April 14, 2026-KB5084066 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10, version 1809 and Windows Server 2019

April 14, 2026-KB5084066 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10, version 1809 and Windows Server 2019 Release Date: April 14, 2026 Version: .NET Framework 3.5, 4.7.2 and 4.8 Summary This article describes the security and cumulative update for 3.5, 4.7.2 and 4.8 fo...

KLA90980 Multiple vulnerabilities in Microsoft Products (ESU)

Multiple vulnerabilities were found in Microsoft Products Extended Security Update. Malicious users can exploit these vulnerabilities to obtain sensitive information, bypass security restrictions, gain privileges, spoof user interface, execute arbitrary code, cause denial of service, read local...

PT-2026-32716

Name of the Vulnerable Software and Affected Versions Windows Boot Loader affected versions not specified Description Reliance on untrusted inputs in a security decision allows an authorized attacker to bypass a security feature locally. Recommendations At the moment, there is no information abou...

PT-2026-32868

CVE-2026-32225 Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. https://t.co/quolUhDQ1c...

Microsoft Windows Shell 安全漏洞

The Microsoft Windows Shell is the graphical user interface for the Windows operating system from Microsoft.The easily recognizable elements of the Windows shell include features such as the desktop, the taskbar, the start menu, the task switcher, and autoplay. A security feature bypass...

Microsoft PowerShell 输入验证错误漏洞

Microsoft PowerShell is a Microsoft-developed cross-platform task automation solution that includes a command-line shell, scripting language, and configuration management framework. A security feature bypass vulnerability exists in Microsoft PowerShell, which can be exploited by an attacker to...

PT-2026-32768

Name of the Vulnerable Software and Affected Versions Windows Hello affected versions not specified Description Improper input validation allows an authorized attacker to bypass a security feature locally, which can affect the system. Recommendations At the moment, there is no information about a...

Microsoft Power Apps < 3.26032.10.0 Security Feature Bypass (April 2026)

The Windows 'Microsoft Power Apps' app installed on the remote host is prior to version 3.26032.10.0. It is, therefore, affected by a security feature bypass vulnerability: - Improper neutralization of escape, meta, or control sequences in Microsoft Power Apps allows an authorized attacker to...

EUVD-2026-22118

A vulnerability was determined in aandrew-me ytDownloader up to 3.20.2. This affects the function childprocess.exec of the file src/compressor.js of the component Compressor Feature. This manipulation causes command injection. The attack can only be executed locally. The exploit has been publicly...

CVE-2026-6219

A vulnerability was determined in aandrew-me ytDownloader up to 3.20.2. This affects the function childprocess.exec of the file src/compressor.js of the component Compressor Feature. This manipulation causes command injection. The attack can only be executed locally. The exploit has been publicly...

CVE-2026-6219 aandrew-me ytDownloader Compressor Feature compressor.js child_process.exec command injection

A vulnerability was determined in aandrew-me ytDownloader up to 3.20.2. This affects the function childprocess.exec of the file src/compressor.js of the component Compressor Feature. This manipulation causes command injection. The attack can only be executed locally. The exploit has been publicly...

CVE-2026-33657

CVE-2026-33657 affects EspoCRM up to version 9.3.3, where an stored HTML injection vulnerability allows an authenticated user with standard privileges to inject HTML into system-generated email notifications. Root cause: server-side Handlebars templates render the unescaped post field (triple-bra...

Duplicate Advisory: LibreNMS is Vulnerable to Remote Code Execution by Arbitrary File Write

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-pr3g-phhr-h8fh. This link is maintained to preserve external references. Original Description LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing...

BIT-WIREMOCK-2023-50069

WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting SXSS through the recording feature. An attacker can host a malicious payload and perform a test mapping pointing to the attacker's file, and the result will render on the Matched page in the Body area...

CVE-2026-6204

LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires administrative privileges. Exploitation could result in compromise of the underlying web server...

CVE-2026-6204

LibreNMS is affected (versions before 26.3.0) by an authenticated remote code execution vulnerability via the Binary Locations config and Netcommand feature. Exploitation requires administrative privileges and could compromise the underlying web server. Affected component is the software’s web in...

BIT-KIBANA-2026-4498 Execution with Unnecessary Privileges in Kibana Leading to reading index data beyond their direct Elasticsearch RBAC scope

Execution with Unnecessary Privileges CWE-250 in Kibana’s Fleet plugin debug route handlers can lead reading index data beyond their direct Elasticsearch RBAC scope via Privilege Abuse CAPEC-122. This requires an authenticated Kibana user with Fleet sub-feature privileges such as agents, agent...

CVE-2026-21009

Improper check for exceptional conditions in Recents prior to SMR Apr-2026 Release 1 allows physical attacker to bypass App Pinning...

ytDownloader 命令注入漏洞

ytDownloader is a multi-platform audio and video download tool developed by Andrew. Versions of ytDownloader 3.20.2 and earlier had a command injection vulnerability, which originated from the function childprocess.exec in the Compressor Feature component’s file src/compressor.js...

PT-2026-32331

LibreNMS versions before 26.3.0 are affected by an authenticated remote code execution vulnerability by abusing the Binary Locations config and the Netcommand feature. Successful exploitation requires administrative privileges. Exploitation could result in compromise of the underlying web server...