Patch/Configuration Management

The vulnerability, identified as CVE-2026-20805, affects the Windows Desktop Window Manager and allows attackers to leak small pieces of memory information.

The January updates include 57 elevation of privilege flaws, 22 remote code execution flaws, and 22 information disclosure flaws.

The exploit requires no authentication and requires a manual router reset to reconnect.

Multiple iterations of the Apache Struts 2 open-source web application framework have been impacted by the high-severity XML external entity injection vulnerability, tracked as CVE-2025-68493, which could be exploited to facilitate data exposure, as well as denial-of-service and server-side request forgery intrusions, GBHackers News reports.

Ongoing attacks involving the high-severity path traversal flaw in the open-source Git service Gogs, tracked as CVE-2025-8110, have prompted the issue's inclusion in the Cybersecurity and Infrastructure Security Agency's Known Exploited Vulnerabilities catalog, reports Security Affairs.

Manual patching can't stay ahead of today's complex, dynamic enterprise environments. Automated patch management solves this by maintaining resilience through continuous consistency.

Coolify, an open-source self-hosting platform, has disclosed 11 critical security flaws that could allow attackers to bypass authentication, run remote code execution, and fully take over affected servers, The Hacker News reports.