Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
asp.net vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2017-8700
ASP.NET Core 1.0, 1.1, and 2.0 allow an malicious user to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Information Disclosure Vulnerability".
Microsoft Asp.net Core 1.0
Microsoft Asp.net Core 1.1
Microsoft Asp.net Core 2.0
1 Article
7.5
CVSSv3
CVE-2017-0247
A denial of service vulnerability exists when the ASP.NET Core fails to properly validate web requests. NOTE: Microsoft has not commented on third-party claims that the issue is that the TextEncoder.EncodeCore function in the System.Text.Encodings.Web package in ASP.NET Core Mvc ...
Microsoft Asp.net Model View Controller 1.1.0
Microsoft Asp.net Model View Controller 1.1.1
Microsoft Asp.net Model View Controller 1.1.2
Microsoft Microsoft.aspnetcore.mvc.abstractions 1.0.0
Microsoft Microsoft.aspnetcore.mvc.apiexplorer 1.1.2
Microsoft Asp.net Model View Controller 1.0.0
Microsoft Asp.net Model View Controller 1.0.1
Microsoft Asp.net Model View Controller 1.0.2
Microsoft Microsoft.aspnetcore.mvc.dataannotations 1.0.2
Microsoft Microsoft.aspnetcore.mvc.dataannotations 1.0.3
Microsoft Microsoft.aspnetcore.mvc.dataannotations 1.1.0
Microsoft Microsoft.aspnetcore.mvc.dataannotations 1.1.1
Microsoft Microsoft.aspnetcore.mvc.formatters.xml 1.1.1
Microsoft Microsoft.aspnetcore.mvc.formatters.xml 1.1.2
Microsoft Microsoft.aspnetcore.mvc.localization 1.0.0
Microsoft Microsoft.aspnetcore.mvc.localization 1.0.1
Microsoft Microsoft.aspnetcore.mvc.razor.host 1.0.0
Microsoft Microsoft.aspnetcore.mvc.razor.host 1.0.1
Microsoft Microsoft.aspnetcore.mvc.razor.host 1.0.2
Microsoft Microsoft.aspnetcore.mvc.razor.host 1.0.3
Microsoft Microsoft.aspnetcore.mvc.razor.host 1.1.0
Microsoft Microsoft.aspnetcore.mvc.viewfeatures 1.0.3
1 Github repository
7.5
CVSSv3
CVE-2006-1364
Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote malicious users to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several do...
Microsoft Asp.net 1.1
Microsoft Asp.net
1 EDB exploit
7.3
CVSSv3
CVE-2020-5268
In Saml2 Authentication Services for ASP.NET versions prior to 1.0.2, and between 2.0.0 and 2.6.0, there is a vulnerability in how tokens are validated in some cases. Saml2 tokens are usually used as bearer tokens - a caller that presents a token is assumed to be the subject of t...
Sustainsys Saml2
7.3
CVSSv3
CVE-2017-0249
An elevation of privilege vulnerability exists when the ASP.NET Core fails to properly sanitize web requests.
Microsoft Microsoft.aspnetcore.mvc.abstractions 1.1.0
Microsoft Microsoft.aspnetcore.mvc.abstractions 1.1.1
Microsoft Microsoft.aspnetcore.mvc.abstractions 1.1.2
Microsoft Microsoft.aspnetcore.mvc.apiexplorer 1.0.0
Microsoft Microsoft.aspnetcore.mvc.apiexplorer 1.0.1
Microsoft Microsoft.aspnetcore.mvc.cors 1.0.0
Microsoft Microsoft.aspnetcore.mvc.cors 1.0.1
Microsoft Microsoft.aspnetcore.mvc.cors 1.0.2
Microsoft Microsoft.aspnetcore.mvc.cors 1.0.3
Microsoft Microsoft.aspnetcore.mvc.formatters.json 1.0.3
Microsoft Microsoft.aspnetcore.mvc.formatters.json 1.1.0
Microsoft Microsoft.aspnetcore.mvc.formatters.json 1.1.1
Microsoft Microsoft.aspnetcore.mvc.formatters.json 1.1.2
Microsoft Microsoft.aspnetcore.mvc.localization 1.1.2
Microsoft Microsoft.aspnetcore.mvc.razor 1.0.0
Microsoft Microsoft.aspnetcore.mvc.razor 1.0.1
Microsoft Microsoft.aspnetcore.mvc.razor 1.0.2
Microsoft Microsoft.aspnetcore.mvc.taghelpers 1.0.1
Microsoft Microsoft.aspnetcore.mvc.taghelpers 1.0.2
Microsoft Microsoft.aspnetcore.mvc.taghelpers 1.0.3
Microsoft Microsoft.aspnetcore.mvc.taghelpers 1.1.0
Microsoft Microsoft.aspnetcore.mvc.taghelpers 1.1.1
2 Github repositories
7.2
CVSSv3
CVE-2021-32831
Total.js framework (npm package total.js) is a framework for Node.js platfrom written in pure JavaScript similar to PHP's Laravel or Python's Django or ASP.NET MVC. In total.js framework before version 3.4.9, calling the utils.set function with user-controlled values le...
Totaljs Total.js
6.8
CVSSv3
CVE-2020-5261
Saml2 Authentication services for ASP.NET (NuGet package Sustainsys.Saml2) greater than 2.0.0, and less than version 2.5.0 has a faulty implementation of Token Replay Detection. Token Replay Detection is an important defence in depth measure for Single Sign On solutions. The 2.5....
Sustainsys Saml2
6.5
CVSSv3
CVE-2023-49089
Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.0, Backoffice users with permissions to create packages can use path traversal and thereby write outside of the expected location. Versions 8.18.10, 10...
Umbraco Umbraco Cms
6.5
CVSSv3
CVE-2018-0785
ASP.NET Core 1.0. 1.1, and 2.0 allow a cross site request forgery vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Cross Site Request Forgery Vulnerability".
Microsoft Asp.net Core 2.0
1 Article
6.1
CVSSv3
CVE-2023-48003
An open redirect through HTML injection in user messages in Asp.Net Zero prior to 12.3.0 allows remote malicious users to redirect targeted victims to any URL via the '<meta http-equiv="refresh"' in the WebSocket messages.
Aspnetzero Asp.net Zero
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-52710
arbitrary
CVE-2024-5272
CVE-2024-2961
brute force
remote
CVE-2024-32944
CVE-2024-36241
CVE-2024-5274
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »