Asp.net Core
Sign in to watchby Microsoft
CVEs (9)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-40372 | Cri | 0.59 | 9.1 | 0.00 | Apr 21, 2026 | Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network. | |
| CVE-2017-11879 | Hig | 0.58 | 8.8 | 0.10 | Nov 15, 2017 | ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability". | |
| CVE-2026-26130 | Hig | 0.49 | 7.5 | 0.03 | Mar 10, 2026 | Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network. | |
| CVE-2017-8700 | Hig | 0.49 | 7.5 | 0.07 | Nov 15, 2017 | ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Information Disclosure Vulnerability". | |
| CVE-2020-1045 | 0.02 | — | 0.20 | Sep 11, 2020 | <p>A security feature bypass vulnerability exists in the way Microsoft ASP.NET Core parses encoded cookie names.</p> <p>The ASP.NET Core cookie parser decodes entire cookie strings which could allow a malicious attacker to set a second cookie with the name being percent encoded.</p> <p>The security update addresses the vulnerability by fixing the way the ASP.NET Core cookie parser handles encoded names.</p> | ||
| CVE-2020-1597 | 0.01 | — | 0.08 | Aug 17, 2020 | A denial of service vulnerability exists when ASP.NET Core improperly handles web requests. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication. A remote unauthenticated attacker could exploit this vulnerability by issuing specially crafted requests to the ASP.NET Core application. The update addresses the vulnerability by correcting how the ASP.NET Core web application handles web requests. | ||
| CVE-2021-43877 | 0.00 | — | 0.01 | Dec 15, 2021 | ASP.NET Core and Visual Studio Elevation of Privilege Vulnerability | ||
| CVE-2021-34532 | 0.00 | — | 0.00 | Aug 12, 2021 | ASP.NET Core and Visual Studio Information Disclosure Vulnerability | ||
| CVE-2021-1723 | 0.00 | — | 0.04 | Jan 12, 2021 | ASP.NET Core and Visual Studio Denial of Service Vulnerability |