CVSS: 7.8EPSS: 2%CPEs: 6EXPL: 0CVE-2025-26682 – ASP.NET Core and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2025-26682
08 Apr 2025 — Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. James Newton-King discovered that .NET did not properly limit resource allocation when handling certain HTTP/3 requests. An attacker could possibly use this issue to cause a denial of service. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26682 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-29804 – Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-29804
08 Apr 2025 — Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29804 • CWE-284: Improper Access Control •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2025-25003 – Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-25003
11 Mar 2025 — Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25003 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0CVE-2025-24998 – Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-24998
11 Mar 2025 — Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24998 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-24070 – ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-24070
11 Mar 2025 — Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network. A flaw was found in the SignInManager.RefreshSignInAsync method. This flaw allows an attacker with local access and low privileges to escalate privileges. The issue might lead to unauthorized access or manipulation of authentication sessions. An update for.NET 8.0 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24070 • CWE-269: Improper Privilege Management CWE-1390: Weak Authentication •
CVSS: 10.0EPSS: 9%CPEs: 13EXPL: 0CVE-2024-35272 – SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2024-35272
09 Jul 2024 — SQL Server Native Client OLE DB Provider Remote Code Execution Vulnerability • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-35272 • CWE-122: Heap-based Buffer Overflow •