16523 matches found
dotnet: .NET Security Feature Bypass Vulnerability
A flaw was found in ASP.NET Core’s HTTP request handling that leads to inconsistent interpretation of specially crafted HTTP requests. This mismatch can be abused by an authorized network attacker to smuggle or manipulate request boundaries, allowing bypass of security controls or unintended...
HTTP Request Smuggling
Overview Microsoft.AspNetCore.Server.Kestrel.Core is a core components of ASP.NET Core Kestrel cross-platform web server. Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation of chunked HTTP requests. An attacker can bypass security restrictions and...
HTTP Request Smuggling
Overview Microsoft.AspNetCore.App.Runtime.linux-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation of...
HTTP Request Smuggling
Overview Microsoft.AspNetCore.App.Runtime.linux-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation of...
HTTP Request Smuggling
Overview Microsoft.AspNetCore.App.Runtime.linux-musl-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation of...
HTTP Request Smuggling
Overview Microsoft.AspNetCore.App.Runtime.linux-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation of...
HTTP Request Smuggling
Overview Microsoft.AspNetCore.App.Runtime.win-x86 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation of chunke...
HTTP Request Smuggling
Overview Microsoft.AspNetCore.App.Runtime.win-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation of chunke...
HTTP Request Smuggling
Overview Microsoft.AspNetCore.App.Runtime.win-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation of...
HTTP Request Smuggling
Overview Microsoft.AspNetCore.App.Runtime.linux-musl-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation of...
HTTP Request Smuggling
Overview Microsoft.AspNetCore.App.Runtime.win-arm is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation of chunke...
HTTP Request Smuggling
Overview Microsoft.AspNetCore.App.Runtime.osx-x64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation of chunke...
HTTP Request Smuggling
Overview Microsoft.AspNetCore.App.Runtime.linux-musl-arm64 is a package providing a default set of APIs for building an ASP.NET Core application. Contains assets used for self-contained deployments. Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation ...
HTTP Request Smuggling
Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the interpretation of chunked HTTP requests. An attacker can bypass security restrictions and potentially access or manipulate sensitive data by sending specially crafted HTTP requests that exploit...
GHSA-5RRX-JJJQ-Q2R5 Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability
Microsoft Security Advisory CVE-2025-55315: .NET Security Feature Bypass Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in ASP.NET Core 10.0 , ASP.NET Core 9.0 , ASP.NET Core 8.0, and ASP.NET Core 2.3. This advisory also...
CVE-2025-55315
Inconsistent interpretation of http requests 'http request/response smuggling' in ASP.NET Core allows an authorized attacker to bypass a security feature over a network...
CVE-2025-55315
Inconsistent interpretation of http requests 'http request/response smuggling' in ASP.NET Core allows an authorized attacker to bypass a security feature over a network...
Security Bulletin: IBM DevOps Deploy / IBM UrbanCode Deploy (UCD) is susceptible to multiple vulnerabilities in Netty (CVE-2025-58056, CVE-2025-58057)
Summary Netty is used by IBM DevOps Deploy / IBM UrbanCode Deploy UCD as part of the agent-server-relay communication system and is affected by CVE-2025-58056, CVE-2025-58057. Vulnerability Details CVEID:CVE-2025-58056 DESCRIPTION: Netty is an asynchronous event-driven network application framewo...
PT-2025-42010
Name of the Vulnerable Software and Affected Versions: ASP.NET Core versions 3.0 through 7.0, and Kestrel ≤ 2.3.0 Description: This vulnerability CVE-2025-55315 is a critical HTTP request smuggling flaw in ASP.NET Core's Kestrel web server. It arises from inconsistent interpretation of HTTP...
CVE-2025-11550
A vulnerability was found in Tenda W12 3.0.0.63948. The impacted element is the function wifiScheduledSet of the file /goform/modules of the component HTTP Request Handler. The manipulation of the argument wifiScheduledSet results in null pointer dereference. The attack may be performed from...