The Hacker News

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Oracle fixes CVE-2026-21992 (CVSS 9.8) flaw enabling unauthenticated RCE via HTTP, risking full system compromise.
Dark Reading

Patch Now: Oracle's Fusion Middleware Has Critical RCE Flaw

Attackers can execute arbitrary code without authentication if Oracle's Identity or Web Services Managers are exposed to the Web.
CRN

Oracle's Patches Are 'Light Load,' Experts Say

But compared to previous Oracle updates, the first security bulletin of 2008 is small, experts say. Last's October's bulletin contained more than 50 patches and experts say that they've seen updates ...
Dark Reading

Oracle Patches Get Bad Rap

On the surface, a recently published survey by the Independent Oracle Users Group (IOUG) bears some seemingly frightening numbers. According to the study, which was conducted during the middle of 2008 ...
CSOonline

Oracle Issues 36 Patches, But Is Anyone Applying Them?

Many database administrators don’t always apply security patches to their environments in a speedy fashion, but that’s not stopping Oracle Corp. from releasing dozens of them on a quarterly basis. The ...
ZDNet

Survey: Most Oracle professionals don't patch

Two-thirds of Oracle Database professionals are not applying critical patches, security company Sentrigo has found. In a survey of 305 Oracle professionals, Sentrigo found the majority did not apply ...
Network World

Oracle patches on tap

Last week it was Microsoft’s Patch Tuesday, this week Oracle delivers a boatload of patches. In all, the company will release 27 updates for its database, e-business suite and application server. Also ...