patch Articles

SolarWinds Patches Critical RCE and Auth Bypass Flaws in Web Help Desk

Four critical vulnerabilities in SolarWinds Web Help Desk allow unauthenticated remote code execution and authentication bypass. CISA confirms active exploitation with February 6 federal deadline.

January 29, 2026 SolarWinds RCE vulnerability

Oracle January 2026 Critical Patch Update Addresses 337 Vulnerabilities

Massive security update includes patches across 122 products with two CVSS 10.0 flaws. Java SE receives 11 remotely exploitable patches, and Financial Services Applications have 33 unauthenticated attack vectors.

January 20, 2026 Oracle patch vulnerability

SAP Patches Critical SQL Injection in S/4HANA with CVSS 9.9 Score

January 2026 Security Patch Day addresses 19 vulnerabilities including CVE-2026-0501, a critical SQL injection in S/4HANA's General Ledger that enables full system compromise through arbitrary SQL execution.

January 13, 2026 SAP SQL injection patch