PT-2026-33646

5/8 Action 4: Apply Critical Patches 24-Hour Priority • Okta Identity Cloud CVE-2026-51287: Critical authentication bypass actively exploited April 18–19, 2026; affects workforce and customer identity flows. Patch all tenants per CISA directive issued April 19. • Elastic Stack Elasticsearch +...

April 19, 2026—KB5091157 (OS Build 26100.32698) Out-of-band

April 19, 2026—KB5091157 OS Build 26100.32698 Out-of-band ​​​​This out-of-band OOB update for Windows Server 2025 KB5091157 is a non-security cumulative update. Improvements This out-of-band update contains quality improvements from KB5082063 released April 14, 2026. The following summary outline...

RLSA-2026:8468 Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK SDKVERSION and .NET Runtime...

RLSA-2026:8475 Important: .NET 9.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 9.0.116 and .NET Runtime...

bounty-stack

No d...

Exploit for Improper Input Validation in Python

CVE-2023-24329 — Parser Differential Lab Educational use...

Apache Airflow exposes SQL stack trace despite "api/expose_stack_traces" set to false

In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/exposestacktraces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue...

GHSA-W7CF-2PMC-5M4C Apache Airflow exposes SQL stack trace despite "api/expose_stack_traces" set to false

In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/exposestacktraces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue...

CVE-2026-30912

In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/exposestacktraces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue...

PYSEC-2026-18

In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/exposestacktraces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue...

CVE-2026-30912

In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/exposestacktraces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue...

CVE-2026-30912 Apache Airflow: Exposing stack trace in case of constraint error

In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/exposestacktraces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue...

CVE-2026-30912 Apache Airflow: Exposing stack trace in case of constraint error

In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/exposestacktraces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue...

CVE-2026-30912

CVE-2026-30912 concerns Apache Airflow where SQL errors expose exception and stack trace information in the API despite the setting api/expose_stack_traces being disabled. This behavior can leak sensitive information to an attacker. The connected sources consistently indicate the issue affects Ai...

EUVD-2026-23662

In case of SQL errors, exception/stack trace of errors was exposed in API even if "api/exposestacktraces" was set to false. That could lead to exposing additional information to potential attacker. Users are recommended to upgrade to Apache Airflow 3.2.0, which fixes the issue...

DEBIAN-CVE-2026-40489

editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ecglob that allows an attacker to crash any application using libeditorconfig by providing a specially crafted directo...

CVE-2026-40489

editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ecglob that allows an attacker to crash any application using libeditorconfig by providing a specially crafted directo...

CVE-2026-40489

editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ecglob that allows an attacker to crash any application using libeditorconfig by providing a specially crafted directo...

CVE-2026-40489

CVE-2026-40489 affects editorconfig-core-c. Versions ≤ 0.12.10 have a stack-based buffer overflow in ec_glob() that can crash an application using libeditorconfig when given a crafted directory and .editorconfig file; this is an incomplete fix for CVE-2023-0341. The issue relates to the pcre_str ...

CVE-2026-40489

editorconfig-core-c is an EditorConfig core library for use by plugins supporting EditorConfig parsing. Versions up to and including 0.12.10 have a stack-based buffer overflow in ecglob that allows an attacker to crash any application using libeditorconfig by providing a specially crafted directo...