nuget

901 tracked vulnerabilities.

CVE-2024-34071 MEDIUM
Umbraco CMS 8.18.5-8.18.14 - Authenticated Open Redirect
May 21, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-30054 MEDIUM
Microsoft Power BI Client JavaScript SDK - Info Disclosure
May 14, 2024
CVSS 6.5
EPSS 0.02
CVE-2024-30046 MEDIUM
.NET 7.0.0-7.0.18 and Visual Studio 2022 17.4.0-17.4.18 - Denial of Service
May 14, 2024
CVSS 5.9
EPSS 0.02
CVE-2024-30045 MEDIUM
Microsoft .NET and Visual Studio - Buffer Overflow Remote Code Execution
May 14, 2024
CVSS 6.3
EPSS 0.01
CVE-2024-32655 HIGH
Npgsql SQL Injection via Integer Overflow in WriteBind
May 14, 2024
CVSS 8.1
EPSS 0.02
CVE-2024-30172 HIGH
Bouncy Castle <1.78 - Info Disclosure
May 14, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-30171 MEDIUM
Bouncy Castle Java TLS API & JSSE Provider <1.78 - Info Disclosure
May 14, 2024
CVSS 5.9
EPSS 0.01
CVE-2024-29857 HIGH
Bouncy Castle Java <1.78 - DoS
May 14, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-32872 MEDIUM
Umbraco.Workflow < 10.3.9, < 12.2.6, < 13.0.6 - Authenticated SQL Injection via API Endpoint
Apr 24, 2024
CVSS 5.5
EPSS 0.00
CVE-2024-29035 MEDIUM
Umbraco CMS 13.0.0-13.1.0 - Server-Side Request Forgery via Webhook Logs
Apr 17, 2024
CVSS 4.1
EPSS 0.00
CVE-2024-27086 LOW
Microsoft.Identity.Client 4.48.0-4.60.0 - Local Denial of Service via Activity Export Misconfiguration
Apr 16, 2024
CVSS 3.9
EPSS 0.00
CVE-2024-32036 MEDIUM
ImageSharp <3.1.4, <2.1.8 - Info Disclosure
Apr 15, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-32035 MEDIUM
ImageSharp < 2.1.8 - Denial of Service via Excessive Memory Usage in Image Decoders
Apr 15, 2024
CVSS 5.3
EPSS 0.01
CVE-2024-32028 MEDIUM
OpenTelemetry dotnet - Info Disclosure
Apr 12, 2024
CVSS 4.1
EPSS 0.00
CVE-2024-29992 MEDIUM
Azure Identity Library for .NET - Info Disclosure
Apr 09, 2024
CVSS 5.5
EPSS 0.01
CVE-2024-21409 HIGH
.NET Framework and .NET 6.0.0-6.0.28 - Remote Code Execution via Use-After-Free
Apr 09, 2024
CVSS 7.3
EPSS 0.03
CVE-2024-29881 MEDIUM
TinyMCE < 6.8.1 and 7.0.0 - Cross-Site Scripting via SVG in Object or Embed Elements
Mar 26, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-29203 MEDIUM
TinyMCE < 6.8.1 - Cross-Site Scripting via Iframe Element Insertion
Mar 26, 2024
CVSS 4.3
EPSS 0.01
CVE-2024-29188 HIGH
WiX toolset < 3.14.1 and < 4.0.5 - Unauthenticated Directory Deletion via RemoveFolderEx Junction Attack
Mar 24, 2024
CVSS 7.9
EPSS 0.00
CVE-2024-29187 HIGH
WiX toolset <4.0.5 - Privilege Escalation
Mar 24, 2024
CVSS 7.3
EPSS 0.00
CVE-2024-28868 LOW
Umbraco CMS 10.0.0-10.8.4 - User Enumeration via Native Login Screen
Mar 20, 2024
CVSS 3.7
EPSS 0.00
CVE-2024-28252 HIGH
CoreWCF 1.4.0-1.4.1 and 1.5.0-1.5.1 - Denial of Service via NetFraming Connection Handling
Mar 15, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-21392 HIGH
.NET 7.0.0-7.0.16 and Visual Studio 2022 17.4-17.4.16 - Denial of Service
Mar 12, 2024
CVSS 7.5
EPSS 0.03
CVE-2024-27929 HIGH
ImageSharp < 2.1.7 and 3.0.0-3.1.3 - Use-After-Free in PngDecoderCore InitializeImage
Mar 05, 2024
CVSS 7.1
EPSS 0.00
CVE-2024-26470 HIGH
FullStackHero .NET 9 Starter Kit 1.0.0-1.0.1 - Password Reset Token Exposure via Host Header Injection
Feb 29, 2024
CVSS 8.1
EPSS 0.01