Oracle security patch release for CVE-2026-21992
Security Patch Release
Summary
Hide ▲
Show ▼
Oracle released security updates for CVE-2026-21992, a critical flaw in Identity Manager and Web Services Manager that could enable unauthenticated remote code execution. The patch matters because the affected versions include 12.2.1.4.0 and 14.1.2.1.0, and Oracle urged customers to apply the update without delay. Oracle said it has no evidence of in-the-wild exploitation for this issue.
Related Happenings
Oracle E-Business Suite May 2026 Critical Security Patch Update (CVE-2026-46817)
Security Patch Release
H score53
First: 29.06.2026 16:46
Last: 29.06.2026 16:46
Sources 1
About this happening:
**Oracle**'s **May 2026 Critical Security Patch Update** addressed **CVE-2026-46817** in **Oracle E-Business Suite**, a **critical** flaw in **Oracle Payments** that could let an...
Oracle E-Business Suite May 2026 Critical Security Patch Update (CVE-2026-46817)
Security Patch ReleaseAbout this happening: **Oracle**'s **May 2026 Critical Security Patch Update** addressed **CVE-2026-46817** in **Oracle E-Business Suite**, a **critical** flaw in **Oracle Payments** that could let an...
SimpleHelp security update for CVE-2026-48558
Security Patch Release
H score65
First: 15.06.2026 23:06
Last: 15.06.2026 23:06
Sources 1
About this happening:
**SimpleHelp** released **5.5.16** and **6.0 RC2** on **June 9** to fix **CVE-2026-48558**, a critical **OIDC** authentication flaw in **SimpleHelp remote management software** th...
SimpleHelp security update for CVE-2026-48558
Security Patch ReleaseAbout this happening: **SimpleHelp** released **5.5.16** and **6.0 RC2** on **June 9** to fix **CVE-2026-48558**, a critical **OIDC** authentication flaw in **SimpleHelp remote management software** th...
Ivanti EPMM patch release for CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821
Security Patch Release
H score66
First: 07.05.2026 18:20
Last: 07.05.2026 18:20
Sources 1
About this happening:
Ivanti released a security update for on-prem Endpoint Manager Mobile (EPMM) covering CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821. The patch addresses high-seve...
Ivanti EPMM patch release for CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821
Security Patch ReleaseAbout this happening: Ivanti released a security update for on-prem Endpoint Manager Mobile (EPMM) covering CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821. The patch addresses high-seve...
Latest development: 07.05.2026 20:55
Ivanti released fixes for CVE-2026-5786, CVE-2026-5787, CVE-2026-5788, and CVE-2026-7821 in Endpoint Manager Mobile (EPMM). The updates apply only to on-prem EPMM before versions 12.6.1.1, 12.7.0.1, and 12.8.0.1, and Ivanti said the issues are not present in Ivanti Neurons for MDM, Ivanti EPM, Ivanti Sentry, or other Ivanti products.
CPanel security patch release for CVE-2026-41940
Security Patch Release
H score89
First: 29.04.2026 12:37
Last: 29.04.2026 12:37
Sources 1
About this happening:
**cPanel** released **security updates** for **cPanel and WHM** after an **authentication bypass** flaw could let remote attackers reach control-panel access, with fixes now cover...
CPanel security patch release for CVE-2026-41940
Security Patch ReleaseAbout this happening: **cPanel** released **security updates** for **cPanel and WHM** after an **authentication bypass** flaw could let remote attackers reach control-panel access, with fixes now cover...
Latest development: 04.05.2026 22:14
CVE-2026-41940 in cPanel, WebHost Manager (WHM), and WP Squared was rapidly exploited after public disclosure, with Censys reporting attacks from multiple threat actors within 24 hours and about 15,000 potentially compromised instances in the first day. KnownHost said about 30 managed cPanel servers showed attempted exploitation, WatchTowr Labs published a PoC exploit and technical analysis, and Defused said much of the observed activity copied WatchTowr's PoC exactly.
LiteLLM security patch release for CVE-2026-42208
Security Patch Release
H score31
First: 29.04.2026 00:07
Last: 29.04.2026 00:07
Sources 1
About this happening:
**LiteLLM version 1.83.7** ships a fix for **CVE-2026-42208**, closing a **critical SQL injection** path in the proxy API key verification flow. The release replaces **string conc...
LiteLLM security patch release for CVE-2026-42208
Security Patch ReleaseAbout this happening: **LiteLLM version 1.83.7** ships a fix for **CVE-2026-42208**, closing a **critical SQL injection** path in the proxy API key verification flow. The release replaces **string conc...
Timeline
-
21.03.2026 12:24 2 articles · 3mo ago
Oracle releases security update for CVE-2026-21992
Mitigation Patch UpdateOracle released security updates for CVE-2026-21992 affecting Oracle Identity Manager and Oracle Web Services Manager versions 12.2.1.4.0 and 14.1.2.1.0, addressing a remotely exploitable unauthenticated flaw that could enable remote code execution and urging customers to apply the update without delay.
Show sources
- Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager — thehackernews.com — 21.03.2026 12:24
- Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager — thehackernews.com — 21.03.2026 12:24