6557 matches found
CVE-2024-58317 Kentico Xperience <= 13.0.164 Cookie Security Configuration
A cookie security configuration vulnerability in Kentico Xperience allows attackers to bypass SSL requirements when setting administration cookies via web.config. The vulnerability affects .NET Framework projects by incorrectly handling the 'requireSSL' attribute, potentially compromising session...
CVE-2025-14759
Missing cryptographic key commitment in the Amazon S3 Encryption Client for .NET may allow a user with write access to the S3 bucket to introduce a new EDK that decrypts to different plaintext when the encrypted data key is stored in an "instruction file" instead of S3's metadata record. To...
PT-2025-51880
Name of the Vulnerable Software and Affected Versions Amazon S3 Encryption Client for .NET versions prior to 3.2.0 Description A flaw exists in the Amazon S3 Encryption Client for .NET where a missing cryptographic key commitment could allow a user with write access to an S3 bucket to introduce a...
.NET SOAPwn Flaw Opens Door for File Writes and Remote Code Execution via Rogue WSDL
New research has uncovered exploitation primitives in the .NET Framework that could be leveraged against enterprise-grade applications to achieve remote code execution. WatchTowr Labs, which has codenamed the "invalid cast vulnerability" SOAPwn , said the issue impacts Barracuda Service Center RM...
CVE-2025-66631 CSLA .NET is vulnerable to Remote Code Execution via WcfProxy
CSLA .NET is a framework designed for the development of reusable, object-oriented business layers for applications. Versions 5.5.4 and below allow the use of WcfProxy. WcfProxy uses the now-obsolete NetDataContractSerializer NDCS and is vulnerable to remote code execution during deserialization...
VulnCheck KEV: CVE-2020-1066
An elevation of privilege vulnerability exists in .NET Framework which could allow an attacker to elevate their privilege level.To exploit the vulnerability, an attacker would first have to access the local machine, and then run a malicious program.The update addresses the vulnerability by...
PT-2025-44350
Name of the Vulnerable Software and Affected Versions Hospital Manager Backend Services versions prior to September 19, 2025 Description The Hospital Manager Backend Services returned detailed ASP.NET error pages for invalid requests to the ''WebResource.axd'' endpoint. These error pages revealed...
Linux Distros Unpatched Vulnerability : CVE-2025-55248
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network. CVE-2025-55248 Note...
BIT-DOTNET-SDK-2025-55248 .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network...
BIT-DOTNET-2025-55248 .NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network...
Security Updates for Microsoft .NET Framework (October 2025)
The Microsoft .NET Framework installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerability: - An information disclosure vulnerability. An attacker can exploit this to disclose potentially sensitive information. CVE-2025-55248 Note that...
EUVD-2025-34346
Microsoft Security Advisory CVE-2025-55248: .NET Information Disclosure Vulnerability...
dotnet: .NET Denial of Service Vulnerability
A flaw was found in MSBuild’s temporary directory handling on Linux where predictable, non-randomized temporary paths are used. Local users can create or manipulate those paths before MSBuild runs, causing build failures or unexpected behavior and resulting in denial of service for build operatio...
Microsoft .NET Framework Remote Code Execution Vulnerability (KB5066747)
This host is missing an important security update according to Microsoft KB5066747 SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...
Microsoft .NET Framework Remote Code Execution Vulnerability (KB5066746)
This host is missing an important security update according to Microsoft KB5066746 SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...
Microsoft .NET Framework Remote Code Execution Vulnerability (KB5066738)
This host is missing an important security update according to Microsoft KB5066738 SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...
RHEL 8 : .NET 8.0 (RHSA-2025:18148)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:18148 advisory. .NET is a managed-software framework. It implements a subset of the .NET framework APIs and several new APIs, and it includes a CLR...
Microsoft .NET Framework Information Disclosure Vulnerability (KB5066136)
This host is missing an important security update according to Microsoft KB5066136 SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...
GHSA-Q8G5-RW97-F55H Duplicate Advisory: Microsoft Security Advisory CVE-2025-55247 | .NET Denial of Service Vulnerability
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-w3q9-fxm7-j8fq. This link is maintained to preserve external references. Original Description Improper link resolution before file access 'link following' in .NET allows an authorized attacker to elevate...
CVE-2025-55247
Improper link resolution before file access 'link following' in .NET allows an authorized attacker to elevate privileges locally...