Inconsistent interpretation of http requests ('http request/response smuggling') in ASP.NET Core allows an authorized attacker to bypass a security feature over a network.

Inadequate encryption strength in .NET, .NET Framework, Visual Studio allows an authorized attacker to disclose information over a network.

Improper access control in Visual Studio allows an authorized attacker to elevate privileges locally.

Improper neutralization of special elements used in a command ('command injection') in GitHub Copilot and Visual Studio allows an unauthorized attacker to execute code locally.

Improper link resolution before file access ('link following') in Visual Studio allows an unauthorized attacker to elevate privileges over a network.

Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an authorized attacker to execute code over a network.

Untrusted search path in .NET and Visual Studio allows an unauthorized attacker to execute code over a network.

External control of file name or path in .NET, Visual Studio, and Build Tools for Visual Studio allows an authorized attacker to perform spoofing over a network.

Insufficient granularity of access control in Visual Studio allows an authorized attacker to disclose information locally.

Improper neutralization of special elements used in a command ('command injection') in Visual Studio allows an unauthorized attacker to execute code locally.