterprise software giant Oracle has released its April Critical Patch Update (CPU) advisory, which includes 520 fixes for security flaws. Critical Patch Updates are collections of security fixes for ...
InfoWorld

Oracle security update includes Java, MySQL, Oracle Database fixes

Administrators who support Java applications and various Oracle databases should pay close attention to the latest quarterly security update from Oracle, as more than a third of the security fixes ...