CVE-2026-12580 Digiwin｜EasyFlow .NET - Stored Cross-Site Scripting

EasyFlow .NET developed by Digiwin has a Stored Cross-Site Scripting vulnerability, allowing authenticated remote attackers to inject persistent JavaScript code executed in users' browsers upon page load...

RLSA-2026:25220 Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.128 and .NET Runtime...

CVE-2025-7008 Avast antivirus heap buffer OOB read when scanning a malformed PE file

Heap buffer out-of-bounds read vulnerability in Avast Antivirus when scanning a malformed Windows PE file with .NET metadata may allow Local Execution of Code or Denial-of-Service of the antivirus process. This issue affects Avast Antivirus, AVG Antivirus, Norton Antivirus, Avast One, and Avast...

RHSA-2026:25222 Red Hat Security Advisory: .NET 10.0 security update

Bulletin has no description...

RHSA-2026:25220 Red Hat Security Advisory: .NET 8.0 security update

Bulletin has no description...

RHSA-2026:25115 Red Hat Security Advisory: .NET 10.0 security update

Bulletin has no description...

RHSA-2026:25114 Red Hat Security Advisory: .NET 10.0 security update

Bulletin has no description...

RHSA-2026:25113 Red Hat Security Advisory: .NET 9.0 security update

Bulletin has no description...

RHSA-2026:25110 Red Hat Security Advisory: .NET 8.0 security update

Bulletin has no description...

Uncontrolled Recursion

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

Uncontrolled Recursion

Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

Uncontrolled Recursion

Overview Magick.NET-Q8-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...

CVE-2026-45491

A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...

CVE-2026-45490

A flaw was found in the .NET SDK dotnet.exe workload command on Windows. Insufficient access controls on a named pipe could allow a local attacker to perform arbitrary file creation or truncation operations with the privileges of another local user. This issue may lead to privilege escalation and...

vulnerabilities handled in Microsoft Developer Tools

Microsoft has addressed vulnerabilities in Developer Tools. A malicious actor could exploit these vulnerabilities to carry out attacks that can cause various types of damage, as described in the tables below. Except for the vulnerability in .NET Core, where no prior authentication or user...

UBUNTU-CVE-2026-45491

Improper link resolution before file access 'link following' in .NET allows an unauthorized attacker to perform tampering locally...

2026-06 .NET 8.0.28 Security Update for x64 Client (KB5097149)

2026-06 .NET 8.0.28 Security Update for x64 Client KB5097149...

2026-06 .NET 8.0.28 Security Update for ARM64 Client (KB5097149)

2026-06 .NET 8.0.28 Security Update for ARM64 Client KB5097149...

.NET Tampering Vulnerability

Improper link resolution before file access 'link following' in .NET allows an unauthorized attacker to perform tampering locally...

PT-2026-47971

Name of the Vulnerable Software and Affected Versions .NET affected versions not specified Description Improper link resolution before file access, also known as link following, allows an unauthorized attacker to perform local tampering. Recommendations At the moment, there is no information abou...