PT-2026-42705

🟠 Umbraco CMS, Open Redirect in Surface Controllers, CVE-2025-47874 Medium https://t.co/PmivsVMa8k...

CVE-2026-4293 Kieback & Peter DDC Building Controllers Cross-site Scripting

The affected Kieback & Peter DDC building controllers are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim's browser, which allows the attacker to control the browser...

CVE-2026-4293

The affected Kieback & Peter DDC building controllers are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim's browser, which allows the attacker to control the browser...

EUVD-2026-31125

The affected Kieback & Peter DDC building controllers are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim's browser, which allows the attacker to control the browser...

CVE-2026-4293 Kieback & Peter DDC Building Controllers Cross-site Scripting

The affected Kieback & Peter DDC building controllers are vulnerable to cross-site scripting, enabling JavaScript to be executed by the victim's browser, which allows the attacker to control the browser...

Astra Linux - уязвимость в samba

A design flaw was identified in Samba’s DirSync control implementation, which exposes passwords and secrets in Active Directory to privileged users and Read-Only Domain Controllers RODCs. This flaw allows RODCs and users with the GETCHANGES permission to access all attributes, including sensitive...

Kieback & Peter多款产品 跨站脚本漏洞

The Kieback & Peter DDC Building Controllers are a series of DDC controllers developed by the German company Kieback & Peter, aimed at building automation and building equipment control. Several products from Kieback & Peter have cross-site scripting vulnerabilities. These vulnerabilities stem fr...

CVE-2026-34358

CtrlPanel is open-source billing software for hosting providers. Versions 1.1.1 and prior contains a broken access control vulnerability where multiple admin controllers enforce permission checks on form display methods but omit equivalent checks on the corresponding write methods, allowing any...

Kieback & Peter DDC Building Controllers

ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an attacker to take control of the victim's browser. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability. Minimize network exposure for all...

PT-2026-42009

Name of the Vulnerable Software and Affected Versions Kieback & Peter DDC building controllers affected versions not specified Description Cross-site scripting XSS allows JavaScript to be executed by the victim's browser, enabling an attacker to control the browser. Recommendations At the moment,...

CVE-2026-42485

AGL agl-service-can-low-level contains a stack buffer overflow in the uds-c library. The senddiagnosticrequest function in uds.c allocates a 6-byte stack buffer MAXDIAGNOSTICPAYLOADSIZE=6 but copies up to 7 bytes MAXUDSREQUESTPAYLOADLENGTH=7 via memcpy at an offset of 1+pidlength 2-3 bytes,...

Kyverno Controller Denial of Service via forEach Mutation Panic

Summary An unchecked type assertion in the forEach mutation handler allows any user with permission to create a Policy or ClusterPolicy to crash the cluster-wide background controller into a persistent CrashLoopBackOff. The same bug also causes the admission controller to drop connections and blo...

Ubuntu Pro Realtime 24.04 LTS : Linux kernel (Raspberry Pi Real-time) vulnerabilities (USN-8204-1)

"The remote Ubuntu Pro Realtime 24.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8204-1 advisory. Josh Eads, Kristoffer Janke, Eduardo Vela Nava, Tavis Ormandy, and Matteo Rizzo discovered that some AMD Zen processors did not properly...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010710)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010710 advisory. Insufficient control flow management for the IntelR 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service v...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013307)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013307 advisory. Insufficient control flow management for the IntelR 82599 Ethernet Controllers and Adapters may allow an authenticated user to potentially enable denial of service v...

SuperAGI 安全漏洞

SuperAGI is an open-source infrastructure application developed by SuperAGI. It is used to build components, tools, frameworks, and models to achieve open-source AGI. Versions of SuperAGI 0.0.14 and earlier contain security vulnerabilities. These vulnerabilities stem from improper handling of the...

April 19, 2026—KB5091572 (OS Build 14393.9062) Out-of-band

April 19, 2026—KB5091572 OS Build 14393.9062 Out-of-band Windows Secure Boot certificate expirationImportant: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Microsoft has been updating these certificates on consumer and non-managed business devices...

April 19, 2026—KB5091573 (OS Build 17763.8647) Out-of-band

April 19, 2026—KB5091573 OS Build 17763.8647 Out-of-band Windows Secure Boot certificate expirationImportant: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Microsoft has been updating these certificates on consumer and non-managed business devices...

April 19, 2026—KB5091575 (OS Build 20348.5024) Out-of-band

April 19, 2026—KB5091575 OS Build 20348.5024 Out-of-band ​​​​​​​Announcements and messages This section provides key notifications related to this release, including announcements, change logs, and end-of-support notices. Windows Secure Boot certificate expiration Windows Secure Boot certificate...

April 19, 2026—KB5091571 (OS Build 25398.2276) Out-of-band

April 19, 2026—KB5091571 OS Build 25398.2276 Out-of-band Summary This out-of-band update for Windows Server, version 23H2 KB5091571 is cumulative. It includes fixes and improvements that are part of the following update: April 14, 2026—KB5082060 OS Build 25398.2274 The following is a summary of t...