CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2025-26646 – .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2025-26646
13 May 2025 — External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network. A flaw was found in .NET and Visual Studio. This vulnerability allows an attacker to use specially crafted input to spoof trusted content or identities, potentially misleading users or systems. This issue requires user interaction and limited privileges but can lead to unauthorized actions or escalation due to incorrect identity or content validati... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26646 • CWE-73: External Control of File Name or Path CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.6EPSS: 0%CPEs: 9EXPL: 0CVE-2025-21172 – .NET and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-21172
14 Jan 2025 — .NET and Visual Studio Remote Code Execution Vulnerability A remote code execution vulnerability was found in .NET. This flaw allows an attacker to load a specially crafted file in .NET. It was discovered that .NET did not properly handle input provided to its Convert.TryToHexString method. An attacker could possibly use this issue to execute arbitrary code. It was discovered that .NET did not properly handle an integer overflow when processing certain specially crafted files. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 7.3EPSS: 2%CPEs: 6EXPL: 0CVE-2025-21173 – .NET Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-21173
14 Jan 2025 — .NET Elevation of Privilege Vulnerability An elevation of privilege vulnerability was found in .NET. This flaw allows an attacker to write a specially crafted file in the security context of the local system. It was discovered that .NET did not properly handle input provided to its Convert.TryToHexString method. An attacker could possibly use this issue to execute arbitrary code. It was discovered that .NET did not properly handle an integer overflow when processing certain specially crafted files. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21173 • CWE-379: Creation of Temporary File in Directory with Insecure Permissions •
CVSS: 10.0EPSS: 0%CPEs: 17EXPL: 0CVE-2025-21176 – .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-21176
14 Jan 2025 — .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability A remote code execution vulnerability was found in .NET. This flaw allows an attacker to load a specially crafted file in .NET. It was discovered that .NET did not properly handle input provided to its Convert.TryToHexString method. An attacker could possibly use this issue to execute arbitrary code. It was discovered that .NET did not properly handle an integer overflow when processing certain specially crafted files. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21176 • CWE-126: Buffer Over-read •
CVSS: 7.6EPSS: 0%CPEs: 6EXPL: 0CVE-2025-21171 – .NET Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-21171
14 Jan 2025 — .NET Remote Code Execution Vulnerability A remote code execution vulnerability was found in .NET. This flaw allows an attacker to load a specially crafted file into a vulnerable application. It was discovered that .NET did not properly handle input provided to its Convert.TryToHexString method. An attacker could possibly use this issue to execute arbitrary code. It was discovered that .NET did not properly handle an integer overflow when processing certain specially crafted files. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21171 • CWE-122: Heap-based Buffer Overflow •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-43498 – .NET and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43498
12 Nov 2024 — .NET and Visual Studio Remote Code Execution Vulnerability A type confusion vulnerability was found in .NET 9.0 Core in .NET that leads to AV in the .NET Core NrbfDecoder component. An update for firefox is now available for Red Hat Enterprise Linux 9. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43498 • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-43499 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-43499
12 Nov 2024 — .NET and Visual Studio Denial of Service Vulnerability A vulnerability was found in .NET. Specifically .NET 9.0 Core - DoS - (unbounded work factor) in NrbfDecoder component An update for firefox is now available for Red Hat Enterprise Linux 9. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43499 • CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) CWE-606: Unchecked Input for Loop Condition •