Shodan
Vulnerabilities
Vulnerable Software
Microsoft:  >> Visual Studio 2022  >> 17.14.5  Security Vulnerabilities
CVE-2026-32175
A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the destination of the files and directories. To exploit the vulnerability, an attacker must send a specially crafted file to a vulnerable system. The security update fixes the vulnerability by ensuring .NET Core properly handles files.
CVSS Score
4.3
EPSS Score
0.007
Published
2026-05-12
CVE-2026-32177
Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally.
CVSS Score
7.3
EPSS Score
0.004
Published
2026-05-12
CVE-2026-32203
Stack-based buffer overflow in .NET and Visual Studio allows an unauthorized attacker to deny service over a network.
CVSS Score
7.5
EPSS Score
0.008
Published
2026-04-14
CVE-2026-32178
Improper neutralization of special elements in .NET allows an unauthorized attacker to perform spoofing over a network.
CVSS Score
7.5
EPSS Score
0.011
Published
2026-04-14
CVE-2026-21257
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an authorized attacker to elevate privileges over a network.
CVSS Score
8.0
EPSS Score
0.008
Published
2026-02-10
CVE-2026-21256
Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code over a network.
CVSS Score
8.8
EPSS Score
0.011
Published
2026-02-10
CVE-2025-62214
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code locally.
CVSS Score
6.7
EPSS Score
0.01
Published
2025-11-11
CVE-2025-55240
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
CVSS Score
7.3
EPSS Score
0.003
Published
2025-10-14
CVE-2025-55248
Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.
CVSS Score
4.8
EPSS Score
0.007
Published
2025-10-14
CVE-2025-55315
Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.
CVSS Score
9.9
EPSS Score
0.663
Published
2025-10-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved