nuget

901 tracked vulnerabilities.

CVE-2026-45591 HIGH
Microsoft ASP.NET Core - Unauthenticated Denial of Service
Jun 09, 2026
CVSS 7.5
EPSS 0.02
CVE-2026-45491 MEDIUM
Microsoft .NET 10.0 - .NET Tampering Vulnerability
Jun 09, 2026
CVSS 6.2
EPSS 0.00
CVE-2026-45288 CRITICAL
Marten < 8.36.1 - SQL Injection in regConfig Parameter
May 28, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-47762 HIGH
TinyMCE Cross-Site Scripting (XSS) vulnerability through `mce:protected` comments
May 28, 2026
CVSS 8.7
EPSS 0.00
CVE-2026-47761 HIGH
TinyMCE Cross-Site Scripting (XSS) vulnerability using media plugin `data-mce-object` injection
May 28, 2026
CVSS 8.7
EPSS 0.00
CVE-2026-47760 HIGH
TinyMCE Cross-Site Scripting (XSS) vulnerability using sanitization bypass through nested SVGs
May 28, 2026
CVSS 8.7
EPSS 0.00
CVE-2026-47759 HIGH
TinyMCE Cross-Site Scripting (XSS) vulnerability using through data-mce- prefixed src, href, style attributes
May 28, 2026
CVSS 8.7
EPSS 0.00
CVE-2026-44213 MEDIUM
OpenTelemetry.Exporter.Instana bypasses TLS certificate validation when a proxy is configured
May 26, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-44503 HIGH
Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect
May 14, 2026
EPSS 0.01
CVE-2026-44375 HIGH
Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException
May 14, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-44302 HIGH
Snappier: Infinite loop in SnappyStream decompression on malformed framed input
May 12, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-42191 MEDIUM
OpenTelemetry.Exporter.OpenTelemetryProtocol: Disk retry default temp path enables local blob injection for OTLP Exporter
May 12, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-42899 HIGH
Microsoft ASP.NET Core - Infinite Loop Denial of Service
May 12, 2026
CVSS 7.5
EPSS 0.02
CVE-2026-42348 MEDIUM
open-telemetry opentelemetry-dotnet-contrib - OpAMP Client Reads Unbounded HTTP Response Bodies
May 12, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-35433 HIGH
Microsoft .NET - Local Privilege Escalation
May 12, 2026
CVSS 7.3
EPSS 0.01
CVE-2026-32175 MEDIUM
.NET 10.0 < 10.0.8, 9.0 < 9.0.16, 8.0 < 8.0.27 - Path Traversal and Arbitrary File Write
May 12, 2026
CVSS 4.3
EPSS 0.01
CVE-2026-43939 HIGH
YAF.NET: Stored XSS in Forum Thread Posts/Replies Allowing Arbitrary JavaScript Execution for All Thread Viewers
May 12, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-43938 HIGH
YAF.NET: Unauthenticated Stored Second-Order XSS in Admin Event Log via Reflected `User-Agent` Header
May 12, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-43937 HIGH
YAF.NET: Pre-Handler Authorization Bypass on Admin Pages Enabling Blind SQL Execution via `/Admin/RunSql`
May 12, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-41511 MEDIUM
OpenMcdf <3.1.3 CFB Directory Cycle - Denial of Service
May 08, 2026
CVSS 6.2
EPSS 0.00
CVE-2026-42241 MEDIUM
ParquetSharp: Possible Stack Overflow When Reading a ParquetFile with Large Decimal Type Width
May 07, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-41484 MEDIUM
OpenTelemetry.Exporter.OneCollector vulnerable to denial of service via unbounded HTTP error response body
May 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-41483 MEDIUM
Unbounded HTTP response body read in OpenTelemetry.Resources.Azure
May 06, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-41310 MEDIUM
OpenTelemetry .NET Zipkin exporter has unbounded remote endpoint cache leading to memory growth
May 06, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-41319 MEDIUM
MailKit has STARTTLS Response Injection via unflushed stream buffer that enables SASL mechanism downgrade
Apr 24, 2026
CVSS 6.5
EPSS 0.00