Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Oracle security patch release for CVE-2026-21992

Security Patch Release
First reported
Last updated
Happening score
H score 55
1 unique sources, 1 articles

Summary

Hide ▲

Oracle released security updates for CVE-2026-21992, a critical flaw in Identity Manager and Web Services Manager that could enable unauthenticated remote code execution. The patch matters because the affected versions include 12.2.1.4.0 and 14.1.2.1.0, and Oracle urged customers to apply the update without delay. Oracle said it has no evidence of in-the-wild exploitation for this issue.

Related Happenings

Ivanti EPMM patch release for CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821

Security Patch Release
First: 07.05.2026 18:20 Last: 07.05.2026 18:20 Sources 1

About this happening: Ivanti released a security update for on-prem Endpoint Manager Mobile (EPMM) covering CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821. The patch addresses high-seve...

Latest development: 07.05.2026 20:55

Ivanti released fixes for CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821 in Endpoint Manager Mobile (EPMM). The updates apply only to on-prem EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1, and Ivanti said the issues are not present in Ivanti Neurons for MDM, Ivanti EPM, Ivanti Sentry, or other Ivanti products.

Open Happening

CPanel security patch release for CVE-2026-41940

Security Patch Release
First: 29.04.2026 12:37 Last: 29.04.2026 12:37 Sources 1

About this happening: **cPanel** released **security updates** for **cPanel and WHM** after an **authentication bypass** flaw could let remote attackers reach control-panel access, with fixes now cover...

Latest development: 04.05.2026 22:14

CVE-2026-41940 in cPanel, WebHost Manager (WHM), and WP Squared was rapidly exploited after public disclosure, with Censys reporting attacks from multiple threat actors within 24 hours and about 15,000 potentially compromised instances in the first day. KnownHost said about 30 managed cPanel servers showed attempted exploitation, WatchTowr Labs published a PoC exploit and technical analysis, and Defused said much of the observed activity copied WatchTowr's PoC exactly.

Open Happening

LiteLLM security patch release for CVE-2026-42208

Security Patch Release
First: 29.04.2026 00:07 Last: 29.04.2026 00:07 Sources 1

About this happening: **LiteLLM version 1.83.7** ships a fix for **CVE-2026-42208**, closing a **critical SQL injection** path in the proxy API key verification flow. The release replaces **string conc...

Open Happening

WolfSSL security patch release (CVE-2026-5194)

Security Patch Release
First: 13.04.2026 22:56 Last: 13.04.2026 22:56 Sources 1

About this happening: The **wolfSSL project** released **version 5.9.1** to fix **CVE-2026-5194**, a cryptographic validation flaw that could let vulnerable deployments accept forged certificates. The...

Open Happening

Apache ActiveMQ Classic CVE-2026-34197 patch release

Security Patch Release
First: 08.04.2026 12:15 Last: 08.04.2026 12:15 Sources 1

About this happening: **Apache ActiveMQ Classic** patched **CVE-2026-34197**, a **remote code execution** flaw that lets an attacker abuse the **Jolokia API** to run OS commands. Users running the brok...

Open Happening

Timeline

  1. 21.03.2026 12:24 2 articles · 2mo ago

    Oracle releases security update for CVE-2026-21992

    Mitigation Patch Update

    Oracle released security updates for CVE-2026-21992 affecting Oracle Identity Manager and Oracle Web Services Manager versions 12.2.1.4.0 and 14.1.2.1.0, addressing a remotely exploitable unauthenticated flaw that could enable remote code execution and urging customers to apply the update without delay.

    Show sources
    Open in new tab