nuget

842 tracked vulnerabilities.

CVE-2021-23758 HIGH
ajaxpro.2 < 21.10.30.1 and AjaxNetProfessional < 21.11.29.1 - Remote Code Execution via Untrusted Data Deserialization
Dec 03, 2021
CVSS 8.1
EPSS 0.88
CVE-2021-44150 HIGH
tusdotnet < 2.5.0 - Inadequate Encryption Strength via SHA-1
Nov 22, 2021
CVSS 7.5
EPSS 0.00
CVE-2021-25976 HIGH
PiranhaCMS 4.0.0-alpha1-9.2.0 - Cross-Site Request Forgery
Nov 16, 2021
CVSS 8.1
EPSS 0.00
CVE-2021-42279 MEDIUM
Microsoft ChakraCore - Out-of-bounds Write in Scripting Engine
Nov 10, 2021
CVSS 4.2
EPSS 0.03
CVE-2021-43569 CRITICAL
Stark Bank .NET ECDSA <1.3.1 - Code Injection
Nov 09, 2021
CVSS 9.8
EPSS 0.00
CVE-2021-41238 HIGH
Hangfire 1.7.25 - Missing Authorization in Dashboard UI
Nov 02, 2021
CVSS 8.6
EPSS 0.00
CVE-2021-41184 MEDIUM
jQuery UI < 1.13.0 - Cross-Site Scripting via Position Utility 'of' Option
Oct 26, 2021
CVSS 6.5
EPSS 0.31
CVE-2021-41183 MEDIUM
jQuery UI < 1.13.0 - Cross-Site Scripting via Datepicker Widget *Text Options
Oct 26, 2021
CVSS 6.5
EPSS 0.03
CVE-2021-41182 MEDIUM
jQuery UI < 1.13.0 - Cross-Site Scripting via Datepicker altField Option
Oct 26, 2021
CVSS 6.5
EPSS 0.28
CVE-2021-25977 MEDIUM
Piranha CMS 7.0.0-9.1.1 - Stored Cross-Site Scripting via Page Title
Oct 25, 2021
CVSS 5.4
EPSS 0.00
CVE-2021-41355 MEDIUM
.NET Core and Visual Studio - Information Disclosure
Oct 13, 2021
CVSS 5.7
EPSS 0.04
CVE-2021-31819 CRITICAL
Halibut < 4.4.7 - Remote Code Execution via Deserialization
Sep 22, 2021
CVSS 9.8
EPSS 0.02
CVE-2021-39208 MEDIUM
SharpCompress < 0.29.0 - Path Traversal via Destination Directory Slash Omission
Sep 16, 2021
CVSS 4.3
EPSS 0.00
CVE-2021-23440 HIGH
set-value < 2.0.1 and 3.0.0-4.0.1 - Type Confusion via Array Path Parameter
Sep 12, 2021
CVSS 7.3
EPSS 0.00
CVE-2021-23428 HIGH
elFinder.NetCore - Path Traversal via Path.Combine
Sep 01, 2021
CVSS 8.6
EPSS 0.01
CVE-2021-23427 HIGH
elFinder.NetCore - Path Traversal and Arbitrary File Write via ExtractAsync Function
Sep 01, 2021
CVSS 8.6
EPSS 0.01
CVE-2021-34532 MEDIUM
ASP.NET Core 2.1-2.1.1 and Visual Studio 2019 < 16.10 - Information Disclosure
Aug 12, 2021
CVSS 5.5
EPSS 0.00
CVE-2021-34485 MEDIUM
.NET 5.0 < 5.0.8 and .NET Core 2.1 < 2.1.28 - Information Disclosure
Aug 12, 2021
CVSS 5.0
EPSS 0.01
CVE-2021-26423 HIGH
.NET 5.0 < 5.0.8 and .NET Core 2.1 < 2.1.28 - Denial of Service
Aug 12, 2021
CVSS 7.5
EPSS 0.03
CVE-2021-23415 HIGH
elFinder.AspNet < 1.1.1 - Path Traversal via Unsanitized File Name
Jul 28, 2021
CVSS 7.5
EPSS 0.00
CVE-2021-23407 HIGH
elFinder.Net.Core < 1.2.4 - Path Traversal via Unsanitized File Name
Jul 14, 2021
CVSS 7.5
EPSS 0.01
CVE-2021-27293 HIGH
RestSharp < 106.11.8-alpha.0.13 - DoS
Jul 12, 2021
CVSS 7.5
EPSS 0.00
CVE-2021-31957 MEDIUM
.NET 5.0 < 5.0.6 and .NET Core 3.1 < 3.1.15 - Denial of Service
Jun 08, 2021
CVSS 5.9
EPSS 0.09
CVE-2021-20331 MEDIUM
MongoDB C# Driver - Info Disclosure
May 13, 2021
CVSS 4.2
EPSS 0.00
CVE-2021-29508 CRITICAL
asynkron Wire - Deserialization of Untrusted Data via Surrogate Type Handling
May 11, 2021
CVSS 9.1
EPSS 0.00
Products
Microsoft.ChakraCore 247 Magick.NET-Q16-AnyCPU 86 Magick.NET-Q16-HDRI-AnyCPU 86 Magick.NET-Q8-AnyCPU 86 Magick.NET-Q16-HDRI-x86 85 Magick.NET-Q16-x86 85 Magick.NET-Q8-x86 84 Magick.NET-Q16-HDRI-OpenMP-arm64 83 Magick.NET-Q16-HDRI-x64 83 Magick.NET-Q16-OpenMP-arm64 83 Magick.NET-Q16-OpenMP-x64 83 Magick.NET-Q16-arm64 83 Magick.NET-Q16-HDRI-arm64 82 Magick.NET-Q8-OpenMP-arm64 82 Magick.NET-Q8-arm64 82 Magick.NET-Q16-x64 79 Magick.NET-Q8-OpenMP-x64 79 Magick.NET-Q8-x64 76 Magick.NET-Q16-HDRI-OpenMP-x64 69 Magick.NET-Q16-OpenMP-x86 57 DotNetNuke.Core 35 Microsoft.AspNetCore.App.Runtime.win-x64 25 Microsoft.AspNetCore.App.Runtime.win-x86 25 Microsoft.AspNetCore.App.Runtime.win-arm 24 Microsoft.AspNetCore.App.Runtime.linux-arm 22 Microsoft.AspNetCore.App.Runtime.linux-arm64 22 Microsoft.AspNetCore.App.Runtime.linux-musl-x64 22 Microsoft.AspNetCore.App.Runtime.linux-x64 22 Microsoft.AspNetCore.App.Runtime.osx-x64 22 Microsoft.AspNetCore.App.Runtime.win-arm64 22
Quick Filters
Critical CVEs With Exploits In CISA KEV