NGINX ngx_quic_module vulnerability

...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to improper bounds checking in memory operations. An attacker can execute arbitrary code or escalate privileges by supplying crafted input to the affected process. Remediation Upgrade...

CVE-2026-45539

creationtimestamp| type| source ---|---|--- 2026-05-11 14:09:35+00:00| published-proof-of-concept| https://github.com/microsoft/apm/security/advisories/GHSA-q5pp-gvjg-h7v4 2026-05-29 13:03:10+00:00| seen| https://bsky.app/profile/keiwork35.bsky.social/post/3mmylvqsqai2z...

CVE-2026-44641

creationtimestamp| type| source ---|---|--- 2026-05-03 08:34:38+00:00| published-proof-of-concept| https://github.com/microsoft/apm/security/advisories/GHSA-xhrw-5qxx-jpwr...

CISA Adds Actively Exploited ConnectWise and Windows Flaws to KEV

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added two security flaws impacting ConnectWise ScreenConnect and Microsoft Windows to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerabilities are listed below -...

Authenticated query containing a TKEY record may cause named to terminate unexpectedly

...

pyasn1 Vulnerable to Denial of Service via Unbounded Recursion

...

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read when decoding malformed Base64Url input. An attacker can cause a disruption of service. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-musl-arm to version 9.0.14, 10.0.4 or higher. References - GitHub Commit ...

Symlink Attack

Overview Affected versions of this package are vulnerable to Symlink Attack via improper handling of symbolic links before file access. An attacker can gain elevated privileges by exploiting the way the system resolves links, potentially accessing or modifying files with higher permissions...

SSH_FXP_OPENDIR may Lead to Exhaustion of File Handles

...

Microsoft Security Advisory CVE-2025-30399 | .NET Remote Code Vulnerability

Microsoft Security Advisory CVE-2025-30399 | .NET Remote Code Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0 and .NET 9.0. This advisory also provides guidance on what developers can do to update their...

GHSA-266M-WP2V-X7MQ Microsoft Security Advisory CVE-2025-30399 | .NET Remote Code Vulnerability

Microsoft Security Advisory CVE-2025-30399 | .NET Remote Code Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0 and .NET 9.0. This advisory also provides guidance on what developers can do to update their...

Patch Tuesday - June 2025

Microsoft is addressing 67 vulnerabilities this June 2025 Patch Tuesday. Microsoft has evidence of in-the-wild exploitation for just one of the vulnerabilities published today, and that is reflected in CISA KEV. Separately, Microsoft is aware of existing public disclosure for one other freshly...

Microsoft Security Advisory CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability

Microsoft Security Advisory CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in WinDbg. This advisory also provides guidance on what developers can do to update their applicatio...

GHSA-HPW7-8QPC-34P3 Microsoft Security Advisory CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability

Microsoft Security Advisory CVE-2025-24043 | WinDbg Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in WinDbg. This advisory also provides guidance on what developers can do to update their applicatio...

GHSA-GJF6-3W4P-7XFH Microsoft Security Advisory CVE-2025-21176 | .NET and Visual Studio Remote Code Execution Vulnerability

Microsoft Security Advisory CVE-2025-21176 | .NET and Visual Studio Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0 and .NET 9.0. This advisory also provides guidance on what developers ca...

Description of the security update for SharePoint Server Subscription Edition: November 12, 2024 (KB5002651)

Description of the security update for SharePoint Server Subscription Edition: November 12, 2024 KB5002651 Summary This security update for SharePoint Server provides defense-in-depth updates to help improve security-related features. To learn more about the updates, see Microsoft Advisory...

NGINX MP4 module vulnerability

...

Cleartext Transmission of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information via the TlsStream process. An attacker can gain access to sensitive information by intercepting unencrypted data. Remediation Upgrade Microsoft.NETCore.App.Runtime.linux-musl-arm to versio...

Cleartext Transmission of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information via the TlsStream process. An attacker can gain access to sensitive information by intercepting unencrypted data. Remediation A fix was pushed into the master branch but not yet published...