CVSS: 9.0EPSS: 0%CPEs: 6EXPL: 0CVE-2025-26646 – .NET, Visual Studio, and Build Tools for Visual Studio Spoofing Vulnerability
https://notcve.org/view.php?id=CVE-2025-26646
13 May 2025 — External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network. A flaw was found in .NET and Visual Studio. This vulnerability allows an attacker to use specially crafted input to spoof trusted content or identities, potentially misleading users or systems. This issue requires user interaction and limited privileges but can lead to unauthorized actions or escalation due to incorrect identity or content validati... • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26646 • CWE-73: External Control of File Name or Path CWE-290: Authentication Bypass by Spoofing •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2025-32702 – Visual Studio Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-32702
13 May 2025 — Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32702 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2025-32703 – Visual Studio Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-32703
13 May 2025 — Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-32703 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-1220: Insufficient Granularity of Access Control •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2025-29803 – Visual Studio Tools for Applications and SQL Server Management Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-29803
12 Apr 2025 — Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29803 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 11%CPEs: 6EXPL: 0CVE-2025-26682 – ASP.NET Core and Visual Studio Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2025-26682
08 Apr 2025 — Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. James Newton-King discovered that .NET did not properly limit resource allocation when handling certain HTTP/3 requests. An attacker could possibly use this issue to cause a denial of service. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-26682 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.3EPSS: 0%CPEs: 4EXPL: 0CVE-2025-29804 – Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-29804
08 Apr 2025 — Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29804 • CWE-284: Improper Access Control •
CVSS: 7.3EPSS: 0%CPEs: 3EXPL: 0CVE-2025-29802 – Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-29802
08 Apr 2025 — Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-29802 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2025-25003 – Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-25003
11 Mar 2025 — Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-25003 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.3EPSS: 0%CPEs: 6EXPL: 0CVE-2025-24998 – Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-24998
11 Mar 2025 — Uncontrolled search path element in Visual Studio allows an authorized attacker to elevate privileges locally. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24998 • CWE-427: Uncontrolled Search Path Element •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2025-24070 – ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability
https://notcve.org/view.php?id=CVE-2025-24070
11 Mar 2025 — Weak authentication in ASP.NET Core & Visual Studio allows an unauthorized attacker to elevate privileges over a network. A flaw was found in the SignInManager.RefreshSignInAsync method. This flaw allows an attacker with local access and low privileges to escalate privileges. The issue might lead to unauthorized access or manipulation of authentication sessions. An update for.NET 8.0 is now available for Red Hat Enterprise Linux 9.4 Extended Update Support. • https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24070 • CWE-269: Improper Privilege Management CWE-1390: Weak Authentication •