Install the June 2026 Exchange Server updates for CVE-2026-42897, keep mitigations in place during rollout, and verify OWA, mail flow, logs, and backups.
Patch Apache Flink CVE-2026-35194 by upgrading to fixed Flink releases, restricting query submission, and reviewing recent cluster job activity.
Patch Form Notify CVE-2026-5229, Frontend Admin CVE-2026-6228, and Quick Playground CVE-2026-6403, then review WordPress users, files, logs, and connected credentials.
Patch MLflow CVE-2026-2652 by updating to 3.10.0 or newer, restricting exposed MLOps services, and reviewing recent experiment activity.
Patch Mentoring CVE-2025-13618 and MoreConvert Pro CVE-2026-5722, then review WordPress administrator, customer, and WooCommerce account activity.
Patch Avada Builder CVE-2026-4782 and CVE-2026-4798 by updating Avada, Fusion Builder, and bundled plugins, then review users, files, and WooCommerce data.
Patch OttoKit and SureTriggers CVE-2026-4935 by updating to 1.1.23 or newer, then review WordPress users, data, automations, and logs.
Patch Everest Forms Pro CVE-2026-3300 by updating to 1.9.13 or newer, disabling exposed forms if needed, and reviewing WordPress files and logs.
Patch PrestaShop CVE-2026-44212 and Strapi critical CVEs affecting e-commerce stores, headless CMS APIs, uploads, and admin workflows.
Update Chrome 148.0.7778.167/168 after Google fixed 79 security issues, including multiple critical CVEs affecting desktop and managed fleets.
