Oracle Critical Patch Update Advisory - April 2026

A Critical Patch Update is a collection of patches for multiple security vulnerabilities. These patches address vulnerabilities in Oracle code and in third party components included in Oracle products. These patches are usually cumulative, but each advisory describes only the security patches add...

CVE-2026-21992

Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware component: REST WebServices and Oracle Web Services Manager product of Oracle Fusion Middleware component: Web Services Security. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable...

Oracle Patches Critical CVE-2026-21992 Enabling Unauthenticated RCE in Identity Manager

Oracle has released security updates to address a critical security flaw impacting Identity Manager and Web Services Manager that could be exploited to achieve remote code execution. The vulnerability, tracked as CVE-2026-21992 , carries a CVSS score of 9.8 out of a maximum of 10.0. "This...

Vulnerability fixed in Oracle Identity Manager and Oracle Web Services Manager

Oracle has fixed a vulnerability in two components of Fusion Middleware, Oracle Identity Manager and Oracle Web Services Manager. The vulnerability comes from insufficient access controls within Oracle Identity Manager and Oracle Web Services Manager, allowing unauthenticated remote attackers to...

CVE-2026-21992

Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware component: REST WebServices and Oracle Web Services Manager product of Oracle Fusion Middleware component: Web Services Security. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable...

CVE-2026-21992

Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware component: REST WebServices and Oracle Web Services Manager product of Oracle Fusion Middleware component: Web Services Security. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable...

EUVD-2026-13486

Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware component: REST WebServices and Oracle Web Services Manager product of Oracle Fusion Middleware component: Web Services Security. Supported versions that are affected are 12.2.1.4.0 and 14.1.2.1.0. Easily exploitable...

CVE-2026-21992

The CVE-2026-21992 vulnerability affects Oracle Fusion Middleware components: Oracle Identity Manager (REST WebServices) and Oracle Web Services Manager (Web Services Security). Affected versions are 12.2.1.4.0 and 14.1.2.1.0. It is exploitable over HTTP without authentication and can lead to tak...

Oracle Identity Manager 安全漏洞

Oracle Identity Manager is an identity governance platform provided by Oracle Corporation in the United States. It offers capabilities for managing the identity lifecycle and implementing access control. Vulnerabilities exist in versions 12.2.1.4.0 and 14.1.2.1.1.0 of Oracle Identity Manager, as...

Oracle Identity Manager and Web Services Manager RCE (CVE-2026-21992)

The remote host has Oracle Identity Manager and/or Oracle Web Services Manager installed and is affected by a remote code execution vulnerability as referenced in the CVE-2026-21992 Security Alert Advisory. - Vulnerability in the Oracle Identity Manager product of Oracle Fusion Middleware...

PT-2026-26538

Name of the Vulnerable Software and Affected Versions Oracle Identity Manager versions 12.2.1.4.0 and 14.1.2.1.0 Oracle Web Services Manager versions 12.2.1.4.0 and 14.1.2.1.0 Description A critical vulnerability exists in Oracle Identity Manager component: REST WebServices and Oracle Web Service...

EUVD-2013-1589

Malware in sbrugna...

EUVD-2011-2226

Malware in sbrugna...

EUVD-2011-3532

Malware in sbrugna...

EUVD-2011-3494

Malware in sbrugna...

EUVD-2011-3531

Malware in sbrugna...

EUVD-2011-3486

Malware in sbrugna...

EUVD-2023-26028

Malicious code in bioql PyPI...

CVE-2023-21862

Vulnerability in the Oracle Web Services Manager product of Oracle Fusion Middleware component: XML Security component. The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web...

CVE-2011-3568

Unspecified vulnerability in the Oracle Web Services Manager component in Oracle Fusion Middleware 11.1.1.3, 11.1.1.4, and 11.1.1.5 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related to Web Services Security...