Lucene search
K

17 matches found

Snyk
Snyk
added 2026/06/09 5:5 p.m.5 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling. An attacker can exhaust system resources by sending specially crafted requests over the network, resulting in service unavailability for legitimate users. Remediation Upgrade...

8.7CVSS5.3AI score0.0243EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/18 7:10 p.m.8 views

Infinite loop

Overview Affected versions of this package are vulnerable to Infinite loop in the FormDataReader.ProcessFormKeys function when a form key contains an opening without a matching . An attacker can cause the application to become unresponsive by sending specially crafted network requests that trigge...

8.7CVSS5.8AI score0.0243EPSS
Exploits0References2
Snyk
Snyk
added 2026/04/14 11:27 p.m.11 views

HTTP Response Splitting

Overview Affected versions of this package are vulnerable to HTTP Response Splitting via the MailAddressParser.TryParseAddress function due to improper neutralisation of CRLF sequences. An attacker can impersonate another user or entity by sending specially crafted data over the network...

8.7CVSS6.2AI score0.02279EPSS
Exploits0References2
Snyk
Snyk
added 2026/03/10 6:41 p.m.5 views

Out-of-bounds Read

Overview Affected versions of this package are vulnerable to Out-of-bounds Read when decoding malformed Base64Url input. An attacker can cause a disruption of service. Remediation Upgrade Microsoft.NETCore.App.Runtime.osx-arm64 to version 9.0.14, 10.0.4 or higher. References - GitHub Commit -...

8.7CVSS5.8AI score0.02049EPSS
Exploits0References2
Snyk
Snyk
added 2025/10/14 8:32 p.m.8 views

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation of chunked HTTP requests. An attacker can bypass security restrictions and potentially access or manipulate sensitive data by sending specially crafted HTTP requests that exploit...

9.9CVSS9.2AI score0.66258EPSS
Exploits5References2
Snyk
Snyk
added 2025/09/08 2:41 p.m.6 views

Buffer Over-read

Overview Affected versions of this package are vulnerable to Buffer Over-read via the DiaSymReader.dll process. An attacker can execute arbitrary code by exploiting a buffer over-read condition when the application processes specially crafted input. This issue affects EOL ASP.NET 6.0.0 = 6.0.36 a...

8.8CVSS8.9AI score0.02262EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/08 2:41 p.m.6 views

Integer Overflow or Wraparound

Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound due to improper handling of integer values in the msdia140.dll process. An attacker can execute arbitrary code by supplying specially crafted input that triggers an integer overflow and subsequent heap-bas...

7.5CVSS8.7AI score0.01764EPSS
Exploits0References2
Snyk
Snyk
added 2025/04/08 4:0 p.m.8 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when handling very large buffered HTTP/3 header values. Remediation Upgrade Microsoft.AspNetCore.App.Runtime.osx-arm64 to version 8.0.15, 9.0.4 or higher. References - GitHub Commit -...

8.7CVSS7AI score0.01383EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/11 7:24 p.m.5 views

Improper Authentication

Overview Affected versions of this package are vulnerable to Improper Authentication in the RefreshSignInAsync function method, which does not verify the identity of the calling TUser, allowing an attacker to escalate privileges to that of another user. Remediation Upgrade...

8.3CVSS7.2AI score0.00911EPSS
Exploits1References2
Snyk
Snyk
added 2024/08/13 7:26 p.m.5 views

Cleartext Transmission of Sensitive Information

Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information via the TlsStream process. An attacker can gain access to sensitive information by intercepting unencrypted data. Remediation Upgrade Microsoft.NETCore.App.Runtime.osx-arm64 to version 8.0...

7.1CVSS6.8AI score0.0131EPSS
Exploits0References2
Snyk
Snyk
added 2024/05/14 8:31 p.m.5 views

Race Condition

Overview Affected versions of this package are vulnerable to Race Condition through the Microsoft.AspNetCore.Server.Kestrel.Core.dll component. An attacker can induce a deadlock condition leading to a denial of service by exploiting the handling of certain requests. Remediation Upgrade...

5.9CVSS6.8AI score0.01688EPSS
Exploits0References2
Snyk
Snyk
added 2024/05/14 8:30 p.m.4 views

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow due to a stack buffer overrun in the Double Parse routine. An attacker can execute arbitrary code by supplying a specially crafted input that triggers the buffer overrun. Remediation Upgrade...

6.3CVSS8AI score0.01248EPSS
Exploits0References2
Snyk
Snyk
added 2024/02/13 7:49 p.m.7 views

Resource Exhaustion

Overview Affected versions of this package are vulnerable to Resource Exhaustion due to improper handling of certain requests in applications using SignalR. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users...

7.5CVSS7AI score0.024EPSS
Exploits0References2
Snyk
Snyk
added 2024/02/13 7:43 p.m.7 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when parsing X509 certificates. Note: Windows systems are not vulnerable to this issue. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and...

7.5CVSS7.1AI score0.02707EPSS
Exploits0References2
Snyk
Snyk
added 2023/01/10 10:43 p.m.6 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS by sending an invalid request to an exposed endpoint. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike other...

7.5CVSS7AI score0.0274EPSS
Exploits0References2
Snyk
Snyk
added 2022/10/21 8:50 p.m.4 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS via excess memory allocations through HttpClient. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users. Unlike other...

7.5CVSS7.1AI score0.05041EPSS
Exploits0References2
Snyk
Snyk
added 2022/10/21 8:29 p.m.5 views

Denial of Service (DoS)

Overview Affected versions of this package are vulnerable to Denial of Service DoS when the Kestrel web server processes certain HTTP/2 and HTTP/3 requests. Details Denial of Service DoS describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users...

7.5CVSS7.9AI score0.03739EPSS
Exploits0References2
Rows per page
Query Builder