March 20, 2026 vulnerability digest: Oracle emergency patch, Spring Actuator bypasses
by Artem Safonov
Oracle broke its quarterly cycle with an emergency patch for Identity Manager RCE (CVSS 9.8), likely a bypass of an actively exploited October 2025 flaw. Spring patched two actuator auth bypasses. FastGPT's GitHub Actions let anyone push malicious Docker images.
Read more →