Microsoft ASP.NET (April 2026)

The Microsoft ASP.NET installations on the remote host are missing a security update. It is, therefore, affected by an elevation of privileges vulnerability: - Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network...

EUVD-2009-3432

Malware in sbrugna...

EUVD-2010-2102

Malware in sbrugna...

EUVD-2022-0467

Malicious code in bioql PyPI...

EUVD-2024-0259

Malicious code in bioql PyPI...

CVE-2010-2084

Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows remote attackers to conduct cross-site scripting XSS attacks via vectors related to an attribute...

Microsoft Visual Studio和Microsoft ASP.NET Core 安全漏洞

Microsoft Visual Studio and Microsoft ASP.NET Core are both products of Microsoft Corporation, USA. Microsoft Visual Studio is a family of development tool suites and a largely complete set of development tools that includes most of the tools needed throughout the software lifecycle. Microsoft...

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [10 February]

In cybersecurity, the smallest crack can lead to the biggest breaches. A leaked encryption key, an unpatched software bug, or an abandoned cloud storage bucket—each one seems minor until it becomes the entry point for an attack. This week, we've seen cybercriminals turn overlooked weaknesses into...

Security Bulletin: Multiple security vulnerabilities affect IBM Robotic Process Automation for Cloud Pak.

Summary Unbound is used by IBM Robotic Process Automation for Cloud Pak as part of antivirus functionality. CVE-2019-25033. ISC BIND is used by IBM Robotic Process Automation for Cloud Pak as part of Watson NLP. CVE-2022-3094. GNU Binutils is used by IBM Robotic Process Automation for Cloud Pak a...

CVE-2023-49289

Ajax.NET Professional AjaxPro is an AJAX framework for Microsoft ASP.NET which will create proxy JavaScript classes that are used on client-side to invoke methods on the web server. Affected versions of this package are vulnerable cross site scripting attacks. Releases before version 21.12.22.1 a...

Cross site scripting

Ajax.NET Professional AjaxPro is an AJAX framework for Microsoft ASP.NET which will create proxy JavaScript classes that are used on client-side to invoke methods on the web server. Affected versions of this package are vulnerable cross site scripting attacks. Releases before version 21.12.22.1 a...

CVE-2023-49289

CVE-2023-49289 affects Ajax.NET Professional (AjaxPro) for Microsoft ASP.NET. Affected versions before 21.12.22.1 are vulnerable to Cross-Site Scripting (XSS) through the proxy JavaScript generation mechanism. The vulnerability entails missing input validation/encoding in client-server interactio...

Microsoft ASP.NET Core Security Vulnerability

Microsoft ASP.NET Core is a framework of cross-platform open source framework from Microsoft. The framework is used to build cloud-based applications such as Web applications, Internet of Things applications, and mobile backends. A security vulnerability exists in Microsoft ASP.NET Core. An...

Security Updates for Microsoft ASP.NET Core (October 2023)

The version of ASP.NET core installed on the remote host is affected by a denial of service DoS vulnerability. The HTTP/2 protocol allows a denial of service server resource consumption because request cancellation can reset many streams quickly, as exploited in the wild in August through October...

Security Bulletin: A vulnerability in Microsoft ASP.NET Core may affect IBM Robotic Process Automation and result in an exposure of sensitive information (CVE-2023-35391).

Summary There is a vulnerability in Microsoft ASP.NET Core used by IBM Robotic Process Automation as part of it's infrastructure, which may allow a remote authenticated attacker to obtain sensitive information. CVE-2023-35391. This bulletin identifies the security fixes to apply to address this...

Security Bulletin: Vulnerabilities in Microsoft .NET Core and Microsoft ASP.NET may affect IBM Robotic Process Automation for Cloud Pak

Summary Microsoft .NET Core is used by IBM Robotic Process Automation for Cloud Pak as part its runtime CVE-2023-35390. Microsoft ASP.NET is used by IBM Robotic Process Automation for Cloud Pak as part of its runtime CVE-2023-38180. Vulnerability Details CVEID:CVE-2023-35390 DESCRIPTION: Microsof...

Security Bulletin: A vulnerability in Microsoft ASP.NET affects IBM Robotic Process Automation and may result in a denial of service (CVE-2022-29117)

Summary Microsoft ASP.NET is used by IBM Robotic Process Automation as part of the application framework. CVE-2022-29117 Vulnerability Details CVEID:CVE-2022-29117 DESCRIPTION: Microsoft ASP.NET and Visual Studio are vulnerable to a denial of service. By sending a specially-crafted request, a...

Microsoft ASP.NET Core Security Vulnerability

Microsoft ASP.NET Core is a framework of cross-platform open source framework from Microsoft. The framework is used to build cloud-based applications such as Web applications, Internet of Things applications, and mobile backends. ASP.NET has a security vulnerability. An attacker could exploit the...

Security Updates for Microsoft ASP.NET Core (July 2023)

Multiple vulnerabilities exist in ASP.NET Core 6.0 6.0.20 and ASP.NET Core 7.0 7.0.9. - A vulnerability exists in .NET applications where the diagnostic server can be exploited to achieve cross-session/cross-user elevation of privilege EoP and code execution. CVE-2023-33127 - A vulnerability exis...

Microsoft ASP.NET Core 安全漏洞

Microsoft ASP.NET Core is a framework of cross-platform open source framework from Microsoft. The framework is used to build cloud-based applications such as Web applications, Internet of Things applications, and mobile backends. A security vulnerability exists in Microsoft ASP.NET Core. No...