CSO Online

Critical ASP.NET core vulnerability earns Microsoft’s highest-ever severity score

The Kestrel web server flaw allows request smuggling attacks, but the actual risk depends on the application code and ...
SecurityWeek

‘Highest Ever’ Severity Score Assigned by Microsoft to ASP.NET Core Vulnerability

Microsoft has patched CVE-2025-55315, a critical vulnerability in the ASP.NET Core open source web development framework.
The Register on MSN

Microsoft kills 9.9-rated ASP.NET Core bug – 'our highest ever' score

Flaw in Kestrel web server allowed request smuggling, impact depends on hosting setup and application code Microsoft has ...
GitHub

.NET 10 RC1 Incompatible API method call

During the initial conversion to .NET 10 RC1 for our projects we discovered that the latest version of Oracle.EntityFrameworkCore (9.23.90) is calling a removed method. "System.String ...
The Hacker News

BadIIS Malware Spreads via SEO Poisoning — Redirects Traffic, Plants Web Shells

Cybersecurity researchers are calling attention to a search engine optimization (SEO) poisoning campaign likely undertaken by a Chinese-speaking threat actor using a malware called BadIIS in attacks ...
GitHub

Did EF Core 3.1.32 finally stop working in .Net Framework 4?

I have been using EF Core 3.1.32 for Sql Server with a .Net Framework 4 application for years. I am now finding that it no longer works. Below is the error thrown as ...