nuget

901 tracked vulnerabilities.

CVE-2025-32017 HIGH
Umbraco CMS 14.0.0-14.3.3 - Authenticated Path Traversal via Management API
Apr 08, 2025
CVSS 8.8
EPSS 0.01
CVE-2025-24070 HIGH
ASP.NET Core & Visual Studio - Privilege Escalation
Mar 11, 2025
CVSS 7.0
EPSS 0.01
CVE-2025-24043 HIGH
Windbg < 1.2502.25002.0 - Remote Code Execution via Cryptographic Signature Verification Bypass
Mar 11, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-27602 MEDIUM
Umbraco CMS < 10.8.9 - Authenticated Improper Authorization via Backoffice API URL Manipulation
Mar 11, 2025
CVSS 4.9
EPSS 0.00
CVE-2025-27601 MEDIUM
Umbraco CMS <14.3.3 & Umbraco.Cms.Api.Management 15.0.0-rc1-15.2.3 - Authenticated Improper Authorization
Mar 11, 2025
CVSS 4.3
EPSS 0.00
CVE-2025-27598 HIGH
ImageSharp < 2.1.10 and 3.0.0-3.1.6 - Out-of-bounds Write in GIF Decoder
Mar 06, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-27513 HIGH
OpenTelemetry.Api 1.10.0-1.11.1 - Denial of Service via Tracestate Header Processing
Mar 05, 2025
CVSS 7.5
EPSS 0.00
CVE-2025-24895 CRITICAL
CIE.AspNetCore.Authentication - Auth Bypass
Feb 18, 2025
CVSS 9.1
EPSS 0.01
CVE-2025-24894 CRITICAL
SPID.AspNetCore.Authentication - Auth Bypass
Feb 18, 2025
CVSS 9.1
EPSS 0.01
CVE-2025-26620 MEDIUM
Duende.AccessTokenManagement < 3.2.0 - Race Condition in Client Credentials Token Request
Feb 18, 2025
EPSS 0.00
CVE-2025-24788 MEDIUM
Snowflake Connector for .NET 2.0.12-4.2.0 - Unauthorized Local File Access via World-Readable Temporary Directory
Jan 29, 2025
CVSS 5.0
EPSS 0.00
CVE-2025-24012 MEDIUM
Umbraco CMS 14.0.0-14.3.1 - Authenticated Cross-Site Scripting in Localized Backoffice Components
Jan 21, 2025
CVSS 4.6
EPSS 0.00
CVE-2025-24011 MEDIUM
Umbraco CMS 14.0.0-14.3.1 - Unauthenticated User Enumeration via Management API Response Analysis
Jan 21, 2025
CVSS 5.3
EPSS 0.01
CVE-2025-23041 MEDIUM
Umbraco.Forms < 8.13.16, < 10.5.7 - Improper Input Validation in Character Limit Enforcement
Jan 14, 2025
CVSS 5.8
EPSS 0.00
CVE-2025-21176 HIGH
.NET and .NET Framework - Remote Code Execution
Jan 14, 2025
CVSS 8.8
EPSS 0.02
CVE-2025-21172 HIGH
.NET and Visual Studio - Remote Code Execution via Integer Overflow
Jan 14, 2025
CVSS 7.5
EPSS 0.02
CVE-2025-21171 HIGH
.NET - Remote Code Execution via Heap-based Buffer Overflow
Jan 14, 2025
CVSS 7.5
EPSS 0.02
CVE-2024-57716 HIGH
AutoQueryable 1.7.0 - Exposure of Sensitive Information via Unselectable Function
Feb 20, 2025
CVSS 7.5
EPSS 0.00
CVE-2024-42513 MEDIUM
OPC UA .NET Standard Stack <1.5.374.158 - Auth Bypass
Feb 10, 2025
CVSS 5.3
EPSS 0.01
CVE-2024-42512 HIGH
OPC UA .NET Standard Stack <1.5.374.158 - Auth Bypass
Feb 10, 2025
CVSS 8.6
EPSS 0.01
CVE-2024-55488 MEDIUM
Umbraco CMS 14.3.1 - Authenticated Stored Cross-Site Scripting in Rich Text Display
Jan 22, 2025
CVSS 6.5
EPSS 0.00
CVE-2024-51417 MEDIUM
System.Linq.Dynamic.Core < 1.6.0 - Unauthenticated Remote Property Access via Reflection
Jan 21, 2025
CVSS 6.4
EPSS 0.00
CVE-2024-50338 HIGH
Git Credential Manager < 2.6.1 - Credential Leak via CR Line Ending Mismatch
Jan 14, 2025
CVSS 7.4
EPSS 0.03
CVE-2024-55341 MEDIUM
Piranha CMS 11.1 - Stored Cross-Site Scripting via Markdown Content
Dec 20, 2024
CVSS 4.7
EPSS 0.00
CVE-2024-55342 MEDIUM
Piranha CMS 11.1 - Authenticated Stored Cross-Site Scripting via PDF File Upload
Dec 20, 2024
CVSS 4.7
EPSS 0.00