patch-management

CVE-2026-3055, a CVSS 9.3 memory overread in NetScaler ADC and Gateway, echoes the 2023 CitrixBleed vulnerability that led to mass exploitation, with over 30,000 instances exposed online.

Oracle releases out-of-band patch for CVE-2026-21992, a CVSS 9.8 unauthenticated RCE flaw in Identity Manager and Web Services Manager, just months after a similar vulnerability was actively exploited in the wild.