Oracle also released a significant number of patches for MySQL (34 fixes – 3 for issues exploitable by remote, unauthenticated attackers), PeopleSoft (21 – 7), E-Business Suite (18 – 8), Analytics (15 – 11), Retail Applications (15 – 15), and Siebel CRM (14 – 13).Several products received close to a dozen patches each, including Java SE (11 – 7), GoldenGate (10 – 7), Enterprise Manager (9 – 8), Virtualization (9 – 1), and Database Server (8 – 4).Fixes were also released for Adapter for Eclipse RDF4J, Autonomous Health Framework, Blockchain Platform, REST Data Services, TimesTen In-Memory Database, Commerce, Construction and Engineering, Life Science Applications, Hospitality Applications, Hyperion, JD Edwards, Supply Chain, Systems, and Utilities Applications.Approximately 390 of the vulnerabilities resolved with the latest Oracle patches were publicly disclosed over the past two years. Most of the remaining ones are from 2022-2024, but five were disclosed over half a decade ago: four in 2021 and one in 2020.Oracle published the April 2026 CPU one month after it released anemergency patch for CVE-2026-21992, a critical-severity remote code execution flaw in Identity Manager and Web Services Manager.Related:Oracle’s First 2026 CPU Delivers 337 New Security PatchesRelated:Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMasterRelated:Organizations Warned of Exploited Cisco, Kentico, Zimbra VulnerabilitiesRelated:Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking
Several products received close to a dozen patches each, including Java SE (11 – 7), GoldenGate (10 – 7), Enterprise Manager (9 – 8), Virtualization (9 – 1), and Database Server (8 – 4).Fixes were also released for Adapter for Eclipse RDF4J, Autonomous Health Framework, Blockchain Platform, REST Data Services, TimesTen In-Memory Database, Commerce, Construction and Engineering, Life Science Applications, Hospitality Applications, Hyperion, JD Edwards, Supply Chain, Systems, and Utilities Applications.Approximately 390 of the vulnerabilities resolved with the latest Oracle patches were publicly disclosed over the past two years. Most of the remaining ones are from 2022-2024, but five were disclosed over half a decade ago: four in 2021 and one in 2020.Oracle published the April 2026 CPU one month after it released anemergency patch for CVE-2026-21992, a critical-severity remote code execution flaw in Identity Manager and Web Services Manager.Related:Oracle’s First 2026 CPU Delivers 337 New Security PatchesRelated:Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMasterRelated:Organizations Warned of Exploited Cisco, Kentico, Zimbra VulnerabilitiesRelated:Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking
Fixes were also released for Adapter for Eclipse RDF4J, Autonomous Health Framework, Blockchain Platform, REST Data Services, TimesTen In-Memory Database, Commerce, Construction and Engineering, Life Science Applications, Hospitality Applications, Hyperion, JD Edwards, Supply Chain, Systems, and Utilities Applications.Approximately 390 of the vulnerabilities resolved with the latest Oracle patches were publicly disclosed over the past two years. Most of the remaining ones are from 2022-2024, but five were disclosed over half a decade ago: four in 2021 and one in 2020.Oracle published the April 2026 CPU one month after it released anemergency patch for CVE-2026-21992, a critical-severity remote code execution flaw in Identity Manager and Web Services Manager.Related:Oracle’s First 2026 CPU Delivers 337 New Security PatchesRelated:Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMasterRelated:Organizations Warned of Exploited Cisco, Kentico, Zimbra VulnerabilitiesRelated:Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking
Approximately 390 of the vulnerabilities resolved with the latest Oracle patches were publicly disclosed over the past two years. Most of the remaining ones are from 2022-2024, but five were disclosed over half a decade ago: four in 2021 and one in 2020.Oracle published the April 2026 CPU one month after it released anemergency patch for CVE-2026-21992, a critical-severity remote code execution flaw in Identity Manager and Web Services Manager.Related:Oracle’s First 2026 CPU Delivers 337 New Security PatchesRelated:Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMasterRelated:Organizations Warned of Exploited Cisco, Kentico, Zimbra VulnerabilitiesRelated:Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking
Oracle published the April 2026 CPU one month after it released anemergency patch for CVE-2026-21992, a critical-severity remote code execution flaw in Identity Manager and Web Services Manager.Related:Oracle’s First 2026 CPU Delivers 337 New Security PatchesRelated:Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMasterRelated:Organizations Warned of Exploited Cisco, Kentico, Zimbra VulnerabilitiesRelated:Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking
Related:Oracle’s First 2026 CPU Delivers 337 New Security PatchesRelated:Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMasterRelated:Organizations Warned of Exploited Cisco, Kentico, Zimbra VulnerabilitiesRelated:Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking
Related:Progress Patches Multiple Vulnerabilities in MOVEit WAF, LoadMasterRelated:Organizations Warned of Exploited Cisco, Kentico, Zimbra VulnerabilitiesRelated:Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking
Related:Organizations Warned of Exploited Cisco, Kentico, Zimbra VulnerabilitiesRelated:Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking
Related:Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking
Ionut Arghire is an international correspondent for SecurityWeek.
Source: SecurityWeek
