CVE-2026-26131

Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally...

Microsoft .NET 安全漏洞

Microsoft .NET is a software framework developed by Microsoft Corporation in the United States. It focuses on agile software development, rapid application development, platform independence, and network transparency. There are security vulnerabilities in Microsoft .NET. Attackers can exploit the...

USN-8025-1: .NET vulnerability

Kevin Jones discovered that the System.Security.Cryptography.Cose component in .NET did not properly handle certain missing special elements in input data. An attacker could possibly use this issue to bypass security checks and gain unauthorized access or perform data manipulation...

CVE-2026-21218

Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network...

2026-02 .NET 9.0.13 Security Update for x64 Server (KB5077864)

2026-02 .NET 9.0.13 Security Update for x64 Server KB5077864...

2026-02 .NET 9.0.13 Security Update for x64 Client (KB5077864)

2026-02 .NET 9.0.13 Security Update for x64 Client KB5077864...

February 10, 2026-KB5074837 Cumulative Update for .NET Framework 4.8.1 for Windows 11, version 26H1

February 10, 2026-KB5074837 Cumulative Update for .NET Framework 4.8.1 for Windows 11, version 26H1 Release Date: February 10, 2026 Version: .NET Framework 4.8.1 The February 10, 2026 update for Windows 11, version 26H1 includes security and cumulative reliability improvements in .NET Framework...

GHSA-9CVC-H2W8-PHRP AWS SDK for .NET V4 adopted defense in depth enhancement for region parameter value

Summary This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input field to an invalid value. A defense-in-depth enhancement has been implemented in th...

CVE-2024-58317

A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly handling the 'requireSSL' attribute, potentially compromising session...

CVE-2024-58317

CVE-2024-58317 affects Kentico Xperience (

PT-2025-52324

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A configuration issue in Kentico Xperience related to cookie security allows attackers to bypass SSL requirements when setting administration cookies through the web.config file. Th...

SOAPwn: Pwning .NET Framework Applications through HTTP Client Proxies and WSDL

This is a whitepaper which supplements the BlackHat Europe 2025 presentation called "SOAPwn: Pwning .NET Framework Applications Through HTTP Client Proxies and WSDL". In this whitepaper, the author presents new exploitation sinks in .NET Framework, which may allow an attacker to achieve either...

TencentOS Server 3: .NET 8.0 (TSSA-2024:0048)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0048 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

ROS-20251105-07

The vulnerability of Microsoft .NET Framework, .NET software platforms, and Microsoft Visual Studio software development tool is related to insufficiently strong data encryption. Microsoft Visual Studio software development tool is related to insufficiently strong data encryption. Exploitation...

ROS-20251105-06

The vulnerability of Microsoft .NET Framework, .NET software platforms, and Microsoft Visual Studio software development tool is related to insufficiently strong data encryption. Microsoft Visual Studio software development tool is related to insufficiently strong data encryption. Exploitation...

CVE-2025-61959

Prior to September 19, 2025, the Hospital Manager Backend Services returned verbose ASP.NET error pages for invalid WebResource.axd requests, disclosing framework and ASP.NET version information, stack traces, internal paths, and the insecure configuration 'customErrors mode="Off"', which could...

October 28, 2025-KB5067931 Cumulative Update Preview for .NET Framework 3.5 and 4.8.1 for Windows 11, version 25H2

October 28, 2025-KB5067931 Cumulative Update Preview for .NET Framework 3.5 and 4.8.1 for Windows 11, version 25H2 Release Date: October 28, 2025 Version: .NET Framework 3.5 and 4.8.1 The October 28, 2025 update for Windows 11, version 25H2 includes security and cumulative reliability improvement...

Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 : .NET vulnerabilities (USN-7822-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.04 / 25.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7822-1 advisory. It was discovered that .NET did not properly handle the creation of temporary build time directories. An attacker could...

RHEL 9 : .NET 9.0 (RHSA-2025:18151)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:18151 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

CVE-2025-55248

Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network...