Filtered by vendor Microsoft
Subscriptions
Filtered by product .net
Subscriptions
Total
110 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-42899 | 3 Apple, Linux, Microsoft | 4 Macos, Linux Kernel, .net and 1 more | 2026-05-13 | 7.5 High |
| Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-35433 | 1 Microsoft | 1 .net | 2026-05-13 | 7.3 High |
| Improper input validation in .NET allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2026-32177 | 1 Microsoft | 6 .net, .net Framework, Visual Studio 2017 and 3 more | 2026-05-13 | 7.3 High |
| Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. | ||||
| CVE-2026-32175 | 1 Microsoft | 6 .net, Microsoft Visual Studio 2022, Visual Studio 2017 and 3 more | 2026-05-13 | 4.3 Medium |
| A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories. To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system. The security update fixes the vulnerability by ensuring .NET Core properly handles files. | ||||
| CVE-2023-44487 | 33 Akka, Amazon, Apache and 30 more | 378 Http Server, Opensearch Data Prepper, Apisix and 375 more | 2026-05-12 | 7.5 High |
| The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | ||||
| CVE-2026-32226 | 1 Microsoft | 8 .net, .net Framework, Windows 10 1607 and 5 more | 2026-05-11 | 5.9 Medium |
| Concurrent execution using shared resource with improper synchronization ('race condition') in .NET Framework allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-23666 | 1 Microsoft | 15 .net, .net Framework, Windows 10 1607 and 12 more | 2026-05-07 | 7.5 High |
| Improper input validation in .NET Framework allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-26171 | 3 Apple, Linux, Microsoft | 5 Macos, Linux Kernel, .net and 2 more | 2026-05-07 | 7.5 High |
| Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-32178 | 3 Apple, Linux, Microsoft | 5 Macos, Linux Kernel, .net and 2 more | 2026-05-07 | 7.5 High |
| Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2026-33116 | 3 Apple, Linux, Microsoft | 18 Macos, Linux Kernel, .net and 15 more | 2026-05-06 | 7.5 High |
| Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-32203 | 3 Apple, Linux, Microsoft | 7 Macos, Linux Kernel, .net and 4 more | 2026-05-06 | 7.5 High |
| Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-25667 | 1 Microsoft | 2 .net, Aspnetcore | 2026-05-01 | 7.5 High |
| ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream processing. | ||||
| CVE-2026-21218 | 3 Apple, Linux, Microsoft | 4 Macos, Linux Kernel, .net and 1 more | 2026-04-15 | 7.5 High |
| Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network. | ||||
| CVE-2025-36854 | 1 Microsoft | 1 .net | 2026-04-15 | 8.1 High |
| A vulnerability ( CVE-2024-38229 https://www.cve.org/CVERecord ) exists in EOL ASP.NET when closing an HTTP/3 stream while application code is writing to the response body, a race condition may lead to use-after-free, resulting in Remote Code Execution. Per CWE-416: Use After Free https://cwe.mitre.org/data/definitions/416.html , Use After Free is when a product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer. This issue affects EOL ASP.NET 6.0.0 <= 6.0.36 as represented in this CVE, as well as 8.0.0 <= 8.0.8, 9.0.0-preview.1.24081.5 <= 9.0.0.RC.1 as represented in CVE-2024-38229 https://www.cve.org/CVERecord . Additionally, if you've deployed self-contained applications https://docs.microsoft.com/dotnet/core/deploying/#self-contained-deployments-scd targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed. NOTE: This CVE only represents End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry. | ||||
| CVE-2025-36855 | 1 Microsoft | 1 .net | 2026-04-15 | 8.8 High |
| A vulnerability ( CVE-2025-21176 https://www.cve.org/CVERecord ) exists in DiaSymReader.dll due to buffer over-read. Per CWE-126: Buffer Over-read https://cwe.mitre.org/data/definitions/126.html , Buffer Over-read is when a product reads from a buffer using buffer access mechanisms such as indexes or pointers that reference memory locations after the targeted buffer. This issue affects EOL ASP.NET 6.0.0 <= 6.0.36 as represented in this CVE, as well as 8.0.0 <= 8.0.11 & <= 9.0.0 as represented in CVE-2025-21176. Additionally, if you've deployed self-contained applications https://docs.microsoft.com/dotnet/core/deploying/#self-contained-deployments-scd targeting any of the impacted versions, these applications are also vulnerable and must be recompiled and redeployed. NOTE: This CVE affects only End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry. | ||||
| CVE-2025-36853 | 1 Microsoft | 1 .net | 2026-04-15 | 7.5 High |
| A vulnerability (CVE-2025-21172) exists in msdia140.dll due to integer overflow and heap-based overflow. Per CWE-122: Heap-based Buffer Overflow, a heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). Per CWE-190: Integer Overflow or Wraparound, is when a product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number. NOTE: This CVE affects only End Of Life (EOL) software components. The vendor, Microsoft, has indicated there will be no future updates nor support provided upon inquiry. | ||||
| CVE-2026-26127 | 4 Apple, Linux, Microsoft and 1 more | 8 Macos, Linux Kernel, .net and 5 more | 2026-04-14 | 7.5 High |
| Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network. | ||||
| CVE-2026-26131 | 2 Linux, Microsoft | 2 Linux Kernel, .net | 2026-04-14 | 7.8 High |
| Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally. | ||||
| CVE-2025-21171 | 4 Apple, Linux, Microsoft and 1 more | 7 Macos, Linux Kernel, .net and 4 more | 2026-02-26 | 7.5 High |
| .NET Remote Code Execution Vulnerability | ||||
| CVE-2025-21176 | 4 Apple, Linux, Microsoft and 1 more | 25 Macos, Linux Kernel, .net and 22 more | 2026-02-26 | 8.8 High |
| .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability | ||||