nuget

842 tracked vulnerabilities.

CVE-2024-29035 MEDIUM
Umbraco CMS 13.0.0-13.1.0 - Server-Side Request Forgery via Webhook Logs
Apr 17, 2024
CVSS 4.1
EPSS 0.00
CVE-2024-27086 LOW
Microsoft.Identity.Client 4.48.0-4.60.0 - Local Denial of Service via Activity Export Misconfiguration
Apr 16, 2024
CVSS 3.9
EPSS 0.00
CVE-2024-32036 MEDIUM
ImageSharp <3.1.4, <2.1.8 - Info Disclosure
Apr 15, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-32035 MEDIUM
ImageSharp < 2.1.8 - Denial of Service via Excessive Memory Usage in Image Decoders
Apr 15, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-32028 MEDIUM
OpenTelemetry dotnet - Info Disclosure
Apr 12, 2024
CVSS 4.1
EPSS 0.00
CVE-2024-29992 MEDIUM
Azure Identity Library for .NET - Info Disclosure
Apr 09, 2024
CVSS 5.5
EPSS 0.01
CVE-2024-21409 HIGH
.NET Framework and .NET 6.0.0-6.0.28 - Remote Code Execution via Use-After-Free
Apr 09, 2024
CVSS 7.3
EPSS 0.58
CVE-2024-29881 MEDIUM
TinyMCE < 6.8.1 and 7.0.0 - Cross-Site Scripting via SVG in Object or Embed Elements
Mar 26, 2024
CVSS 4.3
EPSS 0.05
CVE-2024-29203 MEDIUM
TinyMCE < 6.8.1 - Cross-Site Scripting via Iframe Element Insertion
Mar 26, 2024
CVSS 4.3
EPSS 0.02
CVE-2024-29188 HIGH
WiX toolset < 3.14.1 and < 4.0.5 - Unauthenticated Directory Deletion via RemoveFolderEx Junction Attack
Mar 24, 2024
CVSS 7.9
EPSS 0.00
CVE-2024-29187 HIGH
WiX toolset <4.0.5 - Privilege Escalation
Mar 24, 2024
CVSS 7.3
EPSS 0.00
CVE-2024-28868 LOW
Umbraco CMS 10.0.0-10.8.4 - User Enumeration via Native Login Screen
Mar 20, 2024
CVSS 3.7
EPSS 0.00
CVE-2024-28252 HIGH
CoreWCF 1.4.0-1.4.1 and 1.5.0-1.5.1 - Denial of Service via NetFraming Connection Handling
Mar 15, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-21392 HIGH
.NET 7.0.0-7.0.16 and Visual Studio 2022 17.4-17.4.16 - Denial of Service
Mar 12, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-27929 HIGH
ImageSharp < 2.1.7 and 3.0.0-3.1.3 - Use-After-Free in PngDecoderCore InitializeImage
Mar 05, 2024
CVSS 7.1
EPSS 0.00
CVE-2024-26470 HIGH
FullStackHero .NET 9 Starter Kit 1.0.0-1.0.1 - Password Reset Token Exposure via Host Header Injection
Feb 29, 2024
CVSS 8.1
EPSS 0.00
CVE-2024-26318 MEDIUM
Serenity < 6.8.0 - Cross-Site Scripting via Email Link Return URL
Feb 19, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-21386 HIGH
.NET 6.0.0-6.0.26 - Denial of Service
Feb 13, 2024
CVSS 7.5
EPSS 0.02
CVE-2024-24810 HIGH
WiX toolset <4.0.4 - Privilege Escalation
Feb 07, 2024
CVSS 8.2
EPSS 0.00
CVE-2024-23838 HIGH
TrueLayer.NET < 1.6.0 - Server-Side Request Forgery via HttpClient URL Control
Jan 30, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-21643 HIGH
Microsoft IdentityModel Extensions < 6.34.0 - Remote Code Execution via SignedHttpRequest Protocol
Jan 10, 2024
CVSS 7.1
EPSS 0.01
CVE-2024-21319 MEDIUM
.NET 6.0.0-6.0.25 and IdentityModel 5.0.0-5.6.9 - Denial of Service
Jan 09, 2024
CVSS 6.8
EPSS 0.01
CVE-2024-0057 CRITICAL
PowerShell 7.2-7.2.17 - Security Feature Bypass via Improper Input Validation
Jan 09, 2024
CVSS 9.1
EPSS 0.04
CVE-2024-0056 HIGH
Microsoft.Data.SqlClient 2.1-2.1.7 and System.Data.SqlClient <4.8.6 - Cleartext Transmission of Sensitive Information
Jan 09, 2024
CVSS 8.7
EPSS 0.01
CVE-2024-21911 MEDIUM
TinyMCE < 5.6.0 - Unauthenticated Stored Cross-Site Scripting
Jan 03, 2024
CVSS 6.1
EPSS 0.01
Products
Microsoft.ChakraCore 247 Magick.NET-Q16-AnyCPU 86 Magick.NET-Q16-HDRI-AnyCPU 86 Magick.NET-Q8-AnyCPU 86 Magick.NET-Q16-HDRI-x86 85 Magick.NET-Q16-x86 85 Magick.NET-Q8-x86 84 Magick.NET-Q16-HDRI-OpenMP-arm64 83 Magick.NET-Q16-HDRI-x64 83 Magick.NET-Q16-OpenMP-arm64 83 Magick.NET-Q16-OpenMP-x64 83 Magick.NET-Q16-arm64 83 Magick.NET-Q16-HDRI-arm64 82 Magick.NET-Q8-OpenMP-arm64 82 Magick.NET-Q8-arm64 82 Magick.NET-Q16-x64 79 Magick.NET-Q8-OpenMP-x64 79 Magick.NET-Q8-x64 76 Magick.NET-Q16-HDRI-OpenMP-x64 69 Magick.NET-Q16-OpenMP-x86 57 DotNetNuke.Core 35 Microsoft.AspNetCore.App.Runtime.win-x64 25 Microsoft.AspNetCore.App.Runtime.win-x86 25 Microsoft.AspNetCore.App.Runtime.win-arm 24 Microsoft.AspNetCore.App.Runtime.linux-arm 22 Microsoft.AspNetCore.App.Runtime.linux-arm64 22 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 22 Microsoft.AspNetCore.App.Runtime.linux-x64 22 Microsoft.AspNetCore.App.Runtime.osx-x64 22 Microsoft.AspNetCore.App.Runtime.win-arm64 22
Quick Filters
Critical CVEs With Exploits In CISA KEV