6526 matches found
CVE-2026-26127
Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network...
CVE-2026-21218
Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network...
CVE-2026-21218
Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network...
January 29, 2026-KB5074828 Cumulative Update Preview for .NET Framework 3.5 and 4.8.1 for Windows 11, version 25H2
January 29, 2026-KB5074828 Cumulative Update Preview for .NET Framework 3.5 and 4.8.1 for Windows 11, version 25H2 Release Date: January 29, 2026 Version: .NET Framework 3.5 and 4.8.1 The January 29, 2026 update for Windows 11, version 25H2 includes security and cumulative reliability improvement...
Exploit for Deserialization of Untrusted Data in Microsoft
WSUS Security Research Toolkit !Pythonhttps://img.shields...
CVE-2025-14759
Missing cryptographic key commitment in the Amazon S3 Encryption Client for .NET may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To...
CVE-2024-58317
A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly handling the 'requireSSL' attribute, potentially compromising session...
CVE-2024-58317 Kentico Xperience <= 13.0.164 Cookie Security Configuration
A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly handling the 'requireSSL' attribute, potentially compromising session...
CVE-2025-14759
Missing cryptographic key commitment in the Amazon S3 Encryption Client for .NET may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To...
PT-2025-51880
Name of the Vulnerable Software and Affected Versions Amazon S3 Encryption Client for .NET versions prior to 3.2.0 Description A flaw exists in the Amazon S3 Encryption Client for .NET where a missing cryptographic key commitment could allow a user with write access to an S3 bucket to introduce a...
.NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL
New research has uncovered exploitation primitives in the .NET Framework that could be leveraged against enterprise-grade applications to achieve remote code execution. WatchTowr Labs, which has codenamed the "invalid cast vulnerability" SOAPwn , said the issue impacts Barracuda Service Center RM...
CVE-2025-66631 CSLA .NET is vulnerable to Remote Code Execution via WcfProxy
CSLA .NET is a framework designed for the development of reusable, object-oriented business layers for applications. Versions 5.5.4 and below allow the use of WcfProxy. WcfProxy uses the now-obsolete NetDataContractSerializer NDCS and is vulnerable to remote code execution during deserialization...
VulnCheck KEV: CVE-2020-1066
An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.The update addresses the vulnerability by...
PT-2025-44350
Name of the Vulnerable Software and Affected Versions Hospital Manager Backend Services versions prior to September 19, 2025 Description The Hospital Manager Backend Services returned detailed ASP.NET error pages for invalid requests to the ''WebResource.axd'' endpoint. These error pages revealed...
Linux Distros Unpatched Vulnerability : CVE-2025-55248
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network. CVE-2025-55248 Note...
BIT-DOTNET-SDK-2025-55248 .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network...
BIT-DOTNET-2025-55248 .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network...
Security Updates for Microsoft .NET Framework (October 2025)
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. CVE-2025-55248 Note that...
EUVD-2025-34346
Microsoft Security Advisory CVE-2025-55248: .NET Information Disclosure Vulnerability...
dotnet: .NET Denial of Service Vulnerability
A flaw was found in MSBuild’s temporary directory handling on Linux where predictable, non-randomized temporary paths are used. Local users can create or manipulate those paths before MSBuild runs, causing build failures or unexpected behavior and resulting in denial of service for build operatio...