Nuget
Products
17- 30 CVEs
- 4 CVEs
- 3 CVEs
- 3 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- Plumber.workflow1 CVEnuget
- Singoocms.utility1 CVEnuget
- 1 CVE
- 1 CVE
- 0 CVEs
- 0 CVEs
- 0 CVEs
- 0 CVEs
- 0 CVEs
Recent CVEs
48| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-55969 | Cri | 0.59 | 9.1 | 0.01 | Dec 15, 2024 | DocIO in Syncfusion Essential Studio for ASP.NET MVC before 27.1.55 throws XMLException during the resaving of a DOCX document with an external reference XML, aka I640714. | ||
| CVE-2026-39399 | Cri | 0.55 | 9.6 | 0.01 | Apr 14, 2026 | NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package… | ||
| CVE-2026-34638 | Hig | 0.51 | 7.8 | 0.00 | May 12, 2026 | Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | ||
| CVE-2017-17762 | Hig | 0.49 | 7.5 | 0.05 | Aug 29, 2018 | XML external entity (XXE) vulnerability in Episerver 7 patch 4 and earlier allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx. | ||
| CVE-2024-30172 | Hig | 0.42 | 7.5 | 0.01 | May 14, 2024 | An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key. | ||
| CVE-2024-29857 | Hig | 0.42 | 7.5 | 0.01 | May 14, 2024 | An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during… | ||
| CVE-2025-40834 | Med | 0.37 | 5.7 | 0.00 | Nov 17, 2025 | A vulnerability has been identified in Mendix RichText (All versions >= V4.0.0 < V4.6.1). Affected widget does not properly neutralize the input. This could allow an attacker to execute cross-site scripting attacks. | ||
| CVE-2024-32872 | Med | 0.36 | 5.5 | 0.00 | Apr 24, 2024 | Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow… | ||
| CVE-2025-27802 | Med | 0.31 | 4.8 | 0.00 | Jul 28, 2025 | The Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. RTE properties (text fields), which could… | ||
| CVE-2025-27801 | Med | 0.31 | 4.8 | 0.00 | Jul 28, 2025 | The Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. ContentReference properties, which… | ||
| CVE-2025-27800 | Med | 0.31 | 4.8 | 0.00 | Jul 28, 2025 | The Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. The Admin dashboard offered the… | ||
| CVE-2024-30171 | Med | 0.31 | 5.9 | 0.01 | May 14, 2024 | An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing. | ||
| CVE-2026-48506 | 0.00 | — | 0.00 | Jun 22, 2026 | MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePackReader.TrySkip() recursively descends into nested arrays and maps without incrementing the reader depth or calling the configured depth checks. This bypasses… | |||
| CVE-2025-62571 | 0.00 | — | 0.00 | Dec 9, 2025 | Improper input validation in Windows Installer allows an authorized attacker to elevate privileges locally. | |||
| CVE-2024-54138 | 0.00 | — | 0.00 | Dec 6, 2024 | NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks.… | |||
| CVE-2024-47604 | 0.00 | — | 0.01 | Oct 1, 2024 | NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability in its handling of HTML element attributes, which allows an attacker to execute arbitrary HTML or Javascript code in a victim's browser. | |||
| CVE-2024-37304 | 0.00 | — | 0.01 | Jun 12, 2024 | NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks.… | |||
| CVE-2024-20746 | 0.00 | — | 0.00 | Mar 18, 2024 | Premiere Pro versions 24.1, 23.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file. | |||
| CVE-2024-20745 | 0.00 | — | 0.01 | Mar 18, 2024 | Premiere Pro versions 24.1, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious… | |||
| CVE-2023-47056 | 0.00 | — | 0.00 | Nov 16, 2023 | Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim… |
- risk 0.59cvss 9.1epss 0.01
DocIO in Syncfusion Essential Studio for ASP.NET MVC before 27.1.55 throws XMLException during the resaving of a DOCX document with an external reference XML, aka I640714.
- risk 0.55cvss 9.6epss 0.01
NuGet Gallery is a package repository that powers nuget.org. A security vulnerability exists in the NuGetGallery backend job’s handling of .nuspec files within NuGet packages. An attacker can supply a crafted nuspec file with malicious metadata, leading to cross package…
- risk 0.51cvss 7.8epss 0.00
Premiere Pro versions 26.0.2, 25.6.4 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
- risk 0.49cvss 7.5epss 0.05
XML external entity (XXE) vulnerability in Episerver 7 patch 4 and earlier allows remote attackers to read arbitrary files via a crafted DTD in an XML request involving util/xmlrpc/Handler.ashx.
- risk 0.42cvss 7.5epss 0.01
An issue was discovered in Bouncy Castle Java Cryptography APIs before 1.78. An Ed25519 verification code infinite loop can occur via a crafted signature and public key.
- risk 0.42cvss 7.5epss 0.01
An issue was discovered in ECCurve.java and ECCurve.cs in Bouncy Castle Java (BC Java) before 1.78, BC Java LTS before 2.73.6, BC-FJA before 1.0.2.5, and BC C# .Net before 2.3.1. Importing an EC certificate with crafted F2m parameters can lead to excessive CPU consumption during…
- risk 0.37cvss 5.7epss 0.00
A vulnerability has been identified in Mendix RichText (All versions >= V4.0.0 < V4.6.1). Affected widget does not properly neutralize the input. This could allow an attacker to execute cross-site scripting attacks.
- risk 0.36cvss 5.5epss 0.00
Umbraco workflow provides workflows for the Umbraco content management system. Prior to versions 10.3.9, 12.2.6, and 13.0.6, an Umbraco Backoffice user can modify requests to a particular API endpoint to include SQL, which will be executed by the server. Umbraco Workflow…
- risk 0.31cvss 4.8epss 0.00
The Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. RTE properties (text fields), which could…
- risk 0.31cvss 4.8epss 0.00
The Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. ContentReference properties, which…
- risk 0.31cvss 4.8epss 0.00
The Episerver Content Management System (CMS) by Optimizely was affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities. This allowed an authenticated attacker to execute malicious JavaScript code in the victim's browser. The Admin dashboard offered the…
- risk 0.31cvss 5.9epss 0.01
An issue was discovered in Bouncy Castle Java TLS API and JSSE Provider before 1.78. Timing-based leakage may occur in RSA based handshakes because of exception processing.
- CVE-2026-48506Jun 22, 2026risk 0.00cvss —epss 0.00
MessagePack for C# is a MessagePack serializer for C#. Prior to 2.5.301 and 3.1.7, MessagePackReader.TrySkip() recursively descends into nested arrays and maps without incrementing the reader depth or calling the configured depth checks. This bypasses…
- CVE-2025-62571Dec 9, 2025risk 0.00cvss —epss 0.00
Improper input validation in Windows Installer allows an authorized attacker to elevate privileges locally.
- CVE-2024-54138Dec 6, 2024risk 0.00cvss —epss 0.00
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks.…
- CVE-2024-47604Oct 1, 2024risk 0.00cvss —epss 0.01
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability in its handling of HTML element attributes, which allows an attacker to execute arbitrary HTML or Javascript code in a victim's browser.
- CVE-2024-37304Jun 12, 2024risk 0.00cvss —epss 0.01
NuGet Gallery is a package repository that powers nuget.org. The NuGetGallery has a security vulnerability related to its handling of autolinks in Markdown content. While the platform properly filters out JavaScript from standard links, it does not adequately sanitize autolinks.…
- CVE-2024-20746Mar 18, 2024risk 0.00cvss —epss 0.00
Premiere Pro versions 24.1, 23.6.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.
- CVE-2024-20745Mar 18, 2024risk 0.00cvss —epss 0.01
Premiere Pro versions 24.1, 23.6.2 and earlier are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious…
- CVE-2023-47056Nov 16, 2023risk 0.00cvss —epss 0.00
Adobe Premiere Pro version 24.0 (and earlier) and 23.6 (and earlier) are affected by a Heap-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim…