patching guidance

A newly published denial‑of‑service vulnerability in Oracle’s MySQL Server — tracked as CVE‑2025‑50097 — should be treated as an operational emergency for teams that run affected MySQL releases, particularly where administrative or privileged database accounts are reachable over the network. The...

Siemens has disclosed a cluster of high‑impact vulnerabilities in its COMOS engineering platform that, taken together, create multiple realistic attack paths — from sensitive information disclosure and cross‑site scripting to remote code execution and denial‑of‑service — and the vendor and...

Microsoft’s Security Update Guide assigned CVE‑2026‑21226 to the Azure Core shared client library for Python, flagging a remote code execution (RCE) class vulnerability in a foundational SDK component used across dozens of Azure client libraries — a high‑impact finding that requires prompt...

Microsoft’s Security Update Guide lists CVE-2026-20937 as an information-disclosure vulnerability in Windows File Explorer; the vendor record confirms the issue exists but provides only terse public detail, leaving defenders to balance urgent mitigations with careful validation of KB mappings...

Microsoft has recorded CVE-2026-20870 as an elevation-of-privilege flaw in the Windows Win32 kernel subsystem; the vendor’s public entry confirms the existence of a kernel-level local EoP and attaches Microsoft’s “confidence” metric to the record — a signal administrators should treat as an...

Microsoft’s public advisory for CVE-2026-20870 describes a high‑impact elevation‑of‑privilege defect in the Windows Win32k kernel subsystem that can be triggered by a local, authenticated actor and that Microsoft treats with a measured disclosure posture using its published confidence metric...