CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2025-25003 – Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-25003
11 Mar 2025 — Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25003 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0CVE-2025-24998 – Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-24998
11 Mar 2025 — Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24998 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2025-21206 – Visual Studio Installer Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-21206
11 Feb 2025 — Visual Studio Installer Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21206 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.6EPSS: 0%CPEs: 9EXPL: 0CVE-2025-21172 – .NET and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-21172
14 Jan 2025 — .NET and Visual Studio Remote Code Execution Vulnerability A remote code execution vulnerability was found in .NET. This flaw allows an attacker to load a specially crafted file in .NET. It was discovered that .NET did not properly handle input provided to its Convert.TryToHexString method. An attacker could possibly use this issue to execute arbitrary code. It was discovered that .NET did not properly handle an integer overflow when processing certain specially crafted files. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21172 • CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 10.0EPSS: 0%CPEs: 7EXPL: 0CVE-2025-21178 – Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-21178
14 Jan 2025 — Visual Studio Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21178 • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 0%CPEs: 17EXPL: 0CVE-2025-21176 – .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-21176
14 Jan 2025 — .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability A remote code execution vulnerability was found in .NET. This flaw allows an attacker to load a specially crafted file in .NET. It was discovered that .NET did not properly handle input provided to its Convert.TryToHexString method. An attacker could possibly use this issue to execute arbitrary code. It was discovered that .NET did not properly handle an integer overflow when processing certain specially crafted files. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21176 • CWE-126: Buffer Over-read •
CVSS: 10.0EPSS: 0%CPEs: 6EXPL: 0CVE-2024-43498 – .NET and Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-43498
12 Nov 2024 — .NET and Visual Studio Remote Code Execution Vulnerability A type confusion vulnerability was found in .NET 9.0 Core in .NET that leads to AV in the .NET Core NrbfDecoder component. An update for firefox is now available for Red Hat Enterprise Linux 9. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43498 • CWE-704: Incorrect Type Conversion or Cast CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.8EPSS: 0%CPEs: 4EXPL: 0CVE-2024-49044 – Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2024-49044
12 Nov 2024 — Visual Studio Elevation of Privilege Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-49044 • CWE-284: Improper Access Control •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2024-43499 – .NET and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-43499
12 Nov 2024 — .NET and Visual Studio Denial of Service Vulnerability A vulnerability was found in .NET. Specifically .NET 9.0 Core - DoS - (unbounded work factor) in NrbfDecoder component An update for firefox is now available for Red Hat Enterprise Linux 9. Issues addressed include cross site scripting, denial of service, spoofing, and use-after-free vulnerabilities. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43499 • CWE-409: Improper Handling of Highly Compressed Data (Data Amplification) CWE-606: Unchecked Input for Loop Condition •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2024-43603 – Visual Studio Collector Service Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2024-43603
08 Oct 2024 — Visual Studio Collector Service Denial of Service Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-43603 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •