Microsoft: >> .net Security Vulnerabilities
ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing.
CVSS Score
7.5
EPSS Score
0.027
Published
2026-03-19
Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally.
CVSS Score
7.8
EPSS Score
0.0
Published
2026-03-10
Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-03-10
Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-02-10
Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-10-14
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
CVSS Score
4.8
EPSS Score
0.0
Published
2025-10-14
Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
CVSS Score
7.5
EPSS Score
0.003
Published
2025-06-13
External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.
CVSS Score
8.0
EPSS Score
0.002
Published
2025-05-13
.NET Remote Code Execution Vulnerability
CVSS Score
7.5
EPSS Score
0.006
Published
2025-01-14
.NET and Visual Studio Remote Code Execution Vulnerability
CVSS Score
7.5
EPSS Score
0.004
Published
2025-01-14
Page 1