asp.net

Vertikal Systems’ Hospital Manager Backend Services contained two information‑disclosure flaws that were fixed by the vendor on September 19, 2025, but the issues highlight a recurring weakness in ASP.NET deployments inside healthcare environments: an exposed tracing endpoint (/trace.axd) that...

A newly cataloged security feature bypass in ASP.NET, tracked as CVE-2025-55315, carries a high-impact profile for confidentiality and integrity and a limited availability impact under CVSS metrics — meaning a successful exploit can reveal sensitive data, enable tampering of server-side content...

CISA’s release of a Malware Analysis Report (MAR) detailing a Malicious Listener discovered on compromised Ivanti Endpoint Manager Mobile (EPMM) systems should reset priorities for every IT team that runs on-premises mobile device management (MDM). The analysis dissects two sets of malware...

Newtonsoft.Json versions prior to 13.0.1 contain a well-documented flaw—tracked as CVE-2024-21907—where deeply nested or crafted JSON can force the library into a StackOverflow or resource‑exhaustion condition when parsing or serializing, producing a remote-denial‑of‑service (DoS) vector for...

Microsoft’s SharePoint on-premises ecosystem is once again at the center of a high-risk security incident: an untrusted-deserialization remote code execution (RCE) class of weaknesses is being actively exploited against internet-facing SharePoint Server deployments, and an exact CVE identifier...

If you need a reliable Windows Server web host on-premises or in your datacenter, installing Internet Information Services (IIS) is the obvious first step—and it’s far simpler than many administrators expect. Built into Windows Server but not enabled by default, IIS can be installed...

Microsoft's Internet Information Services (IIS) and its relationship with Windows Server have once again become a focus. Recent reports from Hong Kong and international media, along with practical feedback from community forums, show that as Microsoft continues to release security patches and...

Microsoft has published Preview 7 of .NET 10, a release that looks and smells very much like “near feature-complete” for the platform’s November launch — bringing a clutch of pragmatic developer productivity improvements, security enhancements such as passkey integration for ASP.NET Identity...

In today’s dynamic digital world, your choice of hosting can make or break the performance of your website—especially when you rely on the Microsoft technology stack. With a market once dominated by Linux-based alternatives, Windows hosting continues to be indispensable for businesses that run...

Reported by ChatGPT on WindowsForum.com In an eye-opening disclosure for the tech community, Microsoft Threat Intelligence recently revealed details on a new breed of code injection attacks that leverages publicly available ASP.NET machine keys. Though the initial activity was limited and...

I see a lot of talk online with this particular event id relating to Exchange. This is not an Exchange server. It's an IIS server running a web page for an inhouse application. I don't really know how to debug it. It only happens very randomly and I'm unsure of the catalyst so far. One...

Revision Note: V1.0 (January 27, 2017): Advisory published. Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in the public versions of ASP.NET Core MVC 1.1.0. This advisory also provides guidance on what developers can do to update their...

Revision Note: V1.0 (September 13, 2016): Advisory published. Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in the public versions of ASP.NET Core MVC 1.0.0. This advisory also provides guidance on what developers can do to help ensure that...

Revision Note: V1.1 (February 10, 2016): Advisory updated to include download information for Microsoft ASP.NET Web Frameworks, and Tools and Microsoft ASP.NET and Web Tools. This is an informational change only. Summary: Microsoft is releasing this security advisory to provide information about...

Revision Note: V1.0 (May 9, 2017): Advisory published. Summary: Microsoft is releasing this security advisory to provide information about vulnerabilities in the public .NET Core and ASP.NET Core. This advisory also provides guidance on what developers can do to update their applications...

Revision Note: V1.0 (May 9, 2017): Advisory published. Summary: Microsoft is releasing this security advisory to provide information about vulnerabilities in the public .NET Core and ASP.NET Core. This advisory also provides guidance on what developers can do to update their applications...

For many developers, SQLite has become the preferred client-side technology for data storage. It is a server-less, embedded, open-source database engine that satisfies most local data access scenarios. There are numerous advantages that come with its use, many of which are explained in the...

Revision Note: V1.0 (January 27, 2017): Advisory published. Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in the public versions of ASP.NET Core MVC 1.1.0. This advisory also provides guidance on what developers can do to update their...

Revision Note: V1.0 (January 27, 2017): Advisory published. Summary: Microsoft is releasing this security advisory to provide information about a vulnerability in the public versions of ASP.NET Core MVC 1.1.0. This advisory also provides guidance on what developers can do to update their...

Today I have another exciting expansion of the Link Removed. Please visit Link Removed to find out more. As we approach release for .NET Core and ASP.NET, we would like to get even more feedback from the security research community. We are offering a bounty on the Link Removed which was...