Lucene search
K

3496 matches found

OSSF Malicious Packages
OSSF Malicious Packages
added yesterday6 views

Malicious code in dotnet-runtime-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c10c75766303f8c3bf261487e341e537f103116026309006ab71d977aacdd235 The package's postinstall lifecycle script package.json line 7: "postinstall": "node install.js" runs install.js, which on Windows writes a PowerShel...

6.2AI score
Exploits0References3
Cvelist
Cvelist
added 4 days ago34 views

CVE-2026-55780 NanaZip: Uncaught exception / unbounded allocation in NanaZip .NET single-file Extract() via unvalidated entry Size

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's .NET single-file bundle handler in NanaZip.Codecs.Archive.DotNetSingleFile.cpp sizes its extraction buffer from the bundle entry Size field, which is only checked for sign and is not validat...

2.4CVSS0.00112EPSS
Exploits0References3
CVE
CVE
added 4 days ago8 views

CVE-2026-55780

NanaZip (7‑Zip derivative) prior to version 6.5.1749.0 is vulnerable due to its .NET single-file bundle handler in NanaZip.Codecs.Archive.DotNetSingleFile.cpp, which sizes the extraction buffer from the bundle entry Size field without validating against the real file size. This allows an attacker...

2.4CVSS6.2AI score0.00112EPSS
Exploits0References3
EUVD
EUVD
added 4 days ago6 views

EUVD-2026-42955

NanaZip is the 7-Zip derivative intended for the modern Windows experience. Prior to 6.5.1749.0, NanaZip's seven in-house IInArchive handlers in NanaZip.Codecs unconditionally dereference the caller-supplied Indices array inside Extract when the archive engine signals extract everything by passin...

2.4CVSS6.1AI score0.00112EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 4 days ago7 views

Important: Red Hat Security Advisory: Red Hat Hardened Images RPMs Security Update

An update for Red Hat Hardened Images RPMs is now available. This update includes the following RPMs: dotnet8.0: aspnetcore-runtime-8.0-8.0.28-1.1.hum1 aarch64, x8664 aspnetcore-runtime-dbg-8.0-8.0.28-1.1.hum1 aarch64, x8664 aspnetcore-targeting-pack-8.0-8.0.28-1.1.hum1 aarch64, x8664...

8.7CVSS6.1AI score0.00409EPSS
Exploits2References8
Cvelist
Cvelist
added 6 days ago32 views

CVE-2026-54773 CoreWCF: WS-Security signature substitution via document-wide Signature lookup

CoreWCF is a port of the service side of Windows Communication Foundation WCF to .NET Core. Prior to 1.8.1 and 1.9.1, CoreWCF WS-Security signature verification performs a document-wide ds:Signature lookup, allowing an unauthenticated remote attacker to place a SOAP header before wsse:Security an...

5.9CVSS0.00238EPSS
Exploits0References6
Nuclei
Nuclei
added last week188 views

.NET Framework - Leaking ObjRefs via HTTP .NET Remoting

.NET Framework Information Disclosure Vulnerability id: CVE-2024-29059 info: name: .NET Framework - Leaking ObjRefs via HTTP .NET Remoting author: iamnoooob,rootxharsh,DhiyaneshDk,pdresearch severity: high description: .NET Framework Information Disclosure Vulnerability impact: | Attackers can...

7.5CVSS7.2AI score0.98624EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/07/01 2:41 p.m.33 views

CVE-2026-58127 PACSgear MediaWriter 5.2.1 Unauthenticated RCE via .NET Remoting TCP Service

PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 via PacsgearMediaServerEngine.dll, registered with ObjectURIs RemoteObj and UIRemoteObj, without any authentication requirement. By exploiting the MarshalByRefObject object unmarshalling technique and implementing .NET...

9.8CVSS0.00985EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/07/01 2:41 p.m.7 views

CVE-2026-58127

PACSgear MediaWriter 5.2.1 exposes a .NET Remoting TCP service on port 9000 via PacsgearMediaServerEngine.dll, registered with ObjectURIs RemoteObj and UIRemoteObj, without any authentication requirement. By exploiting the MarshalByRefObject object unmarshalling technique and implementing .NET...

9.8CVSS6.5AI score0.00985EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2026/07/01 2:39 p.m.34 views

CVE-2026-58126 PACSgear PACS Scan 5.2.1 Unauthenticated RCE via .NET Remoting TCP Service

PACSgear PACS Scan 5.2.1 contains an unauthenticated remote code execution vulnerability that allows remote attackers to read and write arbitrary files by exploiting an exposed .NET Remoting TCP service on port 22222 via PGImageExchQueue.exe without any authentication requirement. Attackers can...

9.8CVSS0.00963EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/07/01 2:39 p.m.9 views

CVE-2026-58126

PACSgear PACS Scan 5.2.1 contains an unauthenticated remote code execution vulnerability that allows remote attackers to read and write arbitrary files by exploiting an exposed .NET Remoting TCP service on port 22222 via PGImageExchQueue.exe without any authentication requirement. Attackers can...

9.8CVSS6.5AI score0.00963EPSS
Exploits1References4Affected Software1
OSV
OSV
added 2026/06/30 10:47 a.m.3 views

RHSA-2026:28051 Red Hat Security Advisory: .NET 9.0 security update

Bulletin has no description...

7.5CVSS7AI score0.0243EPSS
Exploits0References13
RedHat Linux
RedHat Linux
added 2026/06/29 6:18 p.m.12 views

dotnet: ASP.NET Core: Denial of Service via uncontrolled resource consumption

A flaw was found in ASP.NET Core SignalR and Blazor Server. A remote attacker could send a specially crafted MessagePack payload containing deeply nested arrays that trigger excessive recursion and cause a stack overflow. This issue may result in application termination and a denial of service...

7.5CVSS7.2AI score0.0243EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/29 6:18 p.m.4 views

dotnet: .NET: Local file tampering via link following vulnerability

A flaw was found in .NET's System.Formats.Tar library. When extracting a specially crafted TAR archive containing symbolic links, the TarFile.ExtractToDirectory method may incorrectly follow those links and write files outside the intended extraction directory. An attacker could exploit this issu...

6.2CVSS7AI score0.00388EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2026/06/29 6:18 p.m.4 views

Important: Red Hat Security Advisory: .NET 9.0 security update

An update for .NET 9.0 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available fo...

7.5CVSS7AI score0.0243EPSS
Exploits0References3
OSV
OSV
added 2026/06/29 11:50 a.m.8 views

PYSEC-2026-531 Semantic Kernel has Arbitrary File Write via AI Agent Function Calling in .NET SDK

Impact What kind of vulnerability is it? Who is impacted? An Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. Developers who have built applications which include Microsoft's Semantic Kernel .NET SDK and...

9.9CVSS5.8AI score0.0195EPSS
Exploits0References7
Fedora
Fedora
added 2026/06/28 1:10 a.m.6 views

[SECURITY] Fedora 43 Update: dotnet8.0-8.0.128-1.fc43

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

7.8CVSS6.8AI score0.0243EPSS
Exploits0
Fedora
Fedora
added 2026/06/28 1:10 a.m.6 views

[SECURITY] Fedora 43 Update: dotnet9.0-9.0.118-1.fc43

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

7.8CVSS6.8AI score0.0243EPSS
Exploits0
Fedora
Fedora
added 2026/06/28 1:10 a.m.6 views

[SECURITY] Fedora 43 Update: dotnet10.0-10.0.109-1.fc43

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

7.8CVSS6.8AI score0.0243EPSS
Exploits0
Fedora
Fedora
added 2026/06/28 12:58 a.m.5 views

[SECURITY] Fedora 44 Update: dotnet8.0-8.0.128-1.fc44

.NET is a fast, lightweight and modular platform for creating cross platform applications that work on Linux, macOS and Windows. It particularly focuses on creating console applications, web applications and micro-services. .NET contains a runtime conforming to .NET Standards a set of framework...

7.8CVSS6.8AI score0.0243EPSS
Exploits0
Rows per page
Query Builder