Fedora 42 : dotnet10.0 (2026-be6ea464d0)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-be6ea464d0 advisory. Update to .NET SDK 10.0.107 and Runtime 10.0.7 Fixes: CVE-2026-40372 Release Notes: - SDK:...

Fedora 43 : dotnet10.0 (2026-018d6721a0)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-018d6721a0 advisory. Update to .NET SDK 10.0.107 and Runtime 10.0.7 Fixes: CVE-2026-40372 Release Notes: - SDK:...

GHSA-9MV3-2CWR-P262 Microsoft Security Advisory CVE-2026-40372 – ASP.NET Core Elevation of Privilege

Executive Summary: A bug in Microsoft.AspNetCore.DataProtection 10.0.0-10.0.6 NuGet packages can give an attacker the opportunity to execute an Elevation of Privilege attack by forging authentication cookies, and also allows some protected payloads to be decrypted. If an attacker used forged...

Microsoft Security Advisory CVE-2026-40372 – ASP.NET Core Elevation of Privilege

Executive Summary: A bug in Microsoft.AspNetCore.DataProtection 10.0.0-10.0.6 NuGet packages can give an attacker the opportunity to execute an Elevation of Privilege attack by forging authentication cookies, and also allows some protected payloads to be decrypted. If an attacker used forged...

2026-04 .NET 10.0.7 Security Update for x64 Server (KB5091596)

2026-04 .NET 10.0.7 Security Update for x64 Server KB5091596...

2026-04 .NET 10.0.7 Security Update for x86 Client (KB5091596)

2026-04 .NET 10.0.7 Security Update for x86 Client KB5091596...

CVE-2026-27728

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.7, an OS command injection vulnerability in NetworkPathMonitor.performTraceroute allows any authenticated project user to execute arbitrary operating system commands on the Probe server by injecting shell...

PT-2026-21959

Name of the Vulnerable Software and Affected Versions OneUptime versions prior to 10.0.7 Description OneUptime, a service monitoring solution, contains an OS command injection flaw in the NetworkPathMonitor.performTraceroute function. Any authenticated project user can execute arbitrary operating...

OPENSUSE-SU-2025:20171-1 Security update for qemu

This update for qemu fixes the following issues: Update to version 10.0.7. Security issues fixed: - CVE-2025-12464: stack-based buffer overflow in the e1000 network device operations can be exploited by a malicious guest user to crash the QEMU process on the host bsc1253002. - CVE-2025-11234:...

EUVD-2023-32476

Malicious code in bioql PyPI...

CVE-2024-47120

IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 could allow a privileged user to escalate their privileges and attack surface on the host due to the containers running with unnecessary privileges...

CVE-2024-45671 IBM Security Verify Information Queue information disclosure

IBM Security Verify Information Queue 10.0.5, 10.0.6, 10.0.7, and 10.0.8 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information...

IBM Security Verify Information Queue 加密问题漏洞

IBM Security Verify Information Queue is an integration product from International Business Machines IBM, Inc. utilizes Kafka technology and a publish/subscribe model to integrate data between IBM Security products. A cryptographic issue vulnerability exists in IBM Security Verify Information Que...

Linux Distros Unpatched Vulnerability : CVE-2023-34106

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. Versions of the software starting with 0.68 and prior to 10.0.8 have an incorrect rights check on a on ...

Linux Distros Unpatched Vulnerability : CVE-2023-28849

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.7, GLPI inventory endpoint can be used to drive a...

Security Bulletin: A vulnerability has been identified in IBM HTTP Server used by IBM Rational ClearQuest (CVE-2024-43204, CVE-2024-43394, CVE-2024-42516)

Summary IBM HTTP Server IHS is used by the IBM Rational ClearQuest server and web components. Information about security vulnerabilities affecting IHS have been published in a security bulletin. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected...

PT-2024-18948

Name of the Vulnerable Software and Affected Versions jsonpath-plus versions prior to 10.0.7 Description The issue is related to Remote Code Execution RCE due to improper input sanitization, allowing an attacker to execute arbitrary code on the system by exploiting the unsafe default usage of vm ...

Security Bulletin: Multiple Security Vulnerabilities were discovered in IBM Security Verify Access Container (CVE-2024-35140, CVE-2024-35141, CVE-2024-35142)

Summary Vulneribities were discovered during an assessment of the IBM Security Verify Access Container Product. They were addressed in the ISVA 10.0.7 release. Vulnerability Details CVEID:CVE-2024-35142 DESCRIPTION: IBM Security Verify Access could allow a local user to escalate their privileges...

CVE-2024-31872

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Open Source scripts due to missing certificate validation. IBM X-Force ID: 287316...

CVE-2024-31873 IBM Security Verify Access Appliance information disclosure

IBM Security Verify Access Appliance 10.0.0 through 10.0.7 contains hard-coded credentials which it uses for its own inbound authentication that could be obtained by a malicious actor. IBM X-Force ID: 287317...