Visual Studio CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (284 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2020-1147	2 Microsoft, Redhat	18 .net Core, .net Framework, Sharepoint Enterprise Server and 15 more	2025-07-30	7.8 High
A remote code execution vulnerability exists in .NET Framework, Microsoft SharePoint, and Visual Studio when the software fails to check the source markup of XML file input, aka '.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability'.
CVE-2023-38180	3 Fedoraproject, Microsoft, Redhat	7 Fedora, .net, Asp.net Core and 4 more	2025-07-30	7.5 High
.NET and Visual Studio Denial of Service Vulnerability
CVE-2023-44487	32 Akka, Amazon, Apache and 29 more	367 Http Server, Opensearch Data Prepper, Apisix and 364 more	2025-07-30	7.5 High
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
CVE-2021-26700	1 Microsoft	2 Npm, Visual Studio Code Npm-script Extension	2025-07-16	7.8 High
Visual Studio Code npm-script Extension Remote Code Execution Vulnerability
CVE-2024-30052	1 Microsoft	2 Visual Studio 2019, Visual Studio 2022	2025-07-16	4.7 Medium
Visual Studio Remote Code Execution Vulnerability
CVE-2024-29060	1 Microsoft	3 Visual Studio 2017, Visual Studio 2019, Visual Studio 2022	2025-07-16	6.7 Medium
Visual Studio Elevation of Privilege Vulnerability
CVE-2025-47959	1 Microsoft	2 Visual Studio, Visual Studio 2022	2025-07-11	7.1 High
Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.
CVE-2025-30399	4 Apple, Linux, Microsoft and 1 more	8 Macos, Linux Kernel, .net and 5 more	2025-07-11	7.5 High
Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.
CVE-2023-29338	1 Microsoft	1 Visual Studio Code	2025-07-10	6.6 Medium
Visual Studio Code Spoofing Vulnerability
CVE-2024-38168	1 Microsoft	2 .net, Visual Studio 2022	2025-07-10	7.5 High
.NET and Visual Studio Denial of Service Vulnerability
CVE-2024-38167	2 Microsoft, Redhat	3 .net, Visual Studio 2022, Enterprise Linux	2025-07-10	6.5 Medium
.NET and Visual Studio Information Disclosure Vulnerability
CVE-2025-29804	1 Microsoft	1 Visual Studio 2022	2025-07-10	7.3 High
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
CVE-2025-29802	1 Microsoft	1 Visual Studio 2022	2025-07-10	7.3 High
Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.
CVE-2025-29803	1 Microsoft	5 Sql Server Management Studio, Visual Studio Tools For Applications 2019, Visual Studio Tools For Applications 2019 Sdk and 2 more	2025-07-10	7.3 High
Uncontrolled search path element in Visual Studio Tools for Applications and SQL Server Management Studio allows an authorized attacker to elevate privileges locally.
CVE-2025-26682	1 Microsoft	2 Asp.net Core, Visual Studio 2022	2025-07-09	7.5 High
Allocation of resources without limits or throttling in ASP.NET Core allows an unauthorized attacker to deny service over a network.
CVE-2025-32726	1 Microsoft	1 Visual Studio Code	2025-07-08	6.8 Medium
Improper access control in Visual Studio Code allows an authorized attacker to elevate privileges locally.
CVE-2024-43498	4 Apple, Linux, Microsoft and 1 more	6 Macos, Linux Kernel, .net and 3 more	2025-07-08	9.8 Critical
.NET and Visual Studio Remote Code Execution Vulnerability
CVE-2024-49044	1 Microsoft	1 Visual Studio 2022	2025-07-08	6.7 Medium
Visual Studio Elevation of Privilege Vulnerability
CVE-2024-43488	1 Microsoft	1 Visual Studio Code	2025-07-08	8.8 High
Missing authentication for critical function in Visual Studio Code extension for Arduino allows an unauthenticated attacker to perform remote code execution through network attack vector.
CVE-2024-43603	1 Microsoft	4 Visual Studio, Visual Studio 2017, Visual Studio 2019 and 1 more	2025-07-08	5.5 Medium
Visual Studio Collector Service Denial of Service Vulnerability

« first previous Page 2 of 15. next last »