Microsoft: >> .net >> 9.0.10 Security Vulnerabilities
ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing.
CVSS Score
7.5
EPSS Score
0.035
Published
2026-03-19
Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.
CVSS Score
7.5
EPSS Score
0.001
Published
2026-03-10
Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
7.5
EPSS Score
0.0
Published
2026-02-10