Search Vulnerabilities

Kiota abstractions RedirectHandler leaks Cookie/Proxy-Authorization headers on cross-host redirect

Nerdbank.MessagePack: Attacker-controlled stackalloc in DateTime decoding causes process-terminating StackOverflowException

Snappier has an infinite loop during SnappyStream decompression with malformed framed input

OpAMP client reads unbounded HTTP response bodies

YAFNET has Stored XSS in Forum Thread Posts/Replies that Allows Arbitrary JavaScript Execution for All Thread Viewers

YAFNET: Pre-Handler Authorization Bypass on Admin Pages Enables Blind SQL Execution via `/Admin/RunSql`

YAFNET has Unauthenticated Stored Second-Order XSS in Admin Event Log via Reflected `User-Agent` Header

OpenTelemetry's disk retry default temp path enables local blob injection via OTLP Exporter

OneCollector exporter reads unbounded HTTP response bodies

OpenTelemetry.Resources.Azure has an unbounded HTTP response body read

OpenTelemetry's Zipkin remote endpoint cache could grow without bounds and increase memory pressure

ParquetSharp: Possible Stack Overflow When Reading a ParquetFile with Large Decimal Type Width

OpenTelemetry.Sampler.AWS & OpenTelemetry.Resources.AWS have unbounded HTTP response body reads

OpenTelemetry dotnet: Excessive memory allocation when parsing OpenTelemetry propagation headers

OpenTelemetry dotnet: Unbounded `grpc-status-details-bin` parsing in OTLP/gRPC retry handling

OpenTelemetry dotnet: OTLP exporter reads unbounded HTTP response bodies

Microsoft Security Advisory CVE-2026-40372 – ASP.NET Core Elevation of Privilege

OpenMcdf has an Infinite loop DoS via crafted CFB directory cycle

MailKit has STARTTLS Response Injection via unflushed stream buffer that enables SASL mechanism downgrade

OpenTelemetry .NET has potential memory exhaustion via unbounded pooled-list sizing in Jaeger exporter conversion path