Lucene search
K

6557 matches found

Vulnrichment
Vulnrichment
added 2025/12/18 7:53 p.m.5 views

CVE-2024-58317 Kentico Xperience <= 13.0.164 Cookie Security Configuration

A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly handling the 'requireSSL' attribute, potentially compromising session...

6.9CVSS6.7AI score0.00162EPSS
Exploits0References2
OSV
OSV
added 2025/12/17 8:7 p.m.7 views

CVE-2025-14759

Missing cryptographic key commitment in the Amazon S3 Encryption Client for .NET may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To...

6CVSS6.7AI score0.00094EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/12/17 12:0 a.m.10 views

PT-2025-51880

Name of the Vulnerable Software and Affected Versions Amazon S3 Encryption Client for .NET versions prior to 3.2.0 Description A flaw exists in the Amazon S3 Encryption Client for .NET where a missing cryptographic key commitment could allow a user with write access to an S3 bucket to introduce a...

6CVSS6.2AI score0.00094EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2025/12/10 7:21 p.m.8 views

.NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL

New research has uncovered exploitation primitives in the .NET Framework that could be leveraged against enterprise-grade applications to achieve remote code execution. WatchTowr Labs, which has codenamed the "invalid cast vulnerability" SOAPwn , said the issue impacts Barracuda Service Center RM...

10CVSS8.4AI score0.22791EPSS
Exploits1
OSV
OSV
added 2025/12/09 3:18 a.m.7 views

CVE-2025-66631 CSLA .NET is vulnerable to Remote Code Execution via WcfProxy

CSLA .NET is a framework designed for the development of reusable, object-oriented business layers for applications. Versions 5.5.4 and below allow the use of WcfProxy. WcfProxy uses the now-obsolete NetDataContractSerializer NDCS and is vulnerable to remote code execution during deserialization...

9.2CVSS8AI score0.00575EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2025/12/08 12:0 a.m.5 views

VulnCheck KEV: CVE-2020-1066

An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.The update addresses the vulnerability by...

7.8CVSS5.8AI score0.02309EPSS
In wildExploits0References2
Positive Technologies
Positive Technologies
added 2025/10/29 12:0 a.m.6 views

PT-2025-44350

Name of the Vulnerable Software and Affected Versions Hospital Manager Backend Services versions prior to September 19, 2025 Description The Hospital Manager Backend Services returned detailed ASP.NET error pages for invalid requests to the ''WebResource.axd'' endpoint. These error pages revealed...

6.9CVSS6.5AI score0.00249EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2025/10/27 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2025-55248

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network. CVE-2025-55248 Note...

5.7CVSS7.3AI score0.00681EPSS
Exploits0References2
OSV
OSV
added 2025/10/24 2:39 p.m.7 views

BIT-DOTNET-SDK-2025-55248 .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability

Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network...

5.7CVSS6.5AI score0.00681EPSS
Exploits0References2
OSV
OSV
added 2025/10/24 2:39 p.m.7 views

BIT-DOTNET-2025-55248 .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability

Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network...

5.7CVSS6.5AI score0.00681EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/10/23 12:0 a.m.5 views

Security Updates for Microsoft .NET Framework (October 2025)

The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. CVE-2025-55248 Note that...

5.7CVSS8.2AI score0.00681EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/15 5:39 p.m.7 views

EUVD-2025-34346

Microsoft Security Advisory CVE-2025-55248: .NET Information Disclosure Vulnerability...

4.8CVSS7.7AI score0.00681EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2025/10/15 4:18 p.m.3 views

dotnet: .NET Denial of Service Vulnerability

A flaw was found in MSBuild’s temporary directory handling on Linux where predictable, non-randomized temporary paths are used. Local users can create or manipulate those paths before MSBuild runs, causing build failures or unexpected behavior and resulting in denial of service for build operatio...

7.3CVSS5.7AI score0.00564EPSS
Exploits0References4
OpenVAS
OpenVAS
added 2025/10/15 12:0 a.m.29 views

Microsoft .NET Framework Remote Code Execution Vulnerability (KB5066747)

This host is missing an important security update according to Microsoft KB5066747 SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

8.8CVSS6.8AI score0.02262EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/10/15 12:0 a.m.5 views

Microsoft .NET Framework Remote Code Execution Vulnerability (KB5066746)

This host is missing an important security update according to Microsoft KB5066746 SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

8.8CVSS6.8AI score0.02262EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2025/10/15 12:0 a.m.5 views

Microsoft .NET Framework Remote Code Execution Vulnerability (KB5066738)

This host is missing an important security update according to Microsoft KB5066738 SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

8.8CVSS6.8AI score0.02262EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/10/15 12:0 a.m.6 views

RHEL 8 : .NET 8.0 (RHSA-2025:18148)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:18148 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...

9.9CVSS8.8AI score0.66258EPSS
Exploits5References8
OpenVAS
OpenVAS
added 2025/10/15 12:0 a.m.175 views

Microsoft .NET Framework Information Disclosure Vulnerability (KB5066136)

This host is missing an important security update according to Microsoft KB5066136 SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

5.7CVSS9.4AI score0.00681EPSS
Exploits0References1
OSV
OSV
added 2025/10/14 6:30 p.m.6 views

GHSA-Q8G5-RW97-F55H Duplicate Advisory: Microsoft Security Advisory CVE-2025-55247 | .NET Denial of Service Vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w3q9-fxm7-j8fq. This link is maintained to preserve external references. Original Description Improper link resolution before file access 'link following' in .NET allows an authorized attacker to elevate...

7.3CVSS6.9AI score0.00564EPSS
Exploits0References2
NVD
NVD
added 2025/10/14 5:15 p.m.4 views

CVE-2025-55247

Improper link resolution before file access 'link following' in .NET allows an authorized attacker to elevate privileges locally...

7.3CVSS0.00564EPSS
Exploits0References1
Rows per page
Query Builder