ALSA-2026:4455 Important: .NET 8.0 security update

.NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation. New versions of .NET that address a security vulnerability are now available. The updated versions are .NET SDK 8.0.125 and .NET Runtime...

Oracle Linux 10 : .NET / 9.0 (ELSA-2026-4450)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-4450 advisory. 9.0.115-1.0.1 - Add support for Oracle Linux 9.0.115-1 - Update to .NET SDK 9.0.115 and Runtime 9.0.14 - Resolves: RHEL-152946 Tenable has extracted t...

RHEL 10 : .NET 8.0 (RHSA-2026:4451)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2026:4451 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR implementation...

Oracle Linux 10 : .NET / 10.0 (ELSA-2026-4453)

The remote Oracle Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2026-4453 advisory. 10.0.104-1.0.1 - Add support for Oracle Linux 10.0.104-1 - Update to .NET SDK 10.0.104 and Runtime 10.0.4 - Resolves: RHEL-152954 Tenable has extracte...

RHEL 10 : .NET 10.0 (RHSA-2026:4453)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:4453 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

CVE-2026-31988

yauzl aka Yet Another Unzip Library version 3.2.0 for Node.js contains an off-by-one error in the NTFS extended timestamp extra field parser within the getLastModDate function. The while loop condition checks cursor data.length + 4 instead of cursor + 4 = data.length, allowing readUInt16LE to rea...

Allocation of Resources Without Limits or Throttling

Overview Microsoft.AspNetCore.App.Runtime.win-x86 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in...

Allocation of Resources Without Limits or Throttling

Overview Microsoft.AspNetCore.App.Runtime.linux-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling ...

Allocation of Resources Without Limits or Throttling

Overview Microsoft.AspNetCore.App.Runtime.win-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling ...

Allocation of Resources Without Limits or Throttling

Overview Microsoft.AspNetCore.App.Runtime.win-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in...

Allocation of Resources Without Limits or Throttling

Overview Microsoft.AspNetCore.App.Runtime.win-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in...

Allocation of Resources Without Limits or Throttling

Overview Microsoft.AspNetCore.App.Runtime.osx-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in...

Allocation of Resources Without Limits or Throttling

Overview Microsoft.AspNetCore.App.Runtime.linux-musl-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to Allocation of Resources Without Limits or...

DEBIAN-CVE-2026-31870

cpp-httplib is a C++11 single-file header-only cross platform HTTP/HTTPS library. Prior to 0.37.1, when a cpp-httplib client uses the streaming API httplib::stream::Get, httplib::stream::Post, etc., the library calls std::stoull directly on the Content-Length header value received from the server...

CVE-2025-68623

In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. During installation, the installer runs with HIGH integrity and downloads executables and...

SUSE CVE-2025-69654

A crafted JavaScript input executed with the QuickJS release 2025-09-13, fixed in commit fcd33c1afa7b3028531f53cd1190a3877454f6b3 2025-12-11,qjs interpreter using the -m option and a low memory limit can cause an out-of-memory condition followed by an assertion failure in JSFreeRuntime...

CVE-2026-30925

Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.5.0-alpha.14 and 8.6.11, a malicious client can subscribe to a LiveQuery with a crafted $regex pattern that causes catastrophic backtracking, blocking the Node.js event loop. This...

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the evaluation endpoints, including /ofrep/v1/evaluate/flags/flagKey, /ofrep/v1/evaluate/flags, and various gRPC methods. An attacker can cause memory exhaustion and process...

PT-2026-24804

🚨 CVE-2026-31957 Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 3.0.0 to before 3.1.0, if Himmelblau is deployed without a configured tenant domain in himmelblau.conf, authentication is not tenant-scoped. In this mode, Himmelblau can accept authentication...

CVE-2025-68623

In Microsoft DirectX End-User Runtime Web Installer 9.29.1974.0, a low-privilege user can replace an executable file during the installation process, which may result in unintended elevation of privileges. During installation, the installer runs with HIGH integrity and downloads executables and...