Skip to main content

Net

82 CVEs product

Monthly

CVE-2026-57082 MEDIUM This Month

MSE Diffie-Hellman key exchange in Net::BitTorrent (Perl, all versions through 2.0.1) is rendered cryptographically transparent to passive network observers because Perl's non-cryptographic rand() function generates the 160-bit DH private key in KeyExchange.pm, and the same PRNG sequence simultaneously produces cleartext random padding transmitted during the same handshake. A passive eavesdropper who captures the handshake can recover the drand48 PRNG state from the observable padding bytes, reconstruct the private key, derive the RC4 session keys, and fully decrypt the MSE-encrypted stream - completely defeating the passive-observation obfuscation MSE is designed to provide. No public exploit has been identified at time of analysis, but the recovery is deterministic and requires only standard number theory once the handshake is captured.

Information Disclosure Net
NVD GitHub VulDB
CVSS 3.1
5.9
EPSS
0.2%
CVE-2026-57081 HIGH This Week

Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecode recurses once per nested list or dictionary level with no depth cap, and each recursive call receives the remaining buffer by value while the list and dictionary branches capture the whole remainder, so every live recursion frame keeps its own copy of the shrinking buffer (O(N^2) bytes for an N-deep input). The decoder runs on every untrusted bencode source: .torrent files, BEP09 metadata fetched from peers, DHT messages, and tracker responses. A bencoded input of roughly 150,000 nested lists (about 150 KB on the wire) drives multi-gigabyte peak memory, so one short message from any peer, or one crafted .torrent file or magnet link, terminates the client.

Information Disclosure Net
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-57080 HIGH This Week

Remote memory exhaustion in the Net::BitTorrent Perl module (all versions through 2.0.1) lets any unauthenticated peer in a torrent swarm crash the downloading process by abusing the peer-wire protocol's length-prefix framing. Because the decoder buffers an entire announced message before processing and trusts an attacker-supplied length prefix of up to ~4 GiB, a single malicious peer can drive the victim's memory toward exhaustion. There is no public exploit identified at time of analysis and no CISA KEV listing, but the attack is trivial and requires no authentication; EPSS data was not provided.

Denial Of Service Net
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.3%
CVE-2026-57079 MEDIUM This Month

Arbitrary file write in Net::BitTorrent 2.0.1 and earlier allows a malicious BitTorrent peer to place attacker-controlled content at attacker-chosen filesystem paths outside the designated download directory. The library validates path components on the .torrent ingest path but omits identical validation for peer-supplied metadata received via the BEP09 ut_metadata extension, causing file names containing '..' segments to resolve to traversal targets when passed to Storage::add_file. Because the attacking peer controls both the piece hashes and the served bytes, content verification passes silently, making the write invisible to the application. No public exploit has been identified at time of analysis, and this CVE is not listed in CISA KEV.

Path Traversal Net
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2026-11373 CRITICAL PATCH Act Now

Metric injection in the Perl module Net::Statsite::Client through version 1.1.0 allows attackers controlling metric names or values to inject arbitrary statsite protocol commands by smuggling newlines, colons, and pipe characters that the library fails to sanitize. The flaw maps to CWE-93 (CRLF Injection) and affects any application that forwards untrusted input into metric reporting. No public exploit identified at time of analysis, and the issue is not on CISA KEV.

Code Injection Net
NVD
CVSS 3.1
9.1
EPSS
0.4%
CVE-2026-45591 NuGet HIGH PATCH GHSA Exploit Unlikely This Week

Remote denial of service in ASP.NET Core enables unauthenticated network attackers to exhaust server resources and disrupt application availability. The CVSS 7.5 score reflects high availability impact with low attack complexity and no required privileges or user interaction, though no public exploit identified at time of analysis. Microsoft (secure@microsoft.com) is the reporting source via MSRC, indicating a vendor-coordinated disclosure.

Denial Of Service Asp Net Core Visual Studio 2026 Net
NVD VulDB GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2026-45491 NuGet MEDIUM POC PATCH GHSA This Month

Local file tampering via symlink/junction following in Microsoft .NET runtimes 8.0, 9.0, and 10.0 allows a local unauthenticated attacker to redirect file operations to unintended targets, achieving high-integrity impact without requiring elevated privileges. The vulnerability stems from improper link resolution (CWE-59) before file access, enabling unauthorized modification of files the attacker would otherwise lack write access to. No public exploit identified at time of analysis and no CISA KEV listing, but the low attack complexity (AC:L) and absence of privilege requirements (PR:N) make exploitation straightforward for any actor with local access.

Authentication Bypass Net
NVD VulDB GitHub
CVSS 3.1
5.5
EPSS
0.1%
CVE-2026-45490 HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft .NET allows an authenticated low-privileged user to elevate to higher privileges through an improper authorization flaw (CWE-285). The vulnerability carries a CVSS 7.8 (High) rating with local attack vector and low complexity, and no public exploit identified at time of analysis. Tagged as an Authentication Bypass, it requires an existing foothold on the host but no user interaction once that foothold is established.

Authentication Bypass Net
NVD VulDB
CVSS 3.1
7.8
EPSS
0.1%
CVE-2026-49941 HIGH PATCH This Week

Denial of service in the Perl module Net::CIDR::Set through version 0.20 allows remote unauthenticated attackers to trigger indefinite recursion by submitting malformed IP address strings to the add() method. The flaw stems from missing input validation when parsing addresses, causing the parser to re-enter itself without a termination condition. No public exploit identified at time of analysis, but the issue is trivially reproducible and a fixed version 0.21 has been released on CPAN.

Denial Of Service Net
NVD VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-46739 MEDIUM PATCH This Month

Metric injection in Net::Statsd for Perl (all versions before 0.13) allows network-reachable, unauthenticated attackers to forge additional StatsD metric lines by embedding newlines, colons, or pipes in metric names or values passed through the library. Any application that feeds untrusted external input into Net::Statsd method calls without prior sanitization is directly exposed, because the wire format uses those characters as delimiters between metrics in a single UDP datagram. No public exploit code exists and this vulnerability is not listed in CISA KEV; however, the CVSS AV:N/AC:L/PR:N/UI:N surface warrants prompt patching wherever user-controlled strings reach metric instrumentation calls.

Code Injection Net
NVD GitHub VulDB
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-8722 MEDIUM This Month

Metric name injection in Net::Async::Statsd::Client (Perl, versions through 0.005) allows network-reachable, unauthenticated attackers to inject arbitrary StatsD metrics by supplying untrusted input containing unfiltered newlines, colons, or pipe characters. Because the StatsD wire protocol uses these characters as structural delimiters, unsanitized metric names sourced from user-controlled data can be interpreted as additional, attacker-controlled metrics by the receiving StatsD server. No public exploit identified at time of analysis and EPSS sits at the 9th percentile (0.03%), indicating low observed exploitation pressure, but any Perl application forwarding externally-supplied values as StatsD metric names is directly in scope.

Code Injection Net
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-46719 MEDIUM PATCH This Month

Metric injection in Net::Statsd::Lite (Perl) affects all releases before v0.9.0, allowing unauthenticated remote attackers to inject arbitrary statsd metrics by embedding newline, colon, or pipe characters into metric names derived from untrusted input. Because the statsd wire protocol uses these characters as record separators and field delimiters, an unsanitized metric name can smuggle additional forged metrics into the UDP stream transmitted to a statsd daemon, corrupting monitoring and telemetry data. No public exploit code exists at time of analysis and the EPSS score of 0.01% (1st percentile) indicates negligible observed exploitation activity; however, the patch diff makes exploitation trivially constructible by any attacker who can influence metric name values in a vulnerable application.

Code Injection Net
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-45190 MEDIUM PATCH This Month

Net::CIDR::Lite Perl module versions before 0.24 fail to properly validate IP address and CIDR mask inputs, allowing attackers to bypass IP-based access control lists by supplying malformed addresses that are re-encoded differently by the parser. Inputs with trailing newlines or non-ASCII digit characters pass validation but resolve to unintended IP addresses, causing find() and bin_find() functions to incorrectly match or miss addresses. This affects network security controls that rely on CIDR matching for authorization decisions.

Authentication Bypass Net Red Hat Suse
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-33811 Go HIGH POC PATCH This Week

Memory corruption in Go's net library (versions <1.25.10 and 1.26.0-1.26.2) leads to application crash when parsing maliciously crafted CNAME DNS responses. Remote attackers can trigger double-free of C memory in the cgo DNS resolver's LookupCNAME function by sending excessively long CNAME records, causing immediate denial of service. EPSS score of 0.01% (1st percentile) indicates minimal observed exploitation activity despite network-accessible attack vector and no authentication requirement. Vendor patch available via Go 1.25.10 and 1.26.3.

Denial Of Service Net
NVD VulDB GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2026-40199 MEDIUM PATCH This Month

Net::CIDR::Lite before version 0.23 for Perl incorrectly handles RFC 4291 IPv4-mapped IPv6 addresses (::ffff:x.x.x.x) by including an extra sentinel byte during packing, resulting in 18-byte instead of 17-byte representations. This misalignment causes the find() and bin_find() functions to return incorrect matching results during IP address lookup operations, enabling attackers to bypass IP-based access control lists by crafting addresses that fall outside intended CIDR ranges. No active exploitation has been identified, but the low EPSS score (0.02%) masks the authentication bypass tag, suggesting limited real-world triggering conditions despite the 6.5 CVSS score.

Authentication Bypass Net
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2026-40198 HIGH PATCH This Week

IPv6 address validation bypass in Net::CIDR::Lite for Perl (versions <0.23) allows remote attackers to circumvent IP access control lists without authentication. The _pack_ipv6() function fails to validate that uncompressed IPv6 addresses contain exactly 8 hexadecimal groups, accepting malformed inputs like 'abcd' or '1:2:3' and producing incorrect packed representations. This causes find() and bin_find() methods to incorrectly match addresses against CIDR ranges, enabling ACL bypass. Exploitati

Authentication Bypass Net
NVD GitHub VulDB
CVSS 3.1
7.5
EPSS
0.0%
CVE-2024-57854 CRITICAL PATCH Act Now

Weak PRNG in Net::NSCA::Client through 0.009002 for Perl. Patch available.

Information Disclosure Net
NVD
CVSS 3.1
9.1
EPSS
0.0%
CVE-2025-26646 NuGet HIGH PATCH This Week

External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Build Tools Visual Studio 2022 Net Red Hat +1
NVD
CVSS 3.1
8.0
EPSS
0.3%
CVE-2025-43857 Ruby MEDIUM PATCH This Month

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Net Red Hat Suse
NVD GitHub
CVSS 4.0
6.0
EPSS
0.5%
CVE-2024-58036 MEDIUM PATCH This Month

Net::Dropbox::API 1.9 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Net Suse
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2025-21176 NuGet HIGH PATCH This Month

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Net Visual Studio 2017 Net Framework +2
NVD HeroDevs
CVSS 3.1
8.8
EPSS
1.4%
CVE-2025-21173 HIGH PATCH This Month

.NET Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Visual Studio 2022 Net Red Hat Suse
NVD HeroDevs
CVSS 3.1
7.3
EPSS
2.0%
CVE-2025-21172 NuGet HIGH PATCH This Month

.NET and Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow RCE Net Visual Studio 2017 +4
NVD HeroDevs
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-21171 NuGet HIGH PATCH This Month

.NET Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow RCE Net Powershell +3
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2024-43499 NuGet HIGH PATCH This Week

.NET and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Net Visual Studio 2022
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2024-43498 NuGet CRITICAL PATCH Act Now

.NET and Visual Studio Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

RCE Memory Corruption Net Visual Studio 2022
NVD
CVSS 3.1
9.8
EPSS
3.5%
CVE-2024-38081 NuGet HIGH PATCH This Week

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Information Disclosure Net Framework Net Visual Studio 2022
NVD
CVSS 3.1
7.3
EPSS
1.3%
CVE-2024-21319 NuGet MEDIUM PATCH This Month

Microsoft Identity Denial of service vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Denial Of Service Net Identity Model Visual Studio 2022
NVD
CVSS 3.1
6.8
EPSS
0.6%
CVE-2024-20672 HIGH PATCH This Month

Multiple vulnerabilities in TRENDnet TEW-827DRU router including command injection and insecure passwords. PoC available.

Denial Of Service Net
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-0057 NuGet CRITICAL PATCH This Week

NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Powershell Visual Studio 2022 Net Framework Net
NVD
CVSS 3.1
9.1
EPSS
3.6%
CVE-2024-0056 NuGet HIGH PATCH This Month

Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required.

Microsoft Authentication Bypass Microsoft Data Sqlclient Sql Server System Data Sqlclient +3
NVD
CVSS 3.1
8.7
EPSS
0.9%
CVE-2023-36558 NuGet MEDIUM PATCH This Month

ASP.NET Core Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Net Asp Net Core Visual Studio 2022
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2023-36049 NuGet CRITICAL PATCH Act Now

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Net Framework Net Visual Studio 2022
NVD
CVSS 3.1
9.8
EPSS
12.5%
CVE-2023-38171 NuGet HIGH PATCH This Week

Microsoft QUIC Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Microsoft Net Visual Studio 2022 +2
NVD
CVSS 3.1
7.5
EPSS
69.5%
CVE-2023-36435 NuGet HIGH PATCH This Week

Microsoft QUIC Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Microsoft Net Windows 11 21H2 Windows 11 22h2 +1
NVD
CVSS 3.1
7.5
EPSS
5.5%
CVE-2023-36799 NuGet MEDIUM PATCH This Month

.NET Core and Visual Studio Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Net Visual Studio 2022
NVD
CVSS 3.1
6.5
EPSS
4.7%
CVE-2023-36796 NuGet HIGH PATCH This Week

Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow RCE Net Framework Net Visual Studio 2017 +2
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2023-36794 NuGet HIGH PATCH This Week

Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow RCE Net Framework Net Visual Studio 2017 +2
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2023-36793 NuGet HIGH PATCH This Week

Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow Net Framework Net +3
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2023-36792 NuGet HIGH PATCH This Week

Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Net Framework Net Visual Studio 2017 +2
NVD
CVSS 3.1
7.8
EPSS
1.4%
CVE-2023-38180 NuGet HIGH KEV PATCH THREAT This Week

.NET and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Net Asp Net Core Visual Studio 2022 Fedora
NVD
CVSS 3.1
7.5
EPSS
15.5%
CVE-2023-35391 NuGet HIGH PATCH This Week

ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Net Asp Net Core Visual Studio 2022
NVD
CVSS 3.1
7.5
EPSS
1.9%
CVE-2023-38178 NuGet HIGH PATCH This Week

.NET Core and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Net Visual Studio 2022
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2023-35390 NuGet HIGH PATCH This Week

.NET and Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Net Visual Studio 2022
NVD
CVSS 3.1
7.8
EPSS
2.5%
CVE-2023-33170 NuGet HIGH PATCH This Week

ASP.NET and Visual Studio Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Race Condition Authentication Bypass Net Visual Studio 2022 Fedora
NVD
CVSS 3.1
8.1
EPSS
2.1%
CVE-2023-33127 NuGet HIGH PATCH This Week

.NET and Visual Studio Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Net Visual Studio 2022
NVD
CVSS 3.1
8.1
EPSS
1.9%
CVE-2023-29331 NuGet HIGH PATCH This Week

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Net Framework Net
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2023-24936 NuGet HIGH PATCH This Week

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Net Framework Net
NVD
CVSS 3.1
7.5
EPSS
1.6%
CVE-2023-24897 NuGet HIGH PATCH This Week

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow Net Framework Net +4
NVD
CVSS 3.1
7.8
EPSS
1.2%
CVE-2023-24895 NuGet HIGH PATCH This Week

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Net Framework Net Visual Studio 2022
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2023-33135 HIGH PATCH This Week

.NET and Visual Studio Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Information Disclosure Net Visual Studio 2022
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2023-33128 NuGet HIGH PATCH This Week

.NET and Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Net Visual Studio 2022
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2023-33126 NuGet HIGH PATCH This Week

.NET and Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

RCE Net Visual Studio 2022
NVD
CVSS 3.1
7.3
EPSS
1.0%
CVE-2023-32032 MEDIUM PATCH This Month

.NET and Visual Studio Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5).

Information Disclosure Net Visual Studio 2022
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2023-28260 NuGet HIGH PATCH This Week

.NET DLL Hijacking Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Net Visual Studio 2022
NVD
CVSS 3.1
7.8
EPSS
1.5%
CVE-2023-21808 NuGet HIGH PATCH This Week

.NET and Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption Net Visual Studio 2017 +3
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2023-21538 NuGet HIGH PATCH This Week

.NET Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Deserialization Net Powershell Fedora
NVD
CVSS 3.1
7.5
EPSS
2.7%
CVE-2022-41032 NuGet HIGH PATCH This Week

NuGet Client Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Net Net Core Visual Studio 2019 Visual Studio 2022 +1
NVD
CVSS 3.1
7.8
EPSS
1.1%
CVE-2022-38013 NuGet HIGH PATCH This Week

.NET Core and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Net Net Core Visual Studio 2019 Visual Studio 2022 +1
NVD VulDB
CVSS 3.1
7.5
EPSS
1.8%
CVE-2022-34716 NuGet MEDIUM PATCH This Month

.NET Spoofing Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Net Net Core Powershell
NVD
CVSS 3.1
5.9
EPSS
1.9%
CVE-2022-30184 NuGet MEDIUM PATCH This Month

.NET and Visual Studio Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Visual Studio 2022 Net Net Core Nuget +2
NVD
CVSS 3.1
5.5
EPSS
5.3%
CVE-2022-29145 NuGet HIGH PATCH This Week

.NET and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Net Net Core Visual Studio 2019 Visual Studio 2022 +1
NVD VulDB
CVSS 3.1
7.5
EPSS
4.8%
CVE-2022-29117 NuGet HIGH PATCH This Week

.NET and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Net Net Core Visual Studio 2019 Visual Studio 2022 +1
NVD VulDB
CVSS 3.1
7.5
EPSS
2.2%
CVE-2022-23267 NuGet HIGH PATCH This Week

.NET and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Net Net Core Powershell Visual Studio 2019 +2
NVD
CVSS 3.1
7.5
EPSS
5.0%
CVE-2022-24512 NuGet MEDIUM PATCH This Month

.NET and Visual Studio Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Net Net Core Powershell +3
NVD VulDB
CVSS 3.1
6.3
EPSS
0.2%
CVE-2022-24464 NuGet HIGH PATCH This Week

.NET and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Net Net Core Visual Studio 2019 Visual Studio 2022 +1
NVD VulDB
CVSS 3.1
7.5
EPSS
1.2%
CVE-2021-41355 NuGet MEDIUM PATCH This Month

.NET Core and Visual Studio Information Disclosure Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Net Powershell Visual Studio 2019
NVD
CVSS 3.1
5.7
EPSS
20.3%
CVE-2021-34485 NuGet MEDIUM PATCH This Month

.NET Core and Visual Studio Information Disclosure Vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.

Information Disclosure Net Net Core Powershell Core Visual Studio 2017 +1
NVD
CVSS 3.1
5.0
EPSS
1.3%
CVE-2021-26423 NuGet HIGH PATCH This Week

.NET Core and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Net Net Core Powershell Core Visual Studio 2017 +1
NVD
CVSS 3.1
7.5
EPSS
3.9%
CVE-2021-31957 MEDIUM PATCH This Month

ASP.NET Core Denial of Service Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Net Net Core Visual Studio 2019 Fedora
NVD
CVSS 3.1
5.9
EPSS
5.1%
CVE-2021-31204 HIGH PATCH This Week

.NET and Visual Studio Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Information Disclosure Net Net Core Visual Studio 2019 Fedora
NVD
CVSS 3.1
7.3
EPSS
1.4%
CVE-2021-26701 NuGet HIGH PATCH This Week

.NET Core Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Net Net Core Powershell Core Visual Studio 2019 +1
NVD
CVSS 3.1
8.1
EPSS
30.3%
CVE-2021-24112 NuGet HIGH PATCH This Week

.NET Core Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Net Net Core Mono Visual Studio 2019
NVD
CVSS 3.1
8.1
EPSS
3.3%
CVE-2021-1721 NuGet MEDIUM PATCH This Month

.NET Core and Visual Studio Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Net Net Core Powershell Core Visual Studio 2017 +1
NVD
CVSS 3.1
6.5
EPSS
3.3%
CVE-2020-8927 LIB MEDIUM PATCH This Month

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Brotli Debian Linux Fedora Ubuntu Linux +6
NVD GitHub
CVSS 3.1
6.5
EPSS
3.2%
CVE-2020-1108 NuGet HIGH PATCH This Week

A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Net Net Core Net Framework Visual Studio 2017 +3
NVD
CVSS 3.1
7.5
EPSS
11.7%
CVE-2018-17848 Go HIGH POC PATCH This Week

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Net Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.7%
CVE-2018-17847 Go HIGH POC PATCH This Week

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading to a "panic: runtime error" (index out of range) in (*nodeStack).pop in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Net Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2018-17846 Go HIGH PATCH This Week

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Net Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.6%
CVE-2018-17143 Go HIGH POC PATCH This Week

The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Net Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2018-17142 Go HIGH POC PATCH This Week

The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Net Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
CVE-2018-17075 Go HIGH POC PATCH This Week

The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of <template><object>, <template><applet>, or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Apple Net Fedora
NVD GitHub
CVSS 3.1
7.5
EPSS
2.8%
EPSS 0% CVSS 5.9
MEDIUM This Month

MSE Diffie-Hellman key exchange in Net::BitTorrent (Perl, all versions through 2.0.1) is rendered cryptographically transparent to passive network observers because Perl's non-cryptographic rand() function generates the 160-bit DH private key in KeyExchange.pm, and the same PRNG sequence simultaneously produces cleartext random padding transmitted during the same handshake. A passive eavesdropper who captures the handshake can recover the drand48 PRNG state from the observable padding bytes, reconstruct the private key, derive the RC4 session keys, and fully decrypt the MSE-encrypted stream - completely defeating the passive-observation obfuscation MSE is designed to provide. No public exploit has been identified at time of analysis, but the recovery is deterministic and requires only standard number theory once the handshake is captured.

Information Disclosure Net
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Net::BitTorrent versions through 2.0.1 for Perl allow remote memory exhaustion via deeply nested bencoded input. bdecode recurses once per nested list or dictionary level with no depth cap, and each recursive call receives the remaining buffer by value while the list and dictionary branches capture the whole remainder, so every live recursion frame keeps its own copy of the shrinking buffer (O(N^2) bytes for an N-deep input). The decoder runs on every untrusted bencode source: .torrent files, BEP09 metadata fetched from peers, DHT messages, and tracker responses. A bencoded input of roughly 150,000 nested lists (about 150 KB on the wire) drives multi-gigabyte peak memory, so one short message from any peer, or one crafted .torrent file or magnet link, terminates the client.

Information Disclosure Net
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Remote memory exhaustion in the Net::BitTorrent Perl module (all versions through 2.0.1) lets any unauthenticated peer in a torrent swarm crash the downloading process by abusing the peer-wire protocol's length-prefix framing. Because the decoder buffers an entire announced message before processing and trusts an attacker-supplied length prefix of up to ~4 GiB, a single malicious peer can drive the victim's memory toward exhaustion. There is no public exploit identified at time of analysis and no CISA KEV listing, but the attack is trivial and requires no authentication; EPSS data was not provided.

Denial Of Service Net
NVD GitHub VulDB
EPSS 0% CVSS 5.3
MEDIUM This Month

Arbitrary file write in Net::BitTorrent 2.0.1 and earlier allows a malicious BitTorrent peer to place attacker-controlled content at attacker-chosen filesystem paths outside the designated download directory. The library validates path components on the .torrent ingest path but omits identical validation for peer-supplied metadata received via the BEP09 ut_metadata extension, causing file names containing '..' segments to resolve to traversal targets when passed to Storage::add_file. Because the attacking peer controls both the piece hashes and the served bytes, content verification passes silently, making the write invisible to the application. No public exploit has been identified at time of analysis, and this CVE is not listed in CISA KEV.

Path Traversal Net
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Metric injection in the Perl module Net::Statsite::Client through version 1.1.0 allows attackers controlling metric names or values to inject arbitrary statsite protocol commands by smuggling newlines, colons, and pipe characters that the library fails to sanitize. The flaw maps to CWE-93 (CRLF Injection) and affects any application that forwards untrusted input into metric reporting. No public exploit identified at time of analysis, and the issue is not on CISA KEV.

Code Injection Net
NVD
EPSS 2% CVSS 7.5
HIGH PATCH Exploit Unlikely This Week

Remote denial of service in ASP.NET Core enables unauthenticated network attackers to exhaust server resources and disrupt application availability. The CVSS 7.5 score reflects high availability impact with low attack complexity and no required privileges or user interaction, though no public exploit identified at time of analysis. Microsoft (secure@microsoft.com) is the reporting source via MSRC, indicating a vendor-coordinated disclosure.

Denial Of Service Asp Net Core Visual Studio 2026 +1
NVD VulDB GitHub
EPSS 0% CVSS 5.5
MEDIUM POC PATCH This Month

Local file tampering via symlink/junction following in Microsoft .NET runtimes 8.0, 9.0, and 10.0 allows a local unauthenticated attacker to redirect file operations to unintended targets, achieving high-integrity impact without requiring elevated privileges. The vulnerability stems from improper link resolution (CWE-59) before file access, enabling unauthorized modification of files the attacker would otherwise lack write access to. No public exploit identified at time of analysis and no CISA KEV listing, but the low attack complexity (AC:L) and absence of privilege requirements (PR:N) make exploitation straightforward for any actor with local access.

Authentication Bypass Net
NVD VulDB GitHub
EPSS 0% CVSS 7.8
HIGH PATCH Exploit Unlikely This Week

Local privilege escalation in Microsoft .NET allows an authenticated low-privileged user to elevate to higher privileges through an improper authorization flaw (CWE-285). The vulnerability carries a CVSS 7.8 (High) rating with local attack vector and low complexity, and no public exploit identified at time of analysis. Tagged as an Authentication Bypass, it requires an existing foothold on the host but no user interaction once that foothold is established.

Authentication Bypass Net
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in the Perl module Net::CIDR::Set through version 0.20 allows remote unauthenticated attackers to trigger indefinite recursion by submitting malformed IP address strings to the add() method. The flaw stems from missing input validation when parsing addresses, causing the parser to re-enter itself without a termination condition. No public exploit identified at time of analysis, but the issue is trivially reproducible and a fixed version 0.21 has been released on CPAN.

Denial Of Service Net
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

Metric injection in Net::Statsd for Perl (all versions before 0.13) allows network-reachable, unauthenticated attackers to forge additional StatsD metric lines by embedding newlines, colons, or pipes in metric names or values passed through the library. Any application that feeds untrusted external input into Net::Statsd method calls without prior sanitization is directly exposed, because the wire format uses those characters as delimiters between metrics in a single UDP datagram. No public exploit code exists and this vulnerability is not listed in CISA KEV; however, the CVSS AV:N/AC:L/PR:N/UI:N surface warrants prompt patching wherever user-controlled strings reach metric instrumentation calls.

Code Injection Net
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM This Month

Metric name injection in Net::Async::Statsd::Client (Perl, versions through 0.005) allows network-reachable, unauthenticated attackers to inject arbitrary StatsD metrics by supplying untrusted input containing unfiltered newlines, colons, or pipe characters. Because the StatsD wire protocol uses these characters as structural delimiters, unsanitized metric names sourced from user-controlled data can be interpreted as additional, attacker-controlled metrics by the receiving StatsD server. No public exploit identified at time of analysis and EPSS sits at the 9th percentile (0.03%), indicating low observed exploitation pressure, but any Perl application forwarding externally-supplied values as StatsD metric names is directly in scope.

Code Injection Net
NVD VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Metric injection in Net::Statsd::Lite (Perl) affects all releases before v0.9.0, allowing unauthenticated remote attackers to inject arbitrary statsd metrics by embedding newline, colon, or pipe characters into metric names derived from untrusted input. Because the statsd wire protocol uses these characters as record separators and field delimiters, an unsanitized metric name can smuggle additional forged metrics into the UDP stream transmitted to a statsd daemon, corrupting monitoring and telemetry data. No public exploit code exists at time of analysis and the EPSS score of 0.01% (1st percentile) indicates negligible observed exploitation activity; however, the patch diff makes exploitation trivially constructible by any attacker who can influence metric name values in a vulnerable application.

Code Injection Net
NVD GitHub VulDB
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Net::CIDR::Lite Perl module versions before 0.24 fail to properly validate IP address and CIDR mask inputs, allowing attackers to bypass IP-based access control lists by supplying malformed addresses that are re-encoded differently by the parser. Inputs with trailing newlines or non-ASCII digit characters pass validation but resolve to unintended IP addresses, causing find() and bin_find() functions to incorrectly match or miss addresses. This affects network security controls that rely on CIDR matching for authorization decisions.

Authentication Bypass Net Red Hat +1
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH POC PATCH This Week

Memory corruption in Go's net library (versions <1.25.10 and 1.26.0-1.26.2) leads to application crash when parsing maliciously crafted CNAME DNS responses. Remote attackers can trigger double-free of C memory in the cgo DNS resolver's LookupCNAME function by sending excessively long CNAME records, causing immediate denial of service. EPSS score of 0.01% (1st percentile) indicates minimal observed exploitation activity despite network-accessible attack vector and no authentication requirement. Vendor patch available via Go 1.25.10 and 1.26.3.

Denial Of Service Net
NVD VulDB GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

Net::CIDR::Lite before version 0.23 for Perl incorrectly handles RFC 4291 IPv4-mapped IPv6 addresses (::ffff:x.x.x.x) by including an extra sentinel byte during packing, resulting in 18-byte instead of 17-byte representations. This misalignment causes the find() and bin_find() functions to return incorrect matching results during IP address lookup operations, enabling attackers to bypass IP-based access control lists by crafting addresses that fall outside intended CIDR ranges. No active exploitation has been identified, but the low EPSS score (0.02%) masks the authentication bypass tag, suggesting limited real-world triggering conditions despite the 6.5 CVSS score.

Authentication Bypass Net
NVD GitHub VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

IPv6 address validation bypass in Net::CIDR::Lite for Perl (versions <0.23) allows remote attackers to circumvent IP access control lists without authentication. The _pack_ipv6() function fails to validate that uncompressed IPv6 addresses contain exactly 8 hexadecimal groups, accepting malformed inputs like 'abcd' or '1:2:3' and producing incorrect packed representations. This causes find() and bin_find() methods to incorrectly match addresses against CIDR ranges, enabling ACL bypass. Exploitati

Authentication Bypass Net
NVD GitHub VulDB
EPSS 0% CVSS 9.1
CRITICAL PATCH Act Now

Weak PRNG in Net::NSCA::Client through 0.009002 for Perl. Patch available.

Information Disclosure Net
NVD
EPSS 0% CVSS 8.0
HIGH PATCH This Week

External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network. Rated high severity (CVSS 8.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Build Tools Visual Studio 2022 +3
NVD
EPSS 1% CVSS 6.0
MEDIUM PATCH This Month

Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Rated medium severity (CVSS 6.0), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Net Red Hat +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

Net::Dropbox::API 1.9 and earlier for Perl uses the rand() function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Net Suse
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Month

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Buffer Overflow Net +4
NVD HeroDevs
EPSS 2% CVSS 7.3
HIGH PATCH This Month

.NET Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Visual Studio 2022 Net +2
NVD HeroDevs
EPSS 0% CVSS 7.5
HIGH PATCH This Month

.NET and Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow RCE +6
NVD HeroDevs
EPSS 1% CVSS 7.5
HIGH PATCH This Month

.NET Remote Code Execution Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Heap Overflow Buffer Overflow RCE +5
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

.NET and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Net Visual Studio 2022
NVD
EPSS 4% CVSS 9.8
CRITICAL PATCH Act Now

.NET and Visual Studio Remote Code Execution Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Access of Resource Using Incompatible Type (Type Confusion) vulnerability could allow attackers to execute arbitrary code by exploiting type confusion in the application.

RCE Memory Corruption Net +1
NVD
EPSS 1% CVSS 7.3
HIGH PATCH This Week

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Information Disclosure Net Framework Net +1
NVD
EPSS 1% CVSS 6.8
MEDIUM PATCH This Month

Microsoft Identity Denial of service vulnerability. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity.

Microsoft Denial Of Service Net +2
NVD
EPSS 1% CVSS 7.5
HIGH PATCH This Month

Multiple vulnerabilities in TRENDnet TEW-827DRU router including command injection and insecure passwords. PoC available.

Denial Of Service Net
NVD
EPSS 4% CVSS 9.1
CRITICAL PATCH This Week

NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Powershell Visual Studio 2022 +2
NVD
EPSS 1% CVSS 8.7
HIGH PATCH This Month

Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required.

Microsoft Authentication Bypass Microsoft Data Sqlclient +5
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

ASP.NET Core Security Feature Bypass Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity.

Authentication Bypass Net Asp Net Core +1
NVD
EPSS 13% CVSS 9.8
CRITICAL PATCH Act Now

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Net Framework Net +1
NVD
EPSS 69% CVSS 7.5
HIGH PATCH This Week

Microsoft QUIC Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This NULL Pointer Dereference vulnerability could allow attackers to crash the application by dereferencing a null pointer.

Denial Of Service Null Pointer Dereference Microsoft +4
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

Microsoft QUIC Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Microsoft Net +3
NVD
EPSS 5% CVSS 6.5
MEDIUM PATCH This Month

.NET Core and Visual Studio Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Net Visual Studio 2022
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow RCE Net Framework +4
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Integer Overflow RCE Net Framework +4
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow +5
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Integer Overflow vulnerability could allow attackers to cause unexpected behavior through arithmetic overflow.

Integer Overflow RCE Net Framework +4
NVD
EPSS 16% CVSS 7.5
HIGH KEV PATCH THREAT This Week

.NET and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Net Asp Net Core +2
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Net Asp Net Core +1
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

.NET Core and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Net Visual Studio 2022
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

.NET and Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Command Injection vulnerability could allow attackers to inject arbitrary commands into system command execution.

RCE Command Injection Net +1
NVD
EPSS 2% CVSS 8.1
HIGH PATCH This Week

ASP.NET and Visual Studio Security Feature Bypass Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Race Condition Authentication Bypass Net +2
NVD
EPSS 2% CVSS 8.1
HIGH PATCH This Week

.NET and Visual Studio Elevation of Privilege Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Net Visual Studio 2022
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Net Framework Net
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Net Framework Net
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow RCE Heap Overflow +6
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity.

RCE Net Framework Net +1
NVD
EPSS 1% CVSS 7.3
HIGH PATCH This Week

.NET and Visual Studio Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Information Disclosure Net Visual Studio 2022
NVD
EPSS 1% CVSS 7.3
HIGH PATCH This Week

.NET and Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption +2
NVD
EPSS 1% CVSS 7.3
HIGH PATCH This Week

.NET and Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

RCE Net Visual Studio 2022
NVD
EPSS 1% CVSS 6.5
MEDIUM PATCH This Month

.NET and Visual Studio Elevation of Privilege Vulnerability. Rated medium severity (CVSS 6.5).

Information Disclosure Net Visual Studio 2022
NVD
EPSS 2% CVSS 7.8
HIGH PATCH This Week

.NET DLL Hijacking Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity.

RCE Net Visual Studio 2022
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

.NET and Visual Studio Remote Code Execution Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Use After Free RCE Memory Corruption +5
NVD
EPSS 3% CVSS 7.5
HIGH PATCH This Week

.NET Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Deserialization Net +2
NVD
EPSS 1% CVSS 7.8
HIGH PATCH This Week

NuGet Client Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. This Improper Privilege Management vulnerability could allow attackers to escalate privileges to gain unauthorized elevated access.

Privilege Escalation Net Net Core +3
NVD
EPSS 2% CVSS 7.5
HIGH PATCH This Week

.NET Core and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Net Net Core +3
NVD VulDB
EPSS 2% CVSS 5.9
MEDIUM PATCH This Month

.NET Spoofing Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Authentication Bypass Net Net Core +1
NVD
EPSS 5% CVSS 5.5
MEDIUM PATCH This Month

.NET and Visual Studio Information Disclosure Vulnerability. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.

Information Disclosure Visual Studio 2022 Net +4
NVD
EPSS 5% CVSS 7.5
HIGH PATCH This Week

.NET and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Net Net Core +3
NVD VulDB
EPSS 2% CVSS 7.5
HIGH PATCH This Week

.NET and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Net Net Core +3
NVD VulDB
EPSS 5% CVSS 7.5
HIGH PATCH This Week

.NET and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Net Net Core +4
NVD
EPSS 0% CVSS 6.3
MEDIUM PATCH This Month

.NET and Visual Studio Remote Code Execution Vulnerability. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Code Injection vulnerability could allow attackers to inject and execute arbitrary code within the application.

Code Injection RCE Net +5
NVD VulDB
EPSS 1% CVSS 7.5
HIGH PATCH This Week

.NET and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Net Net Core +3
NVD VulDB
EPSS 20% CVSS 5.7
MEDIUM PATCH This Month

.NET Core and Visual Studio Information Disclosure Vulnerability. Rated medium severity (CVSS 5.7), this vulnerability is no authentication required, low attack complexity.

Information Disclosure Net Powershell +1
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

.NET Core and Visual Studio Information Disclosure Vulnerability. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity.

Information Disclosure Net Net Core +3
NVD
EPSS 4% CVSS 7.5
HIGH PATCH This Week

.NET Core and Visual Studio Denial of Service Vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Net Net Core +3
NVD
EPSS 5% CVSS 5.9
MEDIUM PATCH This Month

ASP.NET Core Denial of Service Vulnerability. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Net Net Core +2
NVD
EPSS 1% CVSS 7.3
HIGH PATCH This Week

.NET and Visual Studio Elevation of Privilege Vulnerability. Rated high severity (CVSS 7.3), this vulnerability is low attack complexity.

Information Disclosure Net Net Core +2
NVD
EPSS 30% CVSS 8.1
HIGH PATCH This Week

.NET Core Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Net Net Core +3
NVD
EPSS 3% CVSS 8.1
HIGH PATCH This Week

.NET Core Remote Code Execution Vulnerability. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, no authentication required.

RCE Net Net Core +2
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

.NET Core and Visual Studio Denial of Service Vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Net Net Core +3
NVD
EPSS 3% CVSS 6.5
MEDIUM PATCH This Month

A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-shot" decompression request to a script can trigger a crash, which. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Brotli Debian Linux +8
NVD GitHub
EPSS 12% CVSS 7.5
HIGH PATCH This Week

A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET Framework Denial of Service Vulnerability'. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Net Net Core +5
NVD
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: runtime error" (index out of range) in (*insertionModeStack).pop in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Net Fedora
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading to a "panic: runtime error" (index out of range) in (*nodeStack).pop in. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Buffer Overflow Net Fedora
NVD GitHub
EPSS 3% CVSS 7.5
HIGH PATCH This Week

The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an infinite loop during an html.Parse call because inSelectIM and. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Net Fedora
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a "panic: runtime error" in inBodyIM in parse.go during an html.Parse call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Buffer Overflow Net Fedora
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "panic: runtime error" in parseCurrentToken in parse.go during an html.Parse call. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Net +1
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC PATCH This Week

The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime error" for html.Parse of <template><object>, <template><applet>, or. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Null Pointer Dereference Denial Of Service Apple +2
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy