SecurityWeek

Oracle Releases Emergency Patch for Critical Identity Manager Vulnerability

Oracle issues out-of-band updates to patch CVE-2026-21992, a critical vulnerability in Identity Manager and Web Services ...
The Hacker News

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Oracle fixes CVE-2026-21992 (CVSS 9.8) flaw enabling unauthenticated RCE via HTTP, risking full system compromise.
Dark Reading

Patch Now: Oracle's Fusion Middleware Has Critical RCE Flaw

Attackers can execute arbitrary code without authentication if Oracle's Identity or Web Services Managers are exposed to the Web.
CRN

Oracle's Patches Are 'Light Load,' Experts Say

But compared to previous Oracle updates, the first security bulletin of 2008 is small, experts say. Last's October's bulletin contained more than 50 patches and experts say that they've seen updates ...
ZDNet

Survey: Most Oracle professionals don't patch

Two-thirds of Oracle Database professionals are not applying critical patches, security company Sentrigo has found. In a survey of 305 Oracle professionals, Sentrigo found the majority did not apply ...