Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-42348 |
|
Vulnerability in OpenTelemetry.OpAmp.Client (CVE-2026-42348)
vulnerability in OpenTelemetry.OpAmp.Client (CVE-2026-42348). Risk of unauthorized operations or information disclosure. Exploitable via ``ReadAsByteArrayAsync``. Mitigation: upgrade to `0.2.0-alpha.1` or later.
|
| CVE-2026-35433 |
|
Vulnerability in Microsoft.WindowsDesktop.App.Runtime.win-arm64 (CVE-2026-35433)
vulnerability in Microsoft.WindowsDesktop.App.Runtime.win-arm64 (CVE-2026-35433). Confidential information can be exposed externally. Mitigation: upgrade to `10.0.8` or later.
|
| CVE-2026-32175 |
|
Vulnerability in Microsoft.NetCore.App.Runtime.win-arm (CVE-2026-32175)
vulnerability in Microsoft.NetCore.App.Runtime.win-arm (CVE-2026-32175). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `10.0.8` or later.
|
| CVE-2026-32177 |
|
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
|
| CVE-2026-43937 |
|
Vulnerability in YAFNET.Core (CVE-2026-43937)
vulnerability in YAFNET.Core (CVE-2026-43937). Successful exploitation can lead to full system takeover. Exploitable via ``PageSecurityCheckAttribute``. Mitigation: upgrade to `4.0.5` or later.
|
| CVE-2026-43938 |
|
Vulnerability in YAFNET.Core (CVE-2026-43938)
vulnerability in YAFNET.Core (CVE-2026-43938). Confidential information can be exposed externally. Exploitable via `GET /api/Attachments/GetAttachment`. Mitigation: upgrade to `3.2.12` or later.
|
| CVE-2026-43939 |
|
Vulnerability in YAFNET.Core (CVE-2026-43939)
vulnerability in YAFNET.Core (CVE-2026-43939). Confidential information can be exposed externally. Exploitable via ``onerror``. Mitigation: upgrade to `3.2.12` or later.
|
| CVE-2026-44788 |
|
Path Traversal in SharpCompress (CVE-2026-44788)
path traversal in SharpCompress (CVE-2026-44788). Data can be tampered with by attackers. Exploitable via ``WriteToDirectoryInternal``.
|
| CVE-2026-42212 |
|
Vulnerability in csharp (CVE-2026-42212)
vulnerability in csharp (CVE-2026-42212). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-41511 |
|
Vulnerability in OpenMcdf (CVE-2026-41511)
vulnerability in OpenMcdf (CVE-2026-41511). Risk of unauthorized operations or information disclosure. Exploitable via ``LeftSiblingID``. Mitigation: upgrade to `3.1.3` or later.
|
| CVE-2026-43421 |
|
Vulnerability in csharp (CVE-2026-43421)
vulnerability in csharp (CVE-2026-43421). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32178 |
|
Vulnerability in dotnet (CVE-2026-32178)
vulnerability in dotnet (CVE-2026-32178). Confidential information can be exposed externally. Mitigation: upgrade to `8.0.26, 9.0.15, 10.0.6` or later.
|
| CVE-2026-26171 |
|
Vulnerability in dotnet (CVE-2026-26171)
vulnerability in dotnet (CVE-2026-26171). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `8.0.26, 9.0.15, 10.0.6` or later.
|
| CVE-2026-34084 |
|
Unsafe Deserialization in phpoffice/phpspreadsheet (CVE-2026-34084)
vulnerability in phpoffice/phpspreadsheet (CVE-2026-34084). Successful exploitation can lead to full system takeover. Exploitable via ``is_file``. Mitigation: upgrade to `1.30.3` or later.
|
| CVE-2026-41484 |
|
Vulnerability in OpenTelemetry.Exporter.OneCollector (CVE-2026-41484)
vulnerability in OpenTelemetry.Exporter.OneCollector (CVE-2026-41484). Risk of unauthorized operations or information disclosure. Exploitable via ``HttpJsonPostTransport``. Mitigation: upgrade to `1.15.1` or later.
|
| CVE-2026-41483 |
|
Vulnerability in OpenTelemetry.Resources.Azure (CVE-2026-41483)
vulnerability in OpenTelemetry.Resources.Azure (CVE-2026-41483). Risk of unauthorized operations or information disclosure. Exploitable via ``OpenTelemetry.Resources.Azure``. Mitigation: upgrade to `1.15.1-beta.1` or later.
|
| CVE-2026-41310 |
|
Vulnerability in OpenTelemetry.Exporter.Zipkin (CVE-2026-41310)
vulnerability in OpenTelemetry.Exporter.Zipkin (CVE-2026-41310). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `1.15.3` or later.
|
| CVE-2026-40372 |
|
Vulnerability in csharp (CVE-2026-40372)
vulnerability in csharp (CVE-2026-40372). Confidential information can be exposed externally.
|
| CVE-2026-5963 |
|
SQL Injection in csharp (CVE-2026-5963)
SQL injection in csharp (CVE-2026-5963). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5964 |
|
SQL Injection in csharp (CVE-2026-5964)
SQL injection in csharp (CVE-2026-5964). Successful exploitation can lead to full system takeover.
|
| CVE-2026-5426 |
|
Vulnerability in csharp (CVE-2026-5426)
vulnerability in csharp (CVE-2026-5426). Confidential information can be exposed externally.
|
| CVE-2026-23666 |
|
Vulnerability in csharp (CVE-2026-23666)
vulnerability in csharp (CVE-2026-23666). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-33116 |
|
Vulnerability in csharp (CVE-2026-33116)
vulnerability in csharp (CVE-2026-33116). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-32203 |
|
Vulnerability in csharp (CVE-2026-32203)
vulnerability in csharp (CVE-2026-32203). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-30707 |
|
Vulnerability in csharp (CVE-2026-30707)
vulnerability in csharp (CVE-2026-30707). Confidential information can be exposed externally.
|
| CVE-2016-20024 |
|
Vulnerability in csharp (CVE-2016-20024)
vulnerability in csharp (CVE-2016-20024). Successful exploitation can lead to full system takeover.
|
| CVE-2026-26130 |
|
Vulnerability in csharp (CVE-2026-26130)
vulnerability in csharp (CVE-2026-26130). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-2752 |
|
Vulnerability in csharp (CVE-2026-2752)
vulnerability in csharp (CVE-2026-2752). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-22977 |
|
Vulnerability in c (CVE-2026-22977)
vulnerability in c (CVE-2026-22977). Risk of unauthorized operations or information disclosure.
|
| CVE-2025-9846 |
|
Unrestricted File Upload in csharp (CVE-2025-9846)
vulnerability in csharp (CVE-2025-9846). Successful exploitation can lead to full system takeover.
|
| CVE-2025-50864 |
|
Vulnerability in csharp (CVE-2025-50864)
vulnerability in csharp (CVE-2025-50864). Data can be tampered with by attackers.
|
| CVE-2024-26895 |
|
Use-After-Free in csharp (CVE-2024-26895)
vulnerability in csharp (CVE-2024-26895). Successful exploitation can lead to full system takeover.
|
| CVE-2023-42399 |
|
Cross-Site Scripting (XSS) in csharp (CVE-2023-42399)
cross-site scripting in csharp (CVE-2023-42399). Risk of unauthorized operations or information disclosure.
|
| CVE-2022-38013 |
|
Vulnerability in Microsoft.AspNetCore.App.Runtime.linux-arm (CVE-2022-38013)
vulnerability in Microsoft.AspNetCore.App.Runtime.linux-arm (CVE-2022-38013). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.0.9` or later.
|
| CVE-2021-34110 |
|
Vulnerability in csharp (CVE-2021-34110)
vulnerability in csharp (CVE-2021-34110). Successful exploitation can lead to full system takeover.
|
| CVE-2022-29145 |
|
Vulnerability in Microsoft.AspNetCore.App.Runtime.win-x64 (CVE-2022-29145)
vulnerability in Microsoft.AspNetCore.App.Runtime.win-x64 (CVE-2022-29145). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.0.5` or later.
|
| CVE-2022-29117 |
|
.NET and Visual Studio Denial of Service Vulnerability
.NET and Visual Studio Denial of Service Vulnerability
|
| CVE-2022-24512 |
|
Code Injection in Microsoft.NETCore.App.Runtime.linux-arm (CVE-2022-24512)
code injection in Microsoft.NETCore.App.Runtime.linux-arm (CVE-2022-24512). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.0.3` or later.
|
| CVE-2022-24464 |
|
Vulnerability in Microsoft.AspNetCore.App.Runtime.linux-arm (CVE-2022-24464)
vulnerability in Microsoft.AspNetCore.App.Runtime.linux-arm (CVE-2022-24464). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `6.0.3` or later.
|
| CVE-2019-19634 |
|
Unrestricted File Upload in csharp (CVE-2019-19634)
vulnerability in csharp (CVE-2019-19634). Successful exploitation can lead to full system takeover.
|
| CVE-2019-19576 |
|
Unrestricted File Upload in csharp (CVE-2019-19576)
vulnerability in csharp (CVE-2019-19576). Successful exploitation can lead to full system takeover.
|
| CVE-2017-17721 |
|
SQL Injection in csharp (CVE-2017-17721)
SQL injection in csharp (CVE-2017-17721). Successful exploitation can lead to full system takeover.
|
| CVE-2017-10894 |
|
Vulnerability in csharp (CVE-2017-10894)
vulnerability in csharp (CVE-2017-10894). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-8700 |
|
Vulnerability in csharp (CVE-2017-8700)
vulnerability in csharp (CVE-2017-8700). Confidential information can be exposed externally.
|
| CVE-2017-11879 |
|
Open Redirect in csharp (CVE-2017-11879)
vulnerability in csharp (CVE-2017-11879). Successful exploitation can lead to full system takeover.
|
| CVE-2017-11883 |
|
Vulnerability in csharp (CVE-2017-11883)
vulnerability in csharp (CVE-2017-11883). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-11770 |
|
Vulnerability in csharp (CVE-2017-11770)
vulnerability in csharp (CVE-2017-11770). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-0907 |
|
SSRF (Server-Side Request Forgery) in csharp (CVE-2017-0907)
SSRF in csharp (CVE-2017-0907). Successful exploitation can lead to full system takeover.
|
| CVE-2017-15810 |
|
Cross-Site Scripting (XSS) in csharp (CVE-2017-15810)
cross-site scripting in csharp (CVE-2017-15810). Risk of unauthorized operations or information disclosure.
|
| CVE-2017-14063 |
|
Vulnerability in csharp (CVE-2017-14063)
vulnerability in csharp (CVE-2017-14063). Data can be tampered with by attackers.
|