Every CVE whose affected-product data names Microsoft Asp.net, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2004-0847 — CVSS 9.8 (critical): The Microsoft .NET forms authentication capability for ASP.NET allows remote attackers to bypass authentication for .aspx files in…
CVE-2006-1364 — CVSS 7.5 (high): Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET…
CVE-2003-0768 — CVSS 6.8 (medium): Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site Scripting (XSS) and Script Injection protection feature via a null…
CVE-2005-1664 — CVSS 6.4 (medium): The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated…
CVE-2005-1665 — CVSS 5.0 (medium): The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of…
CVE-2005-2224 — CVSS 5.0 (medium): aspnet_wp.exe in Microsoft ASP.NET web services allows remote attackers to cause a denial of service (CPU consumption from infinite loop)…
CVE-2005-0452 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ASP.NET (.Net) 1.0 and 1.1 to SP1 allow remote attackers to inject…
CVE-2010-2084 — CVSS 4.3 (medium): Microsoft ASP.NET 2.0 does not prevent setting the InnerHtml property on a control that inherits from HtmlContainerControl, which allows…
CVE-2010-2088 — CVSS 4.3 (medium): ASP.NET in Microsoft .NET 3.5 does not properly handle an unencrypted view state, which allows remote attackers to conduct cross-site…