Fedora 44 : dotnet10.0 (2026-fc2112cdd4)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-fc2112cdd4 advisory. Update to .NET SDK 10.0.106 and Runtime 10.0.6 Fixes: CVE-2026-26171, CVE-2026-32178, CVE-2026-32203, CVE-2026-33116 Release Notes: - SDK:...

Fedora 44 : dotnet9.0 (2026-e1d2833798)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-e1d2833798 advisory. Update to .NET SDK 9.0.116 and Runtime 9.0.15 Fixes: CVE-2026-26171, CVE-2026-32178, CVE-2026-32203, CVE-2026-33116 Release Notes: - SDK:...

Fedora 42 : dotnet10.0 (2026-ad17a2db6c)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ad17a2db6c advisory. Update to .NET SDK 10.0.106 and Runtime 10.0.6 Fixes: CVE-2026-26171, CVE-2026-32178, CVE-2026-32203, CVE-2026-33116 Release Notes: - SDK:...

Fedora 44 : dotnet8.0 (2026-edca75e401)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-edca75e401 advisory. Update to .NET SDK 8.0.126 and Runtime 8.0.26 Fixes: CVE-2026-26171, CVE-2026-32178, CVE-2026-32203, CVE-2026-33116 Release Notes: - SDK:...

PyTorch Lightning and Intercom-client Hit in Supply Chain Attacks to Steal Credentials

In yet another software supply chain attack, threat actors have managed to compromise the popular Python package Lightning to push two malicious versions to conduct credential theft. According to Aikido Security, OX Security, Socket, and StepSecurity, the two malicious versions are versions 2.6.2...

Exploit for CVE-2026-31431

CVE-2026-31431 WARNING These PoCs are runtime-destructi...

[SECURITY] Fedora 43 Update: python3.9-3.9.25-9.fc43

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...

Amazon Linux 2023 : aspnetcore-runtime-10.0, aspnetcore-runtime-dbg-10.0, aspnetcore-targeting-pack-10.0 (ALAS2023-2026-1634)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1634 advisory. Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. CVE-2026-40372 Tenable has extracted the preceding description blo...

Ronald Dehuysser, founder of JobRunr, on their ambitious new JavaClaw-like agent runtime

Hi Spring fans! In this installment, I talk to my friend and JobRunr founder Ronald Dehuysser about the latest and greatest, and their new "JavaClaw" project!...

Amazon Linux 2023 : aspnetcore-runtime-9.0, aspnetcore-runtime-dbg-9.0, aspnetcore-targeting-pack-9.0 (ALAS2023-2026-1628)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1628 advisory. Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network. CVE-2026-26171 Improper neutralization of special elements in .NET allows an...

Amazon Linux 2023 : aspnetcore-runtime-10.0, aspnetcore-runtime-dbg-10.0, aspnetcore-targeting-pack-10.0 (ALAS2023-2026-1627)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1627 advisory. Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network. CVE-2026-26171 Improper neutralization of special elements in .NET allows an...

RHEL 9 : runc (RHSA-2026:12031)

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2026:12031 advisory. The runC tool is a lightweight, portable implementation of the Open Container Format OCF that provides container runtime. Security Fixes:...

Amazon Linux 2023 : aspnetcore-runtime-8.0, aspnetcore-runtime-dbg-8.0, aspnetcore-targeting-pack-8.0 (ALAS2023-2026-1629)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1629 advisory. Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network. CVE-2026-26171 Improper neutralization of special elements in .NET allows an...

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload. A malicious actor compromised the package, enabling the attacker to publish tampered versions of the deep learning framework. Malicious Behavior The execution chain ru...

Embedded Malicious Code

Overview lightning is a Deep Learning framework to train, deploy, and ship AI products Lightning fast. Affected versions of this package are vulnerable to Embedded Malicious Code that conceals a credential-stealing payload. A malicious actor compromised the package, enabling the attacker to publi...

SAP-Related npm Packages Compromised in Credential-Stealing Supply Chain Attack

Cybersecurity researchers are sounding the alarm about a new supply chain attack campaign targeting SAP-related npm Packages with credential-stealing malware. According to reports from Aikido Security, Onapsis, OX Security, SafeDep, Socket, StepSecurity, and Google-owned Wiz, the campaign – calli...

SUSE-SU-2026:21418-1 Security update for firewalld

This update for firewalld fixes the following issues: - CVE-2026-4948: local unprivileged users can modify the runtime firewall state without proper authentication due to D-Bus setter mis-authorizations bsc1260903...

Linux Distros Unpatched Vulnerability : CVE-2026-31547

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/xe: Fix missing runtime PM reference in ccsmodestore ccsmodestore calls xegtreset which internally invokes xepmruntimegetnoresume. That function requires th...

CVE-2026-42429

OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism that escalates identity-bearing operator.read requests to runtime operator.write permissions. Attackers can exploit this by sending read-scoped requests through the gateway...

CVE-2026-42429

OpenClaw before 2026.4.8 contains a privilege escalation vulnerability in the gateway plugin HTTP authentication mechanism that escalates identity-bearing operator.read requests to runtime operator.write permissions. Attackers can exploit this by sending read-scoped requests through the gateway...