USN-8085-1: .NET vulnerabilities

It was discovered that the .NET Microsoft.Bcl.Memory NuGet package did not properly handle certain malformed Base64Url encoded input. An attacker could possibly use this issue to cause .NET to crash, resulting in a denial of service. This issue only affected .NET 9.0 and .NET 10.0. CVE-2026-26127...

Microsoft Patch Tuesday, March 2026 Edition

Microsoft Corp. today pushed security updates to fix at least 77 vulnerabilities in its Windows operating systems and other software. There are no pressing "zero-day" flaws this month compared to February's five zero-day treat, but as usual some patches may deserve more rapid attention from...

CVE-2026-26131 .NET Elevation of Privilege Vulnerability

...

2026-03 .NET 8.0.25 Security Update for x64 Client (KB5081277)

2026-03 .NET 8.0.25 Security Update for x64 Client KB5081277...

CVE-2026-26127

Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network...

CVE-2026-21218

Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network...

CVE-2026-21218

Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network...

January 29, 2026-KB5074828 Cumulative Update Preview for .NET Framework 3.5 and 4.8.1 for Windows 11, version 25H2

January 29, 2026-KB5074828 Cumulative Update Preview for .NET Framework 3.5 and 4.8.1 for Windows 11, version 25H2 Release Date: January 29, 2026 Version: .NET Framework 3.5 and 4.8.1 The January 29, 2026 update for Windows 11, version 25H2 includes security and cumulative reliability improvement...

Exploit for Deserialization of Untrusted Data in Microsoft

WSUS Security Research Toolkit !Pythonhttps://img.shields...

CVE-2025-14759

Missing cryptographic key commitment in the Amazon S3 Encryption Client for .NET may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To...

CVE-2024-58317

A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly handling the 'requireSSL' attribute, potentially compromising session...

CVE-2024-58317 Kentico Xperience <= 13.0.164 Cookie Security Configuration

A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly handling the 'requireSSL' attribute, potentially compromising session...

CVE-2025-14759

Missing cryptographic key commitment in the Amazon S3 Encryption Client for .NET may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To...

PT-2025-51880

Name of the Vulnerable Software and Affected Versions Amazon S3 Encryption Client for .NET versions prior to 3.2.0 Description A flaw exists in the Amazon S3 Encryption Client for .NET where a missing cryptographic key commitment could allow a user with write access to an S3 bucket to introduce a...

.NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL

New research has uncovered exploitation primitives in the .NET Framework that could be leveraged against enterprise-grade applications to achieve remote code execution. WatchTowr Labs, which has codenamed the "invalid cast vulnerability" SOAPwn , said the issue impacts Barracuda Service Center RM...

CVE-2025-66631 CSLA .NET is vulnerable to Remote Code Execution via WcfProxy

CSLA .NET is a framework designed for the development of reusable, object-oriented business layers for applications. Versions 5.5.4 and below allow the use of WcfProxy. WcfProxy uses the now-obsolete NetDataContractSerializer NDCS and is vulnerable to remote code execution during deserialization...

VulnCheck KEV: CVE-2020-1066

An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.The update addresses the vulnerability by...

PT-2025-44350

Name of the Vulnerable Software and Affected Versions Hospital Manager Backend Services versions prior to September 19, 2025 Description The Hospital Manager Backend Services returned detailed ASP.NET error pages for invalid requests to the ''WebResource.axd'' endpoint. These error pages revealed...

Linux Distros Unpatched Vulnerability : CVE-2025-55248

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network. CVE-2025-55248 Note...

BIT-DOTNET-SDK-2025-55248 .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability

Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network...