nuget

901 tracked vulnerabilities.

CVE-2024-45302 MEDIUM
RestSharp 107.0.0-111.2.0 - CRLF Injection via AddHeader and AddDefaultHeader Methods
Aug 29, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-44930 MEDIUM
serilog-enrichers-clientinfo < 2.1.0 - Client IP Spoofing via X-Forwarded-For or Client-Ip Headers
Aug 29, 2024
CVSS 6.5
EPSS 0.00
CVE-2024-43377 MEDIUM
Umbraco CMS 14.0.0-14.1.1 - Authenticated Improper Access Control
Aug 20, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-43376 MEDIUM
Umbraco CMS 14.0.0-14.1.1 - Sensitive Information Exposure via Management API Error Messages
Aug 20, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-38168 HIGH
.NET 8.0.0-8.0.7 and Visual Studio 2022 17.6.0-17.6.17 - Denial of Service
Aug 13, 2024
CVSS 7.5
EPSS 0.03
CVE-2024-38167 MEDIUM
.NET 8.0.0-8.0.7 and Visual Studio 2022 17.6.0-17.6.17 - Cleartext Transmission of Sensitive Information
Aug 13, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-39694 MEDIUM
Duende IdentityServer 6.0.0-6.0.4, 6.1.0-6.1.7, 6.2.0-6.2.4, 6.3.0-6.3.9, 7.0.0-7.0.5 Open Redirect
Jul 31, 2024
CVSS 4.7
EPSS 0.01
CVE-2024-41799 HIGH
tgstation-server 4.0.0-6.7.9 - Path Traversal and Remote Code Execution via .dme File Path Manipulation
Jul 29, 2024
CVSS 8.4
EPSS 0.01
CVE-2024-28698 CRITICAL
CSLA .NET < 5.5.4 - Remote Code Execution via MobileFormatter Path Traversal
Jul 22, 2024
CVSS 9.8
EPSS 0.01
CVE-2024-41132 MEDIUM
ImageSharp < 2.1.9 - Denial of Service via Gif Decoder
Jul 22, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-41131 HIGH
ImageSharp 2.1.0-2.1.8 - Out-of-bounds Write in GIF Decoder
Jul 22, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-40636 MEDIUM
Steeltoe.Discovery.Eureka < 3.2.8 - Sensitive Information Exposure in Log Files via Eureka Server Service URLs
Jul 17, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-38095 HIGH
.NET 8.0.0-8.0.6 - Denial of Service
Jul 09, 2024
CVSS 7.5
EPSS 0.03
CVE-2024-38081 HIGH
Microsoft .NET and .NET Framework - Elevation of Privilege
Jul 09, 2024
CVSS 7.3
EPSS 0.01
CVE-2024-35264 HIGH
.NET 8.0.0-8.0.6 - Remote Code Execution via Use-After-Free
Jul 09, 2024
CVSS 8.1
EPSS 0.03
CVE-2024-30105 HIGH
.NET 8.0.0-8.0.6 and Visual Studio 2022 17.4.0-17.4.20 - Denial of Service
Jul 09, 2024
CVSS 7.5
EPSS 0.03
CVE-2024-39677 MEDIUM
NHibernate < 5.4.9 - SQL Injection via ILiteralType.ObjectToSQLString
Jul 08, 2024
CVSS 5.9
EPSS 0.01
CVE-2024-33862 HIGH
OPCFoundation.NetStandard.Opc.Ua.Core < 1.5.374.54 - Denial of Service via Excessive Message Buffer Allocation
Jul 05, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-38357 MEDIUM
TinyMCE <7.2.0, <6.8.4, <5.11.0 - XSS
Jun 19, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-38356 MEDIUM
TinyMCE <7.2.0, <6.8.4, <5.11.0 - XSS
Jun 19, 2024
CVSS 6.1
EPSS 0.01
CVE-2024-35255 MEDIUM
Microsoft Authentication Library and Azure Identity SDK - Elevation of Privilege via Race Condition
Jun 11, 2024
CVSS 5.5
EPSS 0.01
CVE-2024-35252 HIGH
Azure Storage Data Movement Library < 2.0.5 - Denial of Service
Jun 11, 2024
CVSS 7.5
EPSS 0.02
CVE-2024-35240 MEDIUM
Umbraco.Commerce 12.0.0-12.1.3 and < 10.0.5 - Stored Cross-Site Scripting in Print Functionality
May 28, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-35239 LOW
Umbraco Forms <8.13.13, 13.0.0-13.0.1 - Authenticated Stored Cross-Site Scripting in Forms Components
May 28, 2024
CVSS 2.7
EPSS 0.00
CVE-2024-35218 MEDIUM
Umbraco CMS 8.0.0-8.18.13 - Stored Cross-Site Scripting
May 21, 2024
CVSS 4.2
EPSS 0.00