VYPR

Aspnetcore

by Microsoft

Source repositories

CVEs (40)

  • CVE-2023-44487HigKEVOct 10, 2023
    risk 0.65cvss 7.5epss 1.00

    The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

  • CVE-2026-40372CriApr 21, 2026
    risk 0.59cvss 9.1epss 0.11

    Improper verification of cryptographic signature in ASP.NET Core allows an unauthorized attacker to elevate privileges over a network.

  • CVE-2018-0784HigJan 10, 2018
    risk 0.58cvss 8.8epss 0.07

    ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0808.

  • CVE-2017-11879HigNov 15, 2017
    risk 0.58cvss 8.8epss 0.09

    ASP.NET Core 2.0 allows an attacker to steal log-in session information such as cookies or authentication tokens via a specially crafted URL aka "ASP.NET Core Elevation Of Privilege Vulnerability".

  • CVE-2018-8292HigOct 10, 2018
    risk 0.50cvss 7.5epss 0.15

    An information disclosure vulnerability exists in .NET Core when authentication information is inadvertently exposed in a redirect, aka ".NET Core Information Disclosure Vulnerability." This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0.

  • CVE-2017-8700HigNov 15, 2017
    risk 0.50cvss 7.5epss 0.10

    ASP.NET Core 1.0, 1.1, and 2.0 allow an attacker to bypass Cross-origin Resource Sharing (CORS) configurations and retrieve normally restricted content from a web application, aka "ASP.NET Core Information Disclosure Vulnerability".

  • CVE-2026-26130HigMar 10, 2026
    risk 0.49cvss 7.5epss 0.01

    Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.

  • CVE-2018-8409HigSep 13, 2018
    risk 0.49cvss 7.5epss 0.07

    A denial of service vulnerability exists when System.IO.Pipelines improperly handles requests, aka "System.IO.Pipelines Denial of Service." This affects .NET Core 2.1, System.IO.Pipelines, ASP.NET Core 2.1.

  • CVE-2018-0808HigMar 14, 2018
    risk 0.49cvss 7.5epss 0.08

    ASP.NET Core 1.0. 1.1, and 2.0 allow an elevation of privilege vulnerability due to how ASP.NET web applications handle web requests, aka "ASP.NET Core Elevation Of Privilege Vulnerability". This CVE is unique from CVE-2018-0784.

  • CVE-2017-11883HigNov 15, 2017
    risk 0.49cvss 7.5epss 0.09

    .NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly handling web requests, aka ".NET CORE Denial Of Service Vulnerability".

  • CVE-2017-11770HigNov 15, 2017
    risk 0.49cvss 7.5epss 0.05

    .NET Core 1.0, 1.1, and 2.0 allow an unauthenticated attacker to remotely cause a denial of service attack against a .NET Core web application by improperly parsing certificate data. A denial of service vulnerability exists when .NET Core improperly handles parsing certificate…

  • CVE-2026-45591HigJun 9, 2026
    risk 0.42cvss 7.5epss 0.01

    Uncontrolled resource consumption in ASP.NET Core allows an unauthorized attacker to deny service over a network.

  • CVE-2018-0785MedJan 10, 2018
    risk 0.42cvss 6.5epss 0.03

    ASP.NET Core 1.0. 1.1, and 2.0 allow a cross site request forgery vulnerability due to the ASP.NET Core project templates, aka "ASP.NET Core Cross Site Request Forgery Vulnerability".

  • CVE-2018-8356MedJul 11, 2018
    risk 0.36cvss 5.5epss 0.01

    A security feature bypass vulnerability exists when Microsoft .NET Framework components do not correctly validate certificates, aka ".NET Framework Security Feature Bypass Vulnerability." This affects .NET Framework 4.7.2, Microsoft .NET Framework 3.0, Microsoft .NET Framework…

  • CVE-2020-1147KEVJul 14, 2020
    risk 0.22cvss epss 0.94

    A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.

  • CVE-2023-38180KEVAug 8, 2023
    risk 0.12cvss epss 0.16

    .NET and Visual Studio Denial of Service Vulnerability

  • CVE-2025-55315Oct 14, 2025
    risk 0.03cvss epss 0.66

    Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

  • CVE-2020-0606Jan 14, 2020
    risk 0.03cvss epss 0.17

    A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code…

  • CVE-2020-0605Jan 14, 2020
    risk 0.03cvss epss 0.18

    A remote code execution vulnerability exists in .NET software when the software fails to check the source markup of a file.An attacker who successfully exploited the vulnerability could run arbitrary code in the context of the current user, aka '.NET Framework Remote Code…

  • CVE-2025-26682Apr 8, 2025
    risk 0.01cvss epss 0.01

    Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.

Page 1 of 2