nuget

901 tracked vulnerabilities.

CVE-2024-55471 MEDIUM
Oqtane.Framework - Insecure Direct Object Reference in UserController via ID Parameter
Dec 20, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-55470 HIGH
Oqtane Framework 6.0.0 - Authentication Bypass via EntityID Parameter Spoofing
Dec 20, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-55186 MEDIUM
Oqtane.Framework 6.0.0 - Authenticated Insecure Direct Object Reference via Notification ID Manipulation
Dec 20, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-11862 MEDIUM
Dvls XTS.NET <2024.11.19 - Info Disclosure
Nov 27, 2024
EPSS 0.00
CVE-2024-48510 CRITICAL
Mihula Prodotnetzip < 1.19.0 - Path Traversal
Nov 13, 2024
CVSS 9.8
EPSS 0.02
CVE-2024-43499 HIGH
.NET and Visual Studio - Denial of Service via Highly Compressed Data
Nov 12, 2024
CVSS 7.5
EPSS 0.03
CVE-2024-43498 CRITICAL
.NET and Visual Studio - Remote Code Execution via Type Confusion
Nov 12, 2024
CVSS 9.8
EPSS 0.04
CVE-2024-51987 MEDIUM
Duende.AccessTokenManagement.OpenIdConnect - Info Disclosure
Nov 08, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-51501 CRITICAL
Refit < 7.2.22 - CRLF Injection via HTTP Header Manipulation
Nov 04, 2024
EPSS 0.01
CVE-2024-10761 MEDIUM
Umbraco CMS <= 10.7.7/12.3.6/13.5.2/14.3.1/15.1.1 - Cross-Site Scripting via Dashboard Preview Frame Culture Parameter
Nov 04, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-43383 HIGH
Apache Lucene.Net.Replicator 4.8.0-beta00005-4.8.0-beta00016 - Remote Code Execution via JSON Deserialization
Oct 31, 2024
CVSS 8.0
EPSS 0.01
CVE-2024-50353 MEDIUM
ICG.AspNetCore.Utilities.CloudStorage < 8.0.0 - Improper Access Control in SAS Uri Duration Handling
Oct 30, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-49755 LOW
Duende IdentityServer - Info Disclosure
Oct 28, 2024
CVSS 3.1
EPSS 0.00
CVE-2024-49771 MEDIUM
MPXJ 8.3.5-13.5.0 - Path Traversal
Oct 28, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-45526 MEDIUM
OPC Foundation UA-.NETStandard <1.5.374.78 - DoS
Oct 22, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-48929 MEDIUM
Umbraco <13.5.2-10.8.7 - Info Disclosure
Oct 22, 2024
CVSS 4.2
EPSS 0.00
CVE-2024-48927 MEDIUM
Umbraco CMS 8.0-8.18.14, 10.0.0-10.8.6, 13.0-13.5.1 - Remote Code Execution via SVG Preview
Oct 22, 2024
CVSS 4.6
EPSS 0.00
CVE-2024-48926 MEDIUM
Umbraco CMS 8.0-8.18.14, 10.0-10.8.6, 13.0.0-13.5.1 - Insufficient Session Expiration
Oct 22, 2024
CVSS 4.2
EPSS 0.00
CVE-2024-48925 NONE
Umbraco CMS 14.0.0-14.2.9 - Improper Access Control in Webhook API
Oct 22, 2024
EPSS 0.00
CVE-2024-47819 MEDIUM
Umbraco CMS 14.0.0-14.3.0 - Cross-Site Scripting in Dictionary Section
Oct 22, 2024
CVSS 4.2
EPSS 0.00
CVE-2024-48924 HIGH
MessagePack < 2.5.187 and 2.6.95-alpha-3.0.214-rc.1 - Denial of Service via Hash Collision
Oct 17, 2024
EPSS 0.00
CVE-2024-43485 HIGH
.NET 6.0.0-6.0.34 and Visual Studio 2022 17.6.0-17.6.19 - Denial of Service
Oct 08, 2024
CVSS 7.5
EPSS 0.03
CVE-2024-43484 HIGH
.NET Framework - Denial of Service via Inefficient Algorithmic Complexity
Oct 08, 2024
CVSS 7.5
EPSS 0.03
CVE-2024-43483 HIGH
.NET Framework - Denial of Service via Inefficient Algorithmic Complexity
Oct 08, 2024
CVSS 7.5
EPSS 0.03
CVE-2024-38229 HIGH
Microsoft .NET and Visual Studio - Use-After-Free Remote Code Execution
Oct 08, 2024
CVSS 8.1
EPSS 0.02