Dotnet
Monthly
OAuth2 bearer token leakage in curl and .NET occurs when HTTP redirects are followed to a second hostname that matches entries in the .netrc configuration file, allowing attackers to obtain valid authentication tokens for unintended hosts. Public exploit code exists for this vulnerability affecting curl and .NET applications that rely on OAuth2 authentication with automatic redirect handling. This medium-severity vulnerability (CVSS 5.3) requires network access but no user interaction, and patches are available from vendors.
The /api/ais-data endpoint in Navtor NavBox leaks sensitive information through unhandled exception error messages, allowing unauthenticated remote attackers to obtain verbose .NET stack traces containing internal class names, method calls, and library dependencies. This information disclosure (CWE-209) enables attackers to map the application's internal structure and identify potential attack vectors. No patch is currently available for this medium-severity vulnerability affecting .NET implementations.
Asp.Net-Core-Inventory-Order-Management-System versions up to 9.20250118. contains a security vulnerability (CVSS 6.3).
Asp.Net-Core-Inventory-Order-Management-System versions up to 9.20250118. contains a security vulnerability (CVSS 6.3).
PcVue versions 12.0.0 through 16.3.3 fail to remove default IIS and ASP.NET HTTP headers during deployment of WebVue, WebScheduler, TouchVue, and SnapVue features, allowing unauthenticated remote attackers to gather sensitive server configuration details through information disclosure. This vulnerability requires user interaction and has no available patch at this time.
NanaZip versions 5.0.1252.0 through 6.5.1637.x contain an integer underflow in the .NET Single File Application parser that allows local attackers with user privileges to cause denial of service through unbounded memory allocation when opening a specially crafted archive file. Public exploit code exists for this vulnerability. Patches are available in versions 6.0.1638.0 and 6.5.1638.0.
Out-of-bounds memory read in NanaZip versions 5.0.1252.0 through 6.0.1637.x allows local authenticated attackers to disclose in-process memory or trigger application crashes by crafting malicious .NET Single File Application bundles with malformed manifest headers. Public exploit code exists for this vulnerability, and patches are available in versions 6.0.1638.0 and 6.5.1638.0. The issue affects Dotnet and Nanazip products where a malicious user interaction with crafted archive files can bypass bounds checking during manifest parsing.
Insecure .NET Remoting deserialization in Altec DocLink (Beyond Limits) 4.0.336.0. Exposed TCP endpoints allow unauthenticated remote code execution via .NET Remoting deserialization attacks.
The Print Service component of Fiserv Originate Loans Peripherals (formerly Velocity Services) in unsupported version 2021.2.4 (build 4.7.3155.0011) uses deprecated .NET Remoting TCP channels that allow unsafe deserialization of untrusted data.
Configuration injection in OpenClaw Docker sandbox before 2026.2.15 allows escaping sandbox restrictions. Patch available.
NanaZip versions 5.0.1252.0 through 6.0.1629.0 contain an out-of-bounds heap read in the .NET Single File bundle parser that can crash the application or expose sensitive heap memory when processing malicious archive files. A local attacker with user privileges can exploit this vulnerability by crafting a specially formatted file, and public exploit code is currently available. No patch is yet available for affected users.
SD.NET RIM versions before 4.7.3c contain a SQL injection vulnerability that allows attackers to inject malicious SQL statements through POST parameters 'idtyp' and 'idgremium'. [CVSS 8.2 HIGH]
Static ASP.NET machineKey in Calero VeraSMART before 2022 R1. Hardcoded key enables ViewState deserialization attacks and cookie forgery.
Unauthenticated .NET Remoting endpoint in Calero VeraSMART before 2022 R1. TCP port 8001 exposes default Object URIs enabling deserialization attacks. EPSS 0.17%.
Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer Service (Hyland.Core.Workflow.NTService.exe).
.NET applications are vulnerable to spoofing attacks due to improper validation of a required security element, allowing unauthenticated remote attackers to forge or manipulate application data over the network. This vulnerability affects multiple .NET versions and currently has no available patch, exposing organizations to authentication bypass and data integrity risks. The attack requires no user interaction and can be exploited directly from the network.
PowerDocu versions prior to 2.4.0 allow arbitrary .NET object instantiation and code execution through unsafe deserialization of the $type property in JSON files within Flow or App packages. A local attacker with user interaction can exploit this vulnerability to achieve full system compromise. Public exploit code exists for this vulnerability, and no patch is currently available for affected versions.
Microsoft Semantic Kernel SDK has a CVSS 9.9 path traversal vulnerability enabling AI agents to access arbitrary files outside their intended scope.
Htmlsanitizer versions up to 9.0.892 is affected by improper encoding or escaping of output (CVSS 6.1).
DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. [CVSS 6.4 MEDIUM]
DNN (DotNetNuke) CMS has a stored XSS vulnerability (CVSS 9.1) allowing persistent script injection that executes for all users viewing the affected content.
Stored cross-site scripting in DNN versions 9.0.0 through 9.13.9 and 10.0.0 through 10.1.x allows high-privileged users with UI interaction to inject malicious scripts into module friendly names that execute within the Persona Bar administrative interface. An authenticated attacker with sufficient permissions could exploit this to perform administrative actions or compromise other users' sessions. No patch is currently available for affected versions.
Stored cross-site scripting in DNN versions 9.0.0 through 9.13.9 and 10.0.0 through 10.1.x allows authenticated administrators with high privileges to inject malicious scripts into log notes that execute within the PersonaBar interface. An attacker with admin credentials could perform actions as the victim or steal session data when the logs are viewed. Upgrade to DNN 9.13.10 or 10.2.0 to remediate this vulnerability.
DotNetNuke versions prior to 9.13.10 and 10.2.0 allow arbitrary script execution in the Persona Bar administrative interface through unsanitized richtext content in module descriptions. An authenticated attacker with module installation privileges can inject malicious scripts that execute in the context of administrative users, potentially compromising sensitive data or administrative functions. This vulnerability requires high privileges and user interaction to exploit, with no public patch currently available for affected versions.
Stored cross-site scripting in DNN versions 9.0.0 through 10.1.x allows content editors to inject malicious scripts into module headers and footers that execute in the browsers of other users. An authenticated editor with content creation privileges can exploit this to steal session tokens, perform actions on behalf of other users, or redirect them to malicious sites. Updates to version 9.13.10 or 10.2.0 are required to remediate the vulnerability.
Exos 9300 instances are using a randomly generated database password to connect to the configured MSSQL server. The password is derived from static random values, which are concatenated to the hostname and a random string that can be read by every user from the registry.
PopCash PopCash.Net Code Integration Tool popcashnet-code-integration-tool is affected by missing authorization (CVSS 5.3).
cardpaysolutions Payment Gateway Authorize.Net CIM for WooCommerce authnet-cim-for-woo is affected by missing authorization (CVSS 6.5).
The PeachPay - Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the ConvesioPay webhook REST endpoint in all versions up to, and including, 1.119.8. [CVSS 5.3 MEDIUM]
Changjetong T+ (through 16.x) has .NET deserialization RCE in an AjaxPro endpoint. Attacker-controlled JSON triggers deserialization of malicious .NET types. PoC available.
Entrust Instant Financial Issuance (IFI) On Premise software (formerly referred to as CardWizard) versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure in the SmartCardController service (DCG.SmartCardControllerService.exe).
AWS SDK for .NET works with Amazon Web Services to help build scalable solutions with Amazon S3, Amazon DynamoDB, Amazon Glacier, and more. From versions 4.0.0 to before 4.0.3.3, Customer applications could be configured to improperly route AWS API calls to non-existent or non-AWS hosts. This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input fie...
CVE-2025-30399 is an untrusted search path vulnerability in .NET and Visual Studio that allows unauthenticated remote attackers to execute arbitrary code through a network vector, requiring user interaction. The vulnerability affects multiple versions of .NET Framework and Visual Studio across Windows platforms. While the CVSS score is 7.5 (high), the attack complexity is high and requires user interaction, potentially limiting real-world exploitation frequency.
Critical authentication bypass vulnerability in ArchiverSpaApi ASP.NET applications caused by hard-coded JWT signing keys. An unauthenticated remote attacker can forge valid JWT tokens to bypass authentication and gain unauthorized access to protected API endpoints, potentially leading to data exfiltration, modification, or denial of service. The CVSS 8.1 score reflects high confidentiality, integrity, and availability impact, though the attack complexity is rated as high, suggesting some technical prerequisites.
Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network. [CVSS 7.0 HIGH]
OAuth2 bearer token leakage in curl and .NET occurs when HTTP redirects are followed to a second hostname that matches entries in the .netrc configuration file, allowing attackers to obtain valid authentication tokens for unintended hosts. Public exploit code exists for this vulnerability affecting curl and .NET applications that rely on OAuth2 authentication with automatic redirect handling. This medium-severity vulnerability (CVSS 5.3) requires network access but no user interaction, and patches are available from vendors.
The /api/ais-data endpoint in Navtor NavBox leaks sensitive information through unhandled exception error messages, allowing unauthenticated remote attackers to obtain verbose .NET stack traces containing internal class names, method calls, and library dependencies. This information disclosure (CWE-209) enables attackers to map the application's internal structure and identify potential attack vectors. No patch is currently available for this medium-severity vulnerability affecting .NET implementations.
Asp.Net-Core-Inventory-Order-Management-System versions up to 9.20250118. contains a security vulnerability (CVSS 6.3).
Asp.Net-Core-Inventory-Order-Management-System versions up to 9.20250118. contains a security vulnerability (CVSS 6.3).
PcVue versions 12.0.0 through 16.3.3 fail to remove default IIS and ASP.NET HTTP headers during deployment of WebVue, WebScheduler, TouchVue, and SnapVue features, allowing unauthenticated remote attackers to gather sensitive server configuration details through information disclosure. This vulnerability requires user interaction and has no available patch at this time.
NanaZip versions 5.0.1252.0 through 6.5.1637.x contain an integer underflow in the .NET Single File Application parser that allows local attackers with user privileges to cause denial of service through unbounded memory allocation when opening a specially crafted archive file. Public exploit code exists for this vulnerability. Patches are available in versions 6.0.1638.0 and 6.5.1638.0.
Out-of-bounds memory read in NanaZip versions 5.0.1252.0 through 6.0.1637.x allows local authenticated attackers to disclose in-process memory or trigger application crashes by crafting malicious .NET Single File Application bundles with malformed manifest headers. Public exploit code exists for this vulnerability, and patches are available in versions 6.0.1638.0 and 6.5.1638.0. The issue affects Dotnet and Nanazip products where a malicious user interaction with crafted archive files can bypass bounds checking during manifest parsing.
Insecure .NET Remoting deserialization in Altec DocLink (Beyond Limits) 4.0.336.0. Exposed TCP endpoints allow unauthenticated remote code execution via .NET Remoting deserialization attacks.
The Print Service component of Fiserv Originate Loans Peripherals (formerly Velocity Services) in unsupported version 2021.2.4 (build 4.7.3155.0011) uses deprecated .NET Remoting TCP channels that allow unsafe deserialization of untrusted data.
Configuration injection in OpenClaw Docker sandbox before 2026.2.15 allows escaping sandbox restrictions. Patch available.
NanaZip versions 5.0.1252.0 through 6.0.1629.0 contain an out-of-bounds heap read in the .NET Single File bundle parser that can crash the application or expose sensitive heap memory when processing malicious archive files. A local attacker with user privileges can exploit this vulnerability by crafting a specially formatted file, and public exploit code is currently available. No patch is yet available for affected users.
SD.NET RIM versions before 4.7.3c contain a SQL injection vulnerability that allows attackers to inject malicious SQL statements through POST parameters 'idtyp' and 'idgremium'. [CVSS 8.2 HIGH]
Static ASP.NET machineKey in Calero VeraSMART before 2022 R1. Hardcoded key enables ViewState deserialization attacks and cookie forgery.
Unauthenticated .NET Remoting endpoint in Calero VeraSMART before 2022 R1. TCP port 8001 exposes default Object URIs enabling deserialization attacks. EPSS 0.17%.
Hyland OnBase contains an unauthenticated .NET Remoting exposure in the OnBase Workflow Timer Service (Hyland.Core.Workflow.NTService.exe).
.NET applications are vulnerable to spoofing attacks due to improper validation of a required security element, allowing unauthenticated remote attackers to forge or manipulate application data over the network. This vulnerability affects multiple .NET versions and currently has no available patch, exposing organizations to authentication bypass and data integrity risks. The attack requires no user interaction and can be exploited directly from the network.
PowerDocu versions prior to 2.4.0 allow arbitrary .NET object instantiation and code execution through unsafe deserialization of the $type property in JSON files within Flow or App packages. A local attacker with user interaction can exploit this vulnerability to achieve full system compromise. Public exploit code exists for this vulnerability, and no patch is currently available for affected versions.
Microsoft Semantic Kernel SDK has a CVSS 9.9 path traversal vulnerability enabling AI agents to access arbitrary files outside their intended scope.
Htmlsanitizer versions up to 9.0.892 is affected by improper encoding or escaping of output (CVSS 6.1).
DotNetNuke 9.5 contains a persistent cross-site scripting vulnerability that allows normal users to upload malicious XML files with executable scripts through journal tools. [CVSS 6.4 MEDIUM]
DNN (DotNetNuke) CMS has a stored XSS vulnerability (CVSS 9.1) allowing persistent script injection that executes for all users viewing the affected content.
Stored cross-site scripting in DNN versions 9.0.0 through 9.13.9 and 10.0.0 through 10.1.x allows high-privileged users with UI interaction to inject malicious scripts into module friendly names that execute within the Persona Bar administrative interface. An authenticated attacker with sufficient permissions could exploit this to perform administrative actions or compromise other users' sessions. No patch is currently available for affected versions.
Stored cross-site scripting in DNN versions 9.0.0 through 9.13.9 and 10.0.0 through 10.1.x allows authenticated administrators with high privileges to inject malicious scripts into log notes that execute within the PersonaBar interface. An attacker with admin credentials could perform actions as the victim or steal session data when the logs are viewed. Upgrade to DNN 9.13.10 or 10.2.0 to remediate this vulnerability.
DotNetNuke versions prior to 9.13.10 and 10.2.0 allow arbitrary script execution in the Persona Bar administrative interface through unsanitized richtext content in module descriptions. An authenticated attacker with module installation privileges can inject malicious scripts that execute in the context of administrative users, potentially compromising sensitive data or administrative functions. This vulnerability requires high privileges and user interaction to exploit, with no public patch currently available for affected versions.
Stored cross-site scripting in DNN versions 9.0.0 through 10.1.x allows content editors to inject malicious scripts into module headers and footers that execute in the browsers of other users. An authenticated editor with content creation privileges can exploit this to steal session tokens, perform actions on behalf of other users, or redirect them to malicious sites. Updates to version 9.13.10 or 10.2.0 are required to remediate the vulnerability.
Exos 9300 instances are using a randomly generated database password to connect to the configured MSSQL server. The password is derived from static random values, which are concatenated to the hostname and a random string that can be read by every user from the registry.
PopCash PopCash.Net Code Integration Tool popcashnet-code-integration-tool is affected by missing authorization (CVSS 5.3).
cardpaysolutions Payment Gateway Authorize.Net CIM for WooCommerce authnet-cim-for-woo is affected by missing authorization (CVSS 6.5).
The PeachPay - Payments & Express Checkout for WooCommerce (supports Stripe, PayPal, Square, Authorize.net) plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability checks on the ConvesioPay webhook REST endpoint in all versions up to, and including, 1.119.8. [CVSS 5.3 MEDIUM]
Changjetong T+ (through 16.x) has .NET deserialization RCE in an AjaxPro endpoint. Attacker-controlled JSON triggers deserialization of malicious .NET types. PoC available.
Entrust Instant Financial Issuance (IFI) On Premise software (formerly referred to as CardWizard) versions 5.x, prior to 6.10.5, and prior to 6.11.1 contain an insecure .NET Remoting exposure in the SmartCardController service (DCG.SmartCardControllerService.exe).
AWS SDK for .NET works with Amazon Web Services to help build scalable solutions with Amazon S3, Amazon DynamoDB, Amazon Glacier, and more. From versions 4.0.0 to before 4.0.3.3, Customer applications could be configured to improperly route AWS API calls to non-existent or non-AWS hosts. This notification is related to the use of specific values for the region input field when calling AWS services. An actor with access to the environment in which the SDK is used could set the region input fie...
CVE-2025-30399 is an untrusted search path vulnerability in .NET and Visual Studio that allows unauthenticated remote attackers to execute arbitrary code through a network vector, requiring user interaction. The vulnerability affects multiple versions of .NET Framework and Visual Studio across Windows platforms. While the CVSS score is 7.5 (high), the attack complexity is high and requires user interaction, potentially limiting real-world exploitation frequency.
Critical authentication bypass vulnerability in ArchiverSpaApi ASP.NET applications caused by hard-coded JWT signing keys. An unauthenticated remote attacker can forge valid JWT tokens to bypass authentication and gain unauthorized access to protected API endpoints, potentially leading to data exfiltration, modification, or denial of service. The CVSS 8.1 score reflects high confidentiality, integrity, and availability impact, though the attack complexity is rated as high, suggesting some technical prerequisites.
Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network. [CVSS 7.0 HIGH]