threat
engine
.sh
Back
·
··:··
Home
/
Product
/
microsoft .net
Product
microsoft .net
103 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-42899
>= 8.0.0 and < 8.0.27
Loop with unreachable exit condition ('infinite loop') in ASP.NET Core allows an unauthorized attacker to deny service over a netw
7.5
HIGH
CVE-2026-42258
< 0.4.24
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0
9.8
CRITICAL
CVE-2026-42257
< 0.4.24
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0
9.8
CRITICAL
CVE-2026-42256
>= 0.4.0 and < 0.4.24
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. From versions 0.4.0 to before 0.4.24, 0
6.5
MEDIUM
CVE-2026-42246
< 0.3.10
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.3.10, 0.4.24, 0.5.1
7.4
HIGH
CVE-2026-42245
< 0.4.24
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.4.24, 0.5.14, and 0
7.5
HIGH
CVE-2025-15638
< 0.14
Net::Dropbear versions before 0.14 for Perl contains a vulnerable version of libtomcrypt. Net::Dropbear versions before 0.14 incl
10.0
CRITICAL
CVE-2026-33116
>= 10.0.0 and < 10.0.6
Loop with unreachable exit condition ('infinite loop') in .NET, .NET Framework, Visual Studio allows an unauthorized attacker to d
7.5
HIGH
CVE-2026-32203
>= 10.0.0 and < 10.0.6
Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.
7.5
HIGH
CVE-2026-32178
>= 10.0.0 and < 10.0.6
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
7.5
HIGH
CVE-2026-26171
>= 10.0.0 and < 10.0.6
Uncontrolled resource consumption in .NET allows an unauthorized attacker to deny service over a network.
7.5
HIGH
CVE-2026-40199
< 0.23
Net::CIDR::Lite versions before 0.23 for Perl mishandles IPv4 mapped IPv6 addresses, which may allow IP ACL bypass. _pack_ipv6()
6.5
MEDIUM
CVE-2026-40198
< 0.23
Net::CIDR::Lite versions before 0.23 for Perl does not validate IPv6 group count, which may allow IP ACL bypass. _pack_ipv6() doe
7.5
HIGH
CVE-2026-25667
>= 8.0.0 and < 8.0.22
ASP.NET Core Kestrel in Microsoft .NET 8.0 before 8.0.22 and .NET 9.0 before 9.0.11 allows a remote attacker to cause excessive CP
7.5
HIGH
CVE-2026-26131
>= 10.0.0 and < 10.0.4
Incorrect default permissions in .NET allows an authorized attacker to elevate privileges locally.
7.8
HIGH
CVE-2026-26127
>= 10.0.0 and < 10.0.4
Out-of-bounds read in .NET allows an unauthorized attacker to deny service over a network.
7.5
HIGH
CVE-2024-57854
<= 0.009002
Net::NSCA::Client versions through 0.009002 for Perl uses a poor random number generator. Version v0.003 switched to use Data::Ra
9.1
CRITICAL
CVE-2021-4456
< 0.24
Net::CIDR versions before 0.24 for Perl mishandle leading zeros in IP CIDR addresses, which may have unspecified impact. The func
6.5
MEDIUM
CVE-2026-21218
>= 8.0.0 and < 8.0.24
Improper handling of missing special element in .NET allows an unauthorized attacker to perform spoofing over a network.
7.5
HIGH
CVE-2025-55248
>= 8.0.0 and < 8.0.21
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a
4.8
MEDIUM
CVE-2025-55247
>= 8.0.0 and < 8.0.21
Improper link resolution before file access ('link following') in .NET allows an authorized attacker to elevate privileges locally
7.3
HIGH
CVE-2025-30399
>= 9.0.0 and < 9.0.6
Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
7.5
HIGH
CVE-2025-26646
>= 9.0.0 and < 9.0.5
External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to p
8.0
HIGH
CVE-2025-43857
< 0.2.5
Net::IMAP implements Internet Message Access Protocol (IMAP) client functionality in Ruby. Prior to versions 0.5.7, 0.4.20, 0.3.9,
6.5
MEDIUM
CVE-2025-21176
all versions
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
8.8
HIGH
CVE-2025-21173
all versions
.NET Elevation of Privilege Vulnerability
7.3
HIGH
CVE-2025-21172
all versions
.NET and Visual Studio Remote Code Execution Vulnerability
7.5
HIGH
CVE-2025-21171
all versions
.NET Remote Code Execution Vulnerability
7.5
HIGH
CVE-2024-43499
all versions
.NET and Visual Studio Denial of Service Vulnerability
7.5
HIGH
CVE-2024-43498
all versions
.NET and Visual Studio Remote Code Execution Vulnerability
9.8
CRITICAL
CVE-2024-43485
>= 6.0.0 and < 6.0.35
.NET and Visual Studio Denial of Service Vulnerability
7.5
HIGH
CVE-2024-43484
>= 6.0.0 and < 6.0.35
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
7.5
HIGH
CVE-2024-43483
>= 6.0.0 and < 6.0.35
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
7.5
HIGH
CVE-2024-38229
>= 8.0.0 and < 8.0.10
.NET and Visual Studio Remote Code Execution Vulnerability
8.1
HIGH
CVE-2024-38168
>= 8.0.0 and < 8.0.8
.NET and Visual Studio Denial of Service Vulnerability
7.5
HIGH
CVE-2024-38167
>= 8.0.0 and < 8.0.8
.NET and Visual Studio Information Disclosure Vulnerability
6.5
MEDIUM
CVE-2024-38095
>= 8.0.0 and < 8.0.7
.NET and Visual Studio Denial of Service Vulnerability
7.5
HIGH
CVE-2024-38081
>= 6.0.0 and < 6.0.32
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
7.3
HIGH
CVE-2024-35264
>= 8.0.0 and < 8.0.7
.NET and Visual Studio Remote Code Execution Vulnerability
8.1
HIGH
CVE-2024-30105
>= 8.0.0 and <= 8.0.7
.NET and Visual Studio Denial of Service Vulnerability
7.5
HIGH
CVE-2024-30046
>= 7.0.0 and < 7.0.19
Visual Studio Denial of Service Vulnerability
5.9
MEDIUM
CVE-2024-30045
>= 7.0.0 and < 7.0.19
.NET and Visual Studio Remote Code Execution Vulnerability
6.3
MEDIUM
CVE-2024-21409
>= 6.0.0 and < 6.0.29
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
7.3
HIGH
CVE-2024-26190
>= 7.0.0 and < 7.0.17
Microsoft QUIC Denial of Service Vulnerability
7.5
HIGH
CVE-2024-21392
>= 7.0.0 and < 7.0.17
.NET and Visual Studio Denial of Service Vulnerability
7.5
HIGH
CVE-2024-21319
>= 6.0.0 and < 6.0.26
Microsoft Identity Denial of service vulnerability
6.8
MEDIUM
CVE-2024-20672
>= 6.0.0 and < 6.0.26
.NET Denial of Service Vulnerability
7.5
HIGH
CVE-2024-0057
>= 6.0.0 and < 6.0.26
NET, .NET Framework, and Visual Studio Security Feature Bypass Vulnerability
9.1
CRITICAL
CVE-2024-0056
>= 6.0.0 and < 6.0.26
Microsoft.Data.SqlClient and System.Data.SqlClient SQL Data Provider Security Feature Bypass Vulnerability
8.7
HIGH
CVE-2023-36558
>= 6.0.0 and < 6.0.25
ASP.NET Core Security Feature Bypass Vulnerability
6.2
MEDIUM
CVE-2023-36049
>= 6.0.0 and < 6.0.25
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
7.6
HIGH
CVE-2023-38171
>= 7.0.0 and < 7.0.12
Microsoft QUIC Denial of Service Vulnerability
7.5
HIGH
CVE-2023-36435
>= 7.0.0 and <= 7.0.12
Microsoft QUIC Denial of Service Vulnerability
7.5
HIGH
CVE-2023-44487
>= 6.0.0 and < 6.0.23
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams q
7.5
HIGH
CVE-2023-36799
all versions
.NET Core and Visual Studio Denial of Service Vulnerability
6.5
MEDIUM
CVE-2023-36796
all versions
Visual Studio Remote Code Execution Vulnerability
7.8
HIGH
CVE-2023-36794
all versions
Visual Studio Remote Code Execution Vulnerability
7.8
HIGH
CVE-2023-36793
all versions
Visual Studio Remote Code Execution Vulnerability
7.8
HIGH
CVE-2023-36792
all versions
Visual Studio Remote Code Execution Vulnerability
7.8
HIGH
CVE-2023-38180
>= 6.0.0 and < 6.0.21
.NET and Visual Studio Denial of Service Vulnerability
7.5
HIGH
CVE-2023-35391
>= 6.0.0 and < 6.0.21
ASP.NET Core SignalR and Visual Studio Information Disclosure Vulnerability
6.2
MEDIUM
CVE-2023-38178
all versions
.NET Core and Visual Studio Denial of Service Vulnerability
7.5
HIGH
CVE-2023-35390
>= 6.0.0 and < 6.0.21
.NET and Visual Studio Remote Code Execution Vulnerability
7.8
HIGH
CVE-2023-33170
>= 6.0.0 and < 6.0.20
ASP.NET and Visual Studio Security Feature Bypass Vulnerability
8.1
HIGH
CVE-2023-33127
>= 6.0.0 and < 6.0.20
.NET and Visual Studio Elevation of Privilege Vulnerability
8.1
HIGH
CVE-2023-29331
all versions
.NET, .NET Framework, and Visual Studio Denial of Service Vulnerability
7.5
HIGH
CVE-2023-24936
all versions
.NET, .NET Framework, and Visual Studio Elevation of Privilege Vulnerability
7.5
HIGH
CVE-2023-24897
all versions
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
7.8
HIGH
CVE-2023-24895
all versions
.NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability
7.8
HIGH
CVE-2023-33135
>= 6.0.0 and < 6.0.18
.NET and Visual Studio Elevation of Privilege Vulnerability
7.3
HIGH
CVE-2023-33128
>= 6.0.0 and < 6.0.18
.NET and Visual Studio Remote Code Execution Vulnerability
7.3
HIGH
CVE-2023-33126
>= 6.0.0 and < 6.0.18
.NET and Visual Studio Remote Code Execution Vulnerability
7.3
HIGH
CVE-2023-32032
>= 7.0.0 and < 7.0.7
.NET and Visual Studio Elevation of Privilege Vulnerability
6.5
MEDIUM
CVE-2023-28260
>= 6.0.0 and < 6.0.16
.NET DLL Hijacking Remote Code Execution Vulnerability
7.8
HIGH
CVE-2023-21808
all versions
.NET and Visual Studio Remote Code Execution Vulnerability
7.8
HIGH
CVE-2023-21538
all versions
.NET Denial of Service Vulnerability
7.5
HIGH
CVE-2022-41032
all versions
NuGet Client Elevation of Privilege Vulnerability
7.8
HIGH
CVE-2022-38013
all versions
.NET Core and Visual Studio Denial of Service Vulnerability
7.5
HIGH
CVE-2022-34716
>= 6.0.0 and < 6.0.8
.NET Spoofing Vulnerability
5.9
MEDIUM
CVE-2022-30184
all versions
.NET and Visual Studio Information Disclosure Vulnerability
5.5
MEDIUM
CVE-2022-29145
all versions
.NET and Visual Studio Denial of Service Vulnerability
7.5
HIGH
CVE-2022-29117
all versions
.NET and Visual Studio Denial of Service Vulnerability
7.5
HIGH
CVE-2022-23267
all versions
.NET and Visual Studio Denial of Service Vulnerability
7.5
HIGH
CVE-2022-24512
all versions
.NET and Visual Studio Remote Code Execution Vulnerability
6.3
MEDIUM
CVE-2022-24464
>= 5.0 and <= 5.0.14
.NET and Visual Studio Denial of Service Vulnerability
7.5
HIGH
CVE-2022-21986
>= 5.0 and < 5.0.14
.NET Denial of Service Vulnerability
7.5
HIGH
CVE-2021-41355
all versions
.NET Core and Visual Studio Information Disclosure Vulnerability
5.7
MEDIUM
CVE-2021-34485
>= 5.0 and <= 5.0.8
.NET Core and Visual Studio Information Disclosure Vulnerability
5.0
MEDIUM
CVE-2021-26423
>= 5.0 and <= 5.0.8
.NET Core and Visual Studio Denial of Service Vulnerability
7.5
HIGH
CVE-2021-31957
>= 5.0 and <= 5.0.6
ASP.NET Core Denial of Service Vulnerability
5.9
MEDIUM
CVE-2021-31204
>= 5.0 and <= 5.0.5
.NET and Visual Studio Elevation of Privilege Vulnerability
7.3
HIGH
CVE-2021-26701
>= 5.0 and < 5.0.4
.NET Core Remote Code Execution Vulnerability
8.1
HIGH
CVE-2021-24112
>= 5.0 and <= 5.0.2
.NET Core Remote Code Execution Vulnerability
8.1
HIGH
CVE-2021-1721
>= 5.0 and <= 5.0.2
.NET Core and Visual Studio Denial of Service Vulnerability
6.5
MEDIUM
CVE-2020-8927
>= 5.0 and <= 5.0.14
A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a "one-sh
5.3
MEDIUM
CVE-2020-1108
all versions
A denial of service vulnerability exists when .NET Core or .NET Framework improperly handles web requests, aka '.NET Core & .NET F
7.5
HIGH
CVE-2018-17848
<= 2018-09-25
The html package (aka x/net/html) through 2018-09-25 in Go mishandles <math><template><mn><b></template>, leading to a "panic: run
7.5
HIGH
CVE-2018-17847
<= 2018-09-25
The html package (aka x/net/html) through 2018-09-25 in Go mishandles <svg><template><desc><t><svg></template>, leading to a "pani
7.5
HIGH
CVE-2018-17846
<= 2018-09-25
The html package (aka x/net/html) through 2018-09-25 in Go mishandles <table><math><select><mi><select></table>, leading to an inf
7.5
HIGH
CVE-2018-17143
<= 2018-09-17
The html package (aka x/net/html) through 2018-09-17 in Go mishandles <template><tBody><isindex/action=0>, leading to a "panic: ru
7.5
HIGH
CVE-2018-17142
<= 2018-09-17
The html package (aka x/net/html) through 2018-09-17 in Go mishandles <math><template><mo><template>, leading to a "panic: runtime
7.5
HIGH
CVE-2018-17075
<= 2018-07-12
The html package (aka x/net/html) before 2018-07-13 in Go mishandles "in frameset" insertion mode, leading to a "panic: runtime er
7.5
HIGH
CVE-2007-3409
< 0.60
Net::DNS before 0.60, a Perl module, allows remote attackers to cause a denial of service (stack consumption) via a malformed comp
7.5
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin