EUVD-2026-22562

Microsoft Security Advisory CVE-2026-32178 – .NET Spoofing Vulnerability...

GHSA-VMWF-M9C5-3JVC Microsoft Security Advisory CVE-2026-32178 – .NET Spoofing Vulnerability

Executive Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 8.0, .NET 9.0, and .NET 10.0. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability. A vulnerability exists in...

Serendipity has a Host Header Injection allows authentication cookie scoping to attacker-controlled domain in functions_config.inc.php

Summary The serendipitysetCookie function uses $SERVER'HTTPHOST' without validation as the domain parameter of setcookie. An attacker can force authentication cookies — including session tokens and auto-login tokens — to be scoped to an attacker-controlled domain, facilitating session hijacking...

CVE-2026-23891

Decidim is a participatory democracy framework. In versions below 0.30.5 and 0.31.0.rc1 through 0.31.0, a stored code execution vulnerability in the user name field allows a low-privileged attacker to execute arbitrary code in the context of any user who passively visits a comment page, resulting...

Vulnerabilities fixed in Microsoft Developer tools

Microsoft has fixed vulnerabilities in .NET, .NET Framework, Visual Studio and PowerShell. A malicious party can exploit the vulnerabilities to launch attacks that can lead to the following categories of damage: - Denial-of-Service DoS - Accessing sensitive data - Circumvention of a security...

CVE-2026-32178

A flaw was found in the .NET runtime System.Net.Mail in how email address data is parsed. Improper neutralization of special characters, specifically carriage return and line feed CR/LF sequences, may allow specially crafted email address input to be interpreted incorrectly. An attacker could...

CVE-2026-26171

A flaw was found in .NET. A remote attacker could exploit a vulnerability related to unsafe transforms in EncryptedXml. This could lead to a Denial of Service DoS, making the service unavailable, and a bypass of security features. Mitigation Mitigation for this issue is either not available or th...

CVE-2026-23666

A flaw was found in .NET Framework. An unauthorized attacker can exploit a race condition, which is a concurrent execution using shared resources with improper synchronization, to deny service over a network. This vulnerability can lead to a Denial of Service DoS for affected systems. Mitigation...

CVE-2026-32226

A flaw was found in .NET Framework. This vulnerability, a race condition, allows an unauthorized attacker to exploit improper synchronization when shared resources are concurrently executed. This can lead to a Denial of Service DoS over a network, making the affected system or application...

EUVD-2026-22363

Concurrent execution using shared resource with improper synchronization 'race condition' in .NET Framework allows an unauthorized attacker to deny service over a network...

CVE-2026-33116

Loop with unreachable exit condition 'infinite loop' in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network...

CVE-2026-32226

Concurrent execution using shared resource with improper synchronization 'race condition' in .NET Framework allows an unauthorized attacker to deny service over a network...

CVE-2026-23666

Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network...

2026-04 .NET Framework 3.5 Security Update (KB5084165)

2026-04 Cumulative Update for .NET Framework 3.5 for Windows 11, version 26H1 for arm64...

2026-04 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1607 for x64 (KB5082411)

2026-04 Cumulative Update for .NET Framework 4.8 for Windows 10 Version 1607 for x64 KB5082411...

2026-04 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Microsoft server operating system version 21H2 for x64 (KB5084071)

2026-04 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Microsoft server operating system version 21H2 for x64 KB5084071...

2026-04 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H2 for x64 (KB5084067)

2026-04 Cumulative Update for .NET Framework 3.5, 4.8 and 4.8.1 for Windows 10 Version 21H2 for x64 KB5084067...

2026-04 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10 Version 1809 for x64 (KB5084066)

2026-04 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10 Version 1809 for x64 KB5084066...

2026-04 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows Server 2019 for x64 (KB5084066)

2026-04 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows Server 2019 for x64 KB5084066...

2026-04 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 22H2 for ARM64 (KB5084068)

2026-04 Cumulative Update for .NET Framework 3.5 and 4.8 for Windows 10 Version 22H2 for ARM64 KB5084068...