Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-43865 |
|
Unsafe Deserialization in csharp (CVE-2026-43865)
vulnerability in csharp (CVE-2026-43865). Successful exploitation can lead to full system takeover.
|
| CVE-2026-42527 |
|
Unsafe Deserialization in csharp (CVE-2026-42527)
vulnerability in csharp (CVE-2026-42527). Successful exploitation can lead to full system takeover.
|
| CVE-2026-47896 |
|
Path Traversal in csharp (CVE-2026-47896)
path traversal in csharp (CVE-2026-47896). Confidential information can be exposed externally.
|
| CVE-2026-47897 |
|
Path Traversal in csharp (CVE-2026-47897)
path traversal in csharp (CVE-2026-47897). Data can be tampered with by attackers.
|
| CVE-2026-47898 |
|
XXE (XML External Entity) in csharp (CVE-2026-47898)
vulnerability in csharp (CVE-2026-47898). Successful exploitation can lead to full system takeover.
|
| CVE-2026-56341 |
|
Vulnerability in csharp (CVE-2026-56341)
vulnerability in csharp (CVE-2026-56341). Confidential information can be exposed externally.
|
| CVE-2026-45490 |
|
Improper authorization in .NET allows an authorized attacker to elevate privileges locally.
Improper authorization in .NET allows an authorized attacker to elevate privileges locally.
|
| CVE-2026-45591 |
|
Vulnerability in Microsoft.AspNetCore.App.Runtime.linux-x64 (CVE-2026-45591)
vulnerability in Microsoft.AspNetCore.App.Runtime.linux-x64 (CVE-2026-45591). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.0.9` or later.
|
| CVE-2026-45491 |
|
Vulnerability in Microsoft.NETCore.App.Runtime.linux-x64 (CVE-2026-45491)
vulnerability in Microsoft.NETCore.App.Runtime.linux-x64 (CVE-2026-45491). Data can be tampered with by attackers. Exploitable via ``TarFile.ExtractToDirectory``. Mitigation: upgrade to `10.0.9` or later.
|
| CVE-2026-46319 |
|
Vulnerability in csharp (CVE-2026-46319)
vulnerability in csharp (CVE-2026-46319). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2500 |
|
Path Traversal in csharp (CVE-2026-2500)
path traversal in csharp (CVE-2026-2500). Confidential information can be exposed externally. Exploitable via ``filename``.
|
| CVE-2026-47696 |
|
Vulnerability in WWBN/AVideo (CVE-2026-47696)
vulnerability in WWBN/AVideo (CVE-2026-47696). Risk of unauthorized operations or information disclosure. Exploitable via ``amount``.
|
| CVE-2026-9618 |
|
Cross-Site Request Forgery (CSRF) in csharp (CVE-2026-9618)
vulnerability in csharp (CVE-2026-9618). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-42899 |
|
Vulnerability in dotnet (CVE-2026-42899)
vulnerability in dotnet (CVE-2026-42899). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.0.27, 9.0.16, 10.0.8` or later.
|
| CVE-2026-35433 |
|
Vulnerability in Microsoft.WindowsDesktop.App.Runtime.win-arm64 (CVE-2026-35433)
vulnerability in Microsoft.WindowsDesktop.App.Runtime.win-arm64 (CVE-2026-35433). Confidential information can be exposed externally. Mitigation: upgrade to `10.0.8` or later.
|
| CVE-2026-32175 |
|
Vulnerability in Microsoft.NetCore.App.Runtime.win-arm (CVE-2026-32175)
vulnerability in Microsoft.NetCore.App.Runtime.win-arm (CVE-2026-32175). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.0.8` or later.
|
| CVE-2026-32177 |
|
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
|
| CVE-2026-43421 |
|
Vulnerability in csharp (CVE-2026-43421)
vulnerability in csharp (CVE-2026-43421). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32178 |
|
Vulnerability in dotnet (CVE-2026-32178)
vulnerability in dotnet (CVE-2026-32178). Confidential information can be exposed externally. Mitigation: upgrade to `8.0.26, 9.0.15, 10.0.6` or later.
|
| CVE-2026-26171 |
|
Vulnerability in dotnet (CVE-2026-26171)
vulnerability in dotnet (CVE-2026-26171). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.0.26, 9.0.15, 10.0.6` or later.
|
| CVE-2026-34084 |
|
Unsafe Deserialization in phpoffice/phpspreadsheet (CVE-2026-34084)
vulnerability in phpoffice/phpspreadsheet (CVE-2026-34084). Successful exploitation can lead to full system takeover. Exploitable via ``is_file``. Mitigation: upgrade to `1.30.3` or later.
|
| CVE-2026-40372 |
|
Vulnerability in csharp (CVE-2026-40372)
vulnerability in csharp (CVE-2026-40372). Confidential information can be exposed externally.
|
| CVE-2026-23666 |
|
Vulnerability in csharp (CVE-2026-23666)
vulnerability in csharp (CVE-2026-23666). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33116 |
|
Vulnerability in csharp (CVE-2026-33116)
vulnerability in csharp (CVE-2026-33116). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32203 |
|
Vulnerability in csharp (CVE-2026-32203)
vulnerability in csharp (CVE-2026-32203). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-26130 |
|
Vulnerability in csharp (CVE-2026-26130)
vulnerability in csharp (CVE-2026-26130). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-22977 |
|
Vulnerability in c (CVE-2026-22977)
vulnerability in c (CVE-2026-22977). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-26895 |
|
Use-After-Free in csharp (CVE-2024-26895)
vulnerability in csharp (CVE-2024-26895). Successful exploitation can lead to full system takeover.
|
| CVE-2022-38013 |
|
Vulnerability in Microsoft.AspNetCore.App.Runtime.linux-arm (CVE-2022-38013)
vulnerability in Microsoft.AspNetCore.App.Runtime.linux-arm (CVE-2022-38013). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.0.9` or later.
|
| CVE-2022-29145 |
|
Vulnerability in Microsoft.AspNetCore.App.Runtime.win-x64 (CVE-2022-29145)
vulnerability in Microsoft.AspNetCore.App.Runtime.win-x64 (CVE-2022-29145). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.0.5` or later.
|
| CVE-2022-29117 |
|
.NET and Visual Studio Denial of Service Vulnerability
.NET and Visual Studio Denial of Service Vulnerability
|
| CVE-2022-24512 |
|
Code Injection in Microsoft.NETCore.App.Runtime.linux-arm (CVE-2022-24512)
code injection in Microsoft.NETCore.App.Runtime.linux-arm (CVE-2022-24512). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.0.3` or later.
|
| CVE-2022-24464 |
|
Vulnerability in Microsoft.AspNetCore.App.Runtime.linux-arm (CVE-2022-24464)
vulnerability in Microsoft.AspNetCore.App.Runtime.linux-arm (CVE-2022-24464). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.0.3` or later.
|
| CVE-2019-19634 |
|
Unrestricted File Upload in csharp (CVE-2019-19634)
vulnerability in csharp (CVE-2019-19634). Successful exploitation can lead to full system takeover.
|
| CVE-2019-19576 |
|
Unrestricted File Upload in csharp (CVE-2019-19576)
vulnerability in csharp (CVE-2019-19576). Successful exploitation can lead to full system takeover.
|
| CVE-2017-8700 |
|
Vulnerability in csharp (CVE-2017-8700)
vulnerability in csharp (CVE-2017-8700). Confidential information can be exposed externally.
|
| CVE-2017-11883 |
|
Vulnerability in csharp (CVE-2017-11883)
vulnerability in csharp (CVE-2017-11883). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-11879 |
|
Open Redirect in csharp (CVE-2017-11879)
vulnerability in csharp (CVE-2017-11879). Successful exploitation can lead to full system takeover.
|
| CVE-2017-11770 |
|
Vulnerability in csharp (CVE-2017-11770)
vulnerability in csharp (CVE-2017-11770). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-15810 |
|
Cross-Site Scripting (XSS) in csharp (CVE-2017-15810)
cross-site scripting in csharp (CVE-2017-15810). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-14063 |
|
Vulnerability in csharp (CVE-2017-14063)
vulnerability in csharp (CVE-2017-14063). Data can be tampered with by attackers.
|
| CVE-2017-12069 |
|
XXE (XML External Entity) in csharp (CVE-2017-12069)
vulnerability in csharp (CVE-2017-12069). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-8585 |
|
Vulnerability in csharp (CVE-2017-8585)
vulnerability in csharp (CVE-2017-8585). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-10670 |
|
XXE (XML External Entity) in csharp (CVE-2017-10670)
vulnerability in csharp (CVE-2017-10670). Successful exploitation can lead to full system takeover.
|
| CVE-2017-10668 |
|
Vulnerability in csharp (CVE-2017-10668)
vulnerability in csharp (CVE-2017-10668). Confidential information can be exposed externally.
|
| CVE-2017-10669 |
|
Vulnerability in csharp (CVE-2017-10669)
vulnerability in csharp (CVE-2017-10669). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-9356 |
|
Cross-Site Scripting (XSS) in csharp (CVE-2017-9356)
cross-site scripting in csharp (CVE-2017-9356). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-9140 |
|
Cross-Site Scripting (XSS) in csharp (CVE-2017-9140)
cross-site scripting in csharp (CVE-2017-9140). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-0249 |
|
Vulnerability in csharp (CVE-2017-0249)
vulnerability in csharp (CVE-2017-0249). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-0256 |
|
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
A spoofing vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
|