PatchDay Alert
Subscribe →

For sysadmins

You got handed the patch list. We do the triage.

Every morning the security team forwards a fresh KEV update and walks away. You’re the one who has to figure out what to do. PatchDay Alert reads the advisories first, calls each one, and lands in your inbox before standup.

You get the CVE triage cheat sheet, a one-page printable, in the welcome email. The weekday digest lands every morning. Free, unsubscribe anytime.

What you get

  1. 01

    Plain-English summary per CVE.

    What’s broken, who’s at risk, how to check, what to patch. No CVSS jargon dumps.

  2. 02

    One verdict per item.

    Patch now, patch this week, track, or doesn’t apply. The verdict is the answer.

  3. 03

    Exploited-in-wild flagged first.

    CISA KEV updates sit at the top of the digest in red, ahead of high-CVSS items nobody’s actually attacking.

  4. 04

    Around four minutes to read.

    Short enough to clear before coffee. Long enough to be useful.

A sample of today’s digest

What today’s lead call looks like in your inbox.

A typical issue carries five to seven CVEs, one or two tagged Patch now, the rest sorted by urgency. The intro tells you the standout. The footer lists what didn’t make the cut.

Patch now From JUN 5 · Nº032
CVE-2026-48567 10.0 Azure HorizonDB

An attacker can bypass authentication in Azure HorizonDB by spoofing credentials and escalate privileges, all over the network with no prior access required.

The call: Apply the latest Microsoft security update for Azure HorizonDB as soon as it is available.

Sources: NVD Read the full call

Recent issues you could have triaged in five minutes:

Nº032 JUN 5

A perfect 10 in Azure HorizonDB and a Copilot RCE you shouldn't ignore

CVE-2026-48567 is a CVSS 10.0 unauthenticated auth bypass in Azure HorizonDB. Also today: authenticated RCE in Microsoft Copilot (7.7), a Chrome sandbox escape via ImageCapture (7.5), a WordPress site-takeover in Hybrid Composer (9.8), and a DLL-loading trick in SQLite's sqldiff on Windows (9.8).

5 CVEs
3 Crit
0 KEV
4 min
Nº031 JUN 4

OpenShift ClusterRole blows wide open, Cisco UCM goes from SSRF to root

A CVSS 9.6 privilege escalation in OpenShift Pipelines hands any authenticated user write access to Kueue and cert-manager secrets. Plus a Cisco Unified Communications Manager SSRF-to-root chain (CVSS 8.6) and an overprivileged AWS IAM issue in OpenShift Cloud Credential Operator.

5 CVEs
1 Crit
0 KEV
4 min
Nº030 JUN 3

A 9.8 WordPress site takeover, a healthcare RCE, and two NI driver bugs

ARMember Premium lets unauthenticated attackers reset any admin password (CVSS 9.8). Spacelabs Sentinel has a file-write-to-webshell path on port 8989 (CVSS 9.8). NI-PAL driver flaws give local users a privesc and a blue-screen. LibreChat lets any logged-in user hijack another user's API keys.

5 CVEs
2 Crit
0 KEV
4 min

Get the cheat sheet and the digest

CVE triage for sysadmins in five minutes.

What to patch now. What can wait. What you can ignore.

  1. 01 The CVE triage cheat sheet, a one-page printable decision tree, in the welcome email.
  2. 02 The weekday digest, one email each morning, around four minutes to read.

Free. Unsubscribe anytime.