CVSS: 8.8EPSS: %CPEs: 7EXPL: 0CVE-2025-49739 – Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-49739
08 Jul 2025 — Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49739 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.6EPSS: 0%CPEs: 8EXPL: 0CVE-2025-30399 – .NET and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-30399
11 Jun 2025 — Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network. A remote code execution vulnerability in .NET 8.0 and 9.0. An attacker who can place malicious files in specific locations may trigger unintended code execution when the .NET runtime loads these files. It was discovered that .NET did not properly validate search path in Microsoft.NETCore.App.Runtime. An attacker could possibly use this issue to execute arbitrary code. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-30399 • CWE-426: Untrusted Search Path CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0CVE-2025-47959 – Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-47959
10 Jun 2025 — Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Microsoft Visual Studio. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of the devcontainer.json file. When opening an pr... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-47959 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2025-26646 – .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2025-26646
13 May 2025 — External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network. A flaw was found in .NET and Visual Studio. This vulnerability allows an attacker to use specially crafted input to spoof trusted content or identities, potentially misleading users or systems. This issue requires user interaction and limited privileges but can lead to unauthorized actions or escalation due to incorrect identity or content validati... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26646 • CWE-73: External Control of File Name or Path CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-32702 – Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-32702
13 May 2025 — Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32702 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0CVE-2025-21264 – Visual Studio Code Security Feature Bypass Vulnerability
https://notcve.org/view.php?id=CVE-2025-21264
13 May 2025 — Files or directories accessible to external parties in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21264 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-32703 – Visual Studio Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-32703
13 May 2025 — Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32703 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-1220: Insufficient Granularity of Access Control •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32726 – Visual Studio Code Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-32726
12 Apr 2025 — Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32726 • CWE-284: Improper Access Control •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2025-29803 – Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-29803
12 Apr 2025 — Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29803 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 11%CPEs: 6EXPL: 0CVE-2025-26682 – ASP.NET Core and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2025-26682
08 Apr 2025 — Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. James Newton-King discovered that .NET did not properly limit resource allocation when handling certain HTTP/3 requests. An attacker could possibly use this issue to cause a denial of service. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26682 • CWE-770: Allocation of Resources Without Limits or Throttling •