CVE-2026-25667
- EPSS 3%
- Veröffentlicht 19.03.2026 00:00:00
- Zuletzt bearbeitet 22.04.2026 17:16:34
ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CPU consumption by sending a crafted QUIC packet, because of an incorrect exit condition for HTTP/3 Encoder/Decoder stream...
CVE-2026-26127
- EPSS 2.05%
- Veröffentlicht 10.03.2026 17:05:10
- Zuletzt bearbeitet 01.04.2026 20:22:46
Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.
CVE-2026-26131
- EPSS 0.36%
- Veröffentlicht 10.03.2026 17:05:09
- Zuletzt bearbeitet 01.04.2026 20:23:21
Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally.
CVE-2026-21218
- EPSS 1.02%
- Veröffentlicht 10.02.2026 18:16:22
- Zuletzt bearbeitet 12.02.2026 17:35:25
Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.
CVE-2025-55248
- EPSS 0.68%
- Veröffentlicht 14.10.2025 17:00:59
- Zuletzt bearbeitet 23.10.2025 15:01:44
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
CVE-2025-55247
- EPSS 0.56%
- Veröffentlicht 14.10.2025 17:00:09
- Zuletzt bearbeitet 23.10.2025 15:08:42
Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally.
CVE-2025-36855
- EPSS 0.72%
- Veröffentlicht 08.09.2025 13:57:28
- Zuletzt bearbeitet 15.04.2026 00:35:42
A vulnerability ( CVE-2025-21176 https://www.cve.org/CVERecord ) exists in DiaSymReader.dll due to buffer over-read. Per CWE-126: Buffer Over-read https://cwe.mitre.org/data/definitions/126.html , Buffer Over-read is when a product reads from a bu...
CVE-2025-36854
- EPSS 0.56%
- Veröffentlicht 08.09.2025 13:53:08
- Zuletzt bearbeitet 15.04.2026 00:35:42
A vulnerability ( CVE-2024-38229 https://www.cve.org/CVERecord ) exists in EOL ASP.NET when closing an HTTP/3 stream while application code is writing to the response body, a race condition may lead to use-after-free, resulting in Remote Code Executi...
CVE-2025-30399
- EPSS 0.89%
- Veröffentlicht 13.06.2025 01:08:00
- Zuletzt bearbeitet 10.07.2025 14:25:37
Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
- EPSS 1.1%
- Veröffentlicht 13.05.2025 21:39:52
- Zuletzt bearbeitet 10.07.2025 14:54:17
External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.