KB5082060: Windows Server version 23H2 Security Update (April 2026)

The remote Windows host is missing security update 5082060. It is, therefore, affected by multiple vulnerabilities - Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network. CVE-2026-33824 - Protection mechanism failure in Windows Shell allows an...

KB5082123: Windows 10 version 1809 / Windows Server 2019 Security Update (April 2026)

The remote Windows host is missing security update 5082123. It is, therefore, affected by multiple vulnerabilities - Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network. CVE-2026-33824 - Protection mechanism failure in Windows Shell allows an...

Microsoft Windows Shell 资源管理错误漏洞

The Microsoft Windows Shell is the graphical user interface for the Windows operating system from Microsoft.The easily recognizable elements of the Windows shell include features such as the desktop, the taskbar, the start menu, the task switcher, and autoplay. An elevation of privilege...

📄 WebRemoteControl Unauthenticated Remote Code Execution

WebRemoteControl suffers from an unauthenticated remote code execution vulnerability. Exploit Title: WebRemoteControl - Unauthenticated Remote Code Execution Date: 2026-04-14 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/wolfgangasdf/WebRemoteControl Software Link:...

KB5083768: Windows 11 Version 26H1 Security Update (April 2026)

The remote Windows host is missing security update 5083768. It is, therefore, affected by multiple vulnerabilities - Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network. CVE-2026-33824 - Protection mechanism failure in Windows Shell allows an...

KB5082127: Windows Server 2012 Security Update (April 2026)

The remote Windows host is missing security update 5082127. It is, therefore, affected by multiple vulnerabilities - Protection mechanism failure in Windows Shell allows an unauthorized attacker to bypass a security feature over a network. CVE-2026-32225 - Use after free in Remote Desktop Client...

KB5082063: Windows Server 2025 Security Update (April 2026)

The remote Windows host is missing security update 5082063. It is, therefore, affected by multiple vulnerabilities - Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network. CVE-2026-33824 - Protection mechanism failure in Windows Shell allows an...

KB5082142: Windows Server 2022 / Azure Stack HCI 22H2 Security Update (April 2026)

The remote Windows host is missing security update 5082142. It is, therefore, affected by multiple vulnerabilities - Double free in Windows IKE Extension allows an unauthorized attacker to execute code over a network. CVE-2026-33824 - Protection mechanism failure in Windows Shell allows an...

DEBIAN-CVE-2026-4786

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

CVE-2026-22564

An Improper Access Control vulnerability could allow a malicious actor with access to the UniFi Play network to enable SSH to make unauthorized changes to the system. Affected Products: UniFi Play PowerAmp Version 1.0.35 and earlier UniFi Play Audio Port Version 1.0.24 and earlier Mitigation:...

UBUNTU-CVE-2026-4786

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

CVE-2026-4786

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

PSF-0000-CVE-2026-4786

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

PSF-2026-17

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

CVE-2026-4786

Mitgation of CVE-2026-4519 was incomplete. If the URL contained "%action" the mitigation could be bypassed for certain browser types the "webbrowser.open" API could have commands injected into the underlying shell. See CVE-2026-4519 for details...

EUVD-2026-22037

The /registercrd endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses subprocess.Popen with shell=True parameter to execute shell commands, and the user-supplied chartName parameter is directly concatenated into the command string...

CVE-2026-40111

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, he memory hooks executor in praisonaiagents passes a user-controlled command string directly to subprocess.run with shell=True at src/praisonai-agents/praisonaiagents/memory/hooks.py. No sanitization is performed and shell...

CVE-2026-40153

PraisonAIAgents is a multi-agent teams system. Prior to 1.5.128, the executecommand function in shelltools.py calls os.path.expandvars on every command argument at line 64, manually re-implementing shell-level environment variable expansion despite using shell=False line 88 for security. This...

CVE-2026-29955

The /registercrd endpoint in KubePlus 4.14 in the kubeconfiggenerator component is vulnerable to command injection. The component uses subprocess.Popen with shell=True parameter to execute shell commands, and the user-supplied chartName parameter is directly concatenated into the command string...

Emissary has an OS Command Injection via Unvalidated IN_FILE_ENDING / OUT_FILE_ENDING in Executrix

Summary Executrix.getCommand constructs shell commands by substituting temporary file paths directly into a /bin/sh -c string with no escaping. The INFILEENDING and OUTFILEENDING configuration keys flow into those paths unmodified. A place author who sets either key to a shell metacharacter...