Medium
CVE-2026-42191
OpenTelemetry.Exporter.OpenTelemetryProtocol is the OTLP (OpenTelemetry Protocol) exporter implementation. From 1.8.0 to 1.15.2, the OTLP disk retry feature in OpenTelemetry.Exporter.OpenTelemetryPro…
Tag: Microsoft .NET
All CVEs associated with "Microsoft .NET". Page 1/1 • 18 CVEs.
About “Microsoft .NET”
A curated feed of “Microsoft .NET”-related CVEs appears below. We currently track 18 CVEs for this tag (all time). In the last 365 days, 7 were published. Average CVSS is 6.3 (all time; 6.5 over 365d), and 44% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-789 - Memory Allocation with Excessive Size Value, CWE-379 - Creation of Temporary File in Directory with Insecure Permissions, CWE-770 - Allocation of Resources Without Limits or Throttling.
In our taxonomy this topic maps to a LOW impact class. Language runtimes and libraries cascade through dependency graphs. Upgrade runtime and toolchain, pin versions, rebuild images, and enable SAST or DAST and linters. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
Support & lifecycle: dotnet
This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.
| Cycle | Release | Latest | EOL | LTS |
|---|---|---|---|---|
| 10 | 10.0.8 | LTS | ||
| 9 | 9.0.16 | Soon | ||
| 8 | 8.0.27 | Soon | LTS | |
| 7 | 7.0.20 | Expired | ||
| 6 | 6.0.36 | Expired | LTS | |
| 5 | 5.0.17 | Expired | ||
| 3.1 | 3.1.32 | Expired | LTS | |
| 3.0 | 3.0.3 | Expired | ||
| 2.2 | 2.2.8 | Expired | ||
| 2.1 | 2.1.30 | Expired | LTS | |
| 2.0 | 2.0.9 | Expired | ||
| 1.1 | 1.1.13 | Expired | ||
| 1.0 | 1.0.16 | Expired |
Maintained Soon (≤ 180 days) Expired
Subscribe lifecycle: RSS · RSS (expired) · ICS
Subscribe CVEs: RSS for “Microsoft .NET” · RSS (High+Critical only)
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2026-05-12
2026-04-23
Medium
CVE-2026-41078
OpenTelemetry dotnet is a dotnet telemetry framework. In 1.6.0-rc.1 and earlier, OpenTelemetry.Exporter.Jaeger may allow sustained memory pressure when the internal pooled-list sizing grows based on…
Medium
CVE-2026-40894
OpenTelemetry dotnet is a dotnet telemetry framework. In OpenTelemetry.Api 0.5.0-beta.2 to 1.15.2 and OpenTelemetry.Extensions.Propagators 1.3.1 to 1.15.2, The implementation details of the baggage,…
Medium
CVE-2026-40891
OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry over gRPC using the OpenTelemetry Protocol (OTLP), the exporter may parse a server-provide…
Medium
CVE-2026-40182
OpenTelemetry dotnet is a dotnet telemetry framework. From 1.13.1 to before 1.15.2, When exporting telemetry to a back-end/collector over gRPC or HTTP using OpenTelemetry Protocol format (OTLP), if t…
2025-09-08
High
CVE-2025-36855
A vulnerability ( CVE-2025-21176 https://www.cve.org/CVERecord ) exists in DiaSymReader.dll due to buffer over-read. Per CWE-126: Buffer Over-read https://cwe.mitre.org/data/definitions/126.html ,…
High
CVE-2025-36854
A vulnerability ( CVE-2024-38229 https://www.cve.org/CVERecord ) exists in EOL ASP.NET when closing an HTTP/3 stream while application code is writing to the response body, a race condition may lead…
2025-03-05
High
CVE-2025-27513
OpenTelemetry dotnet is a dotnet telemetry framework. A vulnerability in OpenTelemetry.Api package 1.10.0 to 1.11.1 could cause a Denial of Service (DoS) when a tracestate and traceparent header is r…
2024-10-22
High
CVE-2024-10125
The Amazon.ApplicationLoadBalancer.Identity.AspNetCore repo https://github.com/awslabs/aws-alb-identity-aspnetcore#validatetokensignature contains Middleware that can be used in conjunction with th…
2024-05-28
Medium
CVE-2024-35240
Umbraco Commerce is an open source dotnet ecommerce solution. In affected versions there exists a stored Cross-site scripting (XSS) issue which would enable attackers to inject malicious code into Pr…
Low
CVE-2024-35239
Umbraco Commerce is an open source dotnet web forms solution. In affected versions an authenticated user that has access to edit Forms may inject unsafe code into Forms components. This issue can be…
2024-04-12
Medium
CVE-2024-32028
OpenTelemetry dotnet is a dotnet telemetry framework. In affected versions of `OpenTelemetry.Instrumentation.Http` and `OpenTelemetry.Instrumentation.AspNetCore` the `url.full` writes attribute/tag o…
2024-01-30
High
CVE-2024-23838
TrueLayer.NET is the .Net client for TrueLayer. The vulnerability could potentially allow a malicious actor to gain control over the destination URL of the HttpClient used in the API classes. For ap…
2021-11-09
Critical
CVE-2021-43569
The verify function in the Stark Bank .NET ECDSA library (ecdsa-dotnet) 1.3.1 fails to check that the signature is non-zero, which allows attackers to forge signatures on arbitrary messages.
2018-11-20
High
CVE-2018-19396
ext/standard/var_unserializer.c in PHP 5.x through 7.1.24 allows attackers to cause a denial of service (application crash) via an unserialize call for the com, dotnet, or variant class.
High
CVE-2018-19395
ext/standard/var.c in PHP 5.x through 7.1.24 on Windows allows attackers to cause a denial of service (NULL pointer dereference and application crash) because com and com_safearray_proxy return NULL…
2012-01-18
Medium
CVE-2011-4153
PHP 5.3.8 does not always check the return value of the zend_strndup function, which might allow remote attackers to cause a denial of service (NULL pointer dereference and application crash) via cra…
2010-12-09
Medium
CVE-2010-4514
Cross-site scripting (XSS) vulnerability in Install/InstallWizard.aspx in DotNetNuke 5.05.01 and 5.06.00 allows remote attackers to inject arbitrary web script or HTML via the __VIEWSTATE parameter.…