patching

Microsoft’s out‑of‑band hotpatch KB5084597, quietly deployed in mid‑March 2026, closes a cluster of critical remote‑code‑execution flaws in the Windows Routing and Remote Access Service (RRAS) management tool — and it does so using Microsoft’s hotpatch mechanism so eligible enterprise endpoints...

The Linux kernel received a small but important patch closing a race that could lead to a kernel use‑after‑free in the SCSI target iSCSI code: CVE‑2026‑23216 fixes a timing window in iscsit_dec_conn_usage_count() where the code called complete() while still holding a connection spinlock...

Oracle’s MySQL Server was assigned CVE-2024-20981 — a denial-of-service weakness in the Server: DDL component that can be triggered by a high-privilege account with network access to repeatedly hang or crash the mysqld process, producing a complete or sustained loss of availability for affected...

Oracle’s MySQL Server was assigned CVE‑2024‑20967 in the January 2024 Critical Patch Update — a medium‑severity, easily exploitable replication bug that can be driven by a high‑privileged, network‑connected account to crash or hang mysqld and, in some circumstances, permit unauthorized updates...

A recently disclosed Linux-kernel vulnerability, tracked as CVE-2025-21945, fixes a subtle but consequential use‑after‑free in the in‑kernel SMB server (ksmbd) — the bug can reliably produce kernel instability and therefore presents a high availability risk for any system whose kernel includes...

Google’s widely used RPC stack has been rocked by a high‑impact denial‑of‑service flaw that can be triggered remotely against a range of gRPC deployments on POSIX platforms: CVE‑2023‑4785 arises from missing error handling in the gRPC TCP server and allows a remote attacker to exhaust server...

Libvirt has been assigned CVE-2024-1441 for an off-by-one bug in the udevListInterfacesByStatus() function that can be triggered by an unprivileged client to crash the libvirt daemon, producing a denial-of-service condition for virtualization management on affected systems. Background Libvirt is...

The discovery of CVE-2024-2494 exposed a simple but dangerous class of bug inside libvirt’s RPC deserialization: a negative array length read from an attacker-controlled RPC message can be passed to GLib’s g_new0 allocator and — because the negative value is interpreted as a very large unsigned...

Siemens has released an urgent security update for NX after researchers discovered a cluster of high‑severity file‑parsing vulnerabilities in the way the product reads CGM (Computer Graphics Metafile) files; the flaws—tracked as CVE‑2026‑22923, CVE‑2026‑22924 and CVE‑2026‑22925—can cause...

A newly cataloged vulnerability, tracked as CVE-2026-20927, has been posted in Microsoft's Update Guide as a denial‑of‑service (DoS) flaw affecting the Windows SMB Server component; the advisory and the vendor‑confidence classification published alongside it change the operational calculus for...