PatchDay Alert

The 5-minute patch brief for the person who actually has to patch stuff.

Jun 5, 2026

•

5 min read

A perfect 10 in Azure HorizonDB and a Copilot RCE you shouldn't ignore

CVE-2026-48567 is a CVSS 10.0 unauthenticated auth bypass in Azure HorizonDB. Also today: authenticated RCE in Microsoft Copilot (7.7), a Chrome sandbox escape via ImageCapture (7.5), a WordPress site-takeover in Hybrid Composer (9.8), and a DLL-loading trick in SQLite's sqldiff on Windows (9.8).

Colten A

Jun 4, 2026

•

5 min read

OpenShift ClusterRole blows wide open, Cisco UCM goes from SSRF to root

OpenShift ClusterRole CVSS 9.6 privilege escalation grants authenticated users secret access. Plus Cisco UCM SSRF-to-root (8.6) and AWS IAM flaws. Critical patches urgent.

Colten A

Jun 3, 2026

•

5 min read

A 9.8 WordPress site takeover, a healthcare RCE, and two NI driver bugs

ARMember Premium lets unauthenticated attackers reset any admin password (CVSS 9.8). Spacelabs Sentinel has a file-write-to-webshell path on port 8989 (CVSS 9.8). NI-PAL driver flaws give local users a privesc and a blue-screen. LibreChat lets any logged-in user hijack another user's API keys.

Colten A

Jun 2, 2026

•

5 min read

SharePoint deser RCE, OpenShift HAProxy injection, and a WordPress SQLi from 2018

CVE-2026-47294 lets any authenticated SharePoint user run code on your server (CVSS 8.0). CVE-2026-1784 turns OpenShift Route objects into HAProxy config injection (CVSS 8.8). Plus an ancient unauthenticated SQLi in WP AutoSuggest finally gets a CVE.

Colten A

Jun 1, 2026

•

5 min read

PAN-OS auth bypass exploited in the wild, plus a 9.8 in Redshift and a Chrome sandbox escape

Attackers are tunneling into Palo Alto firewalls without credentials (CVE-2026-0257). Also: a CVSS 9.8 RCE in Amazon's Redshift Python driver via eval(), a CVSS 9.6 Chrome WebGPU sandbox escape, and a GitHub CLI token leak.

Colten A

May 29, 2026

•

5 min read

Go SSH silently trusts revoked host keys, NGINX rewrite bypass, and an Oracle DB takeover path

CVE-2026-42508 (CVSS 9.1) means your Go SSH tooling ignores @revoked markers in known_hosts. Also: an NGINX rewrite module access-control bypass at CVSS 8.1, a Perl Archive::Tar symlink path traversal at 9.1, and an unauthenticated Oracle Database Net listener takeover at 9.0. None exploited in the wild yet.