Microsoft ≫ .Net

ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream...

Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally.

Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.

Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.

Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally.

A vulnerability ( CVE-2025-21176 https://www.cve.org/CVERecord ) exists in DiaSymReader.dll due to buffer over-read. Per CWE-126: Buffer Over-read https://cwe.mitre.org/data/definitions/126.html , Buffer Over-read is when a product reads from a bu...

A vulnerability ( CVE-2024-38229 https://www.cve.org/CVERecord ) exists in EOL ASP.NET when closing an HTTP/3 stream while application code is writing to the response body, a race condition may lead to use-after-free, resulting in Remote Code Executi...

Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.

External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.

.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability