RockyLinux 10 : delve (RLSA-2026:19013)

The remote RockyLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2026:19013 advisory. crypto/x509: golang: Denial of Service due to excessive resource consumption via crafted certificate CVE-2025-61729 golang: net/url: Memory exhaustion ...

asp.net: ASP.NET Core: Denial of Service via uncontrolled resource allocation

A flaw was found in ASP.NET Core. This vulnerability allows an unauthorized attacker to perform a Denial of Service DoS attack over a network by allocating resources without limits or throttling. This can lead to the unavailability of the service for legitimate users...

PT-2026-21401

Name of the Vulnerable Software and Affected Versions yt-dlp versions prior to 2026.02.21 Description The --netrc-cmd option in yt-dlp contains an arbitrary command injection issue. The argument passed to the command in this option is now limited to a safe subset of characters to address this. Th...

kernel: smc: Fix use-after-free in __pnet_find_base_ndev()

In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in pnetfindbasendev. syzbot reported use-after-free of netdevice in pnetfindbasendev, which was called during connect. 0 smcpnetfindismresource fetches skdstgetsk-dev and passes down to pnetfindbasendev,...

EUVD-2017-5192

Malware in sbrugna...

EUVD-2006-2964

Malware in sbrugna...

EUVD-2015-0684

Malware in sbrugna...

EUVD-2025-1699

Malicious code in bioql PyPI...

CVE-2023-48910

Microcks up to 1.17.1 was discovered to contain a Server-Side Request Forgery SSRF via the component /jobs and /artifact/download. This vulnerability allows attackers to access network resources and sensitive information via a crafted GET request...

CVE-2020-11453

Microstrategy Web 10.4 is vulnerable to Server-Side Request Forgery in the Test Web Service functionality exposed through the path /MicroStrategyWS/. The functionality requires no authentication and, while it is not possible to pass parameters in the SSRF request, it is still possible to exploit ...

B&R Industrial Automation B&R APROL 安全漏洞

B&R Industrial Automation B&R APROL is a process control system from B&R Industrial Automation, Austria. A security vulnerability exists in B&R Industrial Automation B&R APROL versions prior to 4.4-00P5, which stems from an unrestricted or throttled resource allocation in the operating system's...

CVE-2021-37698

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. In versions 2.5.0 through 2.13.0, ElasticsearchWriter, GelfWriter, InfluxdbWriter and Influxdb2Writer do not verify the server's certificate...

CVE-2025-0474

Invoice Ninja is vulnerable to authenticated Server-Side Request Forgery SSRF allowing for arbitrary file read and network resource requests as the application user. This issue affects Invoice Ninja: from 5.8.56 through 5.11.23...

CVE-2025-0474

Invoice Ninja is vulnerable to authenticated Server-Side Request Forgery SSRF allowing for arbitrary file read and network resource requests as the application user. This issue affects Invoice Ninja: from 5.8.56 through 5.11.23...

CVE-2025-0474

Invoice Ninja is vulnerable to authenticated Server-Side Request Forgery SSRF allowing for arbitrary file read and network resource requests as the application user. This issue affects Invoice Ninja: from 5.8.56 through 5.11.23...

CVE-2025-0474

CVE-2025-0474 affects Invoice Ninja versions 5.8.56–5.11.23 and describes an authenticated SSRF that enables arbitrary file reads and network-resource requests by the application user. Connected sources corroborate the vulnerability class and affected versions. Public materials indicate the impac...

CVE-2025-0474 Invoice Ninja PDF Rendering Server Side Request Forgery

Invoice Ninja is vulnerable to authenticated Server-Side Request Forgery SSRF allowing for arbitrary file read and network resource requests as the application user. This issue affects Invoice Ninja: from 5.8.56 through 5.11.23...

CVE-2024-49369 Icinga 2 has a TLS Certificate Validation Bypass for JSON-RPC and HTTP API Connections

Icinga is a monitoring system which checks the availability of network resources, notifies users of outages, and generates performance data for reporting. The TLS certificate validation in all Icinga 2 versions starting from 2.4.0 was flawed, allowing an attacker to impersonate both trusted clust...

April 9, 2024—KB5036910 (OS Build 25398.830)

April 9, 2024—KB5036910 OS Build 25398.830 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows Server, version 23H2, see its update history page. Improvements This security update...

April 9, 2024—KB5036894 (OS Build 22000.2899)

April 9, 2024—KB5036894 OS Build 22000.2899 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 21H2, see its update history page. Note Follow @WindowsUpdate to find out...