📦 Visual Studio 2022
by Microsoft
🔍 What is Visual Studio 2022?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
CVE-2025-55315 is an HTTP request smuggling vulnerability in ASP.NET Core that allows an authenticated attacker to bypass security features by manipulating HTTP request/response sequences. This affect...
This vulnerability allows attackers to bypass security features in .NET, .NET Framework, and Visual Studio, potentially enabling unauthorized access or privilege escalation. It affects systems running...
This vulnerability allows an authorized attacker with local access to a system running Visual Studio to elevate their privileges beyond what they should have. It affects users of Microsoft Visual Stud...
This CVE describes an untrusted search path vulnerability in .NET and Visual Studio that allows attackers to execute arbitrary code by manipulating the search order for DLLs or other files. Attackers ...
This vulnerability allows an authorized attacker to control file names or paths in .NET, Visual Studio, and Build Tools for Visual Studio, enabling network-based spoofing attacks. It affects systems r...
This vulnerability allows an authenticated attacker with local access to a system running Visual Studio to bypass intended access controls and elevate privileges. It affects users running vulnerable v...
This CVE describes a resource exhaustion vulnerability in ASP.NET Core where an attacker can send specially crafted requests to consume excessive server resources without proper throttling. This allow...
This vulnerability allows an authorized attacker to exploit an uncontrolled search path element in Visual Studio to execute arbitrary code with elevated privileges on the local system. It affects user...
This vulnerability allows an authorized attacker to exploit an uncontrolled search path element in Visual Studio to execute arbitrary code with elevated privileges. It affects users running vulnerable...
This vulnerability in Visual Studio Installer allows attackers to elevate privileges on Windows systems. An authenticated attacker could execute arbitrary code with SYSTEM privileges by exploiting imp...
This CVE describes an elevation of privilege vulnerability in Visual Studio that allows authenticated attackers to gain higher privileges than intended. It affects developers and organizations using V...
This .NET vulnerability allows remote attackers to execute arbitrary code on affected systems by exploiting a heap-based buffer overflow. It affects systems running vulnerable versions of .NET Framewo...
This CVE describes a heap-based buffer overflow vulnerability in .NET and Visual Studio that could allow remote code execution. Attackers could exploit this by tricking users into opening specially cr...
This CVE describes a privilege escalation vulnerability in .NET that allows authenticated attackers to elevate their privileges on affected systems. It affects systems running vulnerable versions of ....
This is a heap-based buffer overflow vulnerability in Visual Studio that allows remote code execution when processing specially crafted files. Attackers could exploit this to execute arbitrary code wi...
This vulnerability in .NET, .NET Framework, and Visual Studio allows attackers to cause a denial of service by sending specially crafted requests to affected applications. It affects systems running v...
This vulnerability in .NET and Visual Studio allows attackers to cause a denial of service by sending specially crafted requests that trigger inefficient algorithmic complexity. It affects systems run...
This CVE describes a denial of service vulnerability in .NET and Visual Studio where an attacker can cause affected systems to become unresponsive or crash. The vulnerability affects systems running v...
This vulnerability in .NET and Visual Studio allows attackers to cause a denial of service by sending specially crafted requests to affected systems. It affects applications built with vulnerable .NET...
This vulnerability allows attackers to elevate privileges on systems running affected .NET, .NET Framework, or Visual Studio installations. An authenticated attacker could exploit this to gain higher ...
This vulnerability in Microsoft ODBC Driver for SQL Server allows remote attackers to execute arbitrary code by sending specially crafted requests to affected systems. It affects applications and serv...
This vulnerability in Microsoft ODBC Driver for SQL Server allows remote attackers to execute arbitrary code on affected systems by sending specially crafted requests. It affects applications using vu...
This vulnerability in Microsoft ODBC Driver for SQL Server allows remote attackers to execute arbitrary code on affected systems by sending specially crafted requests. It affects applications using vu...
This vulnerability in Microsoft ODBC Driver for SQL Server allows remote attackers to execute arbitrary code on affected systems by sending specially crafted requests. It affects applications using vu...
This vulnerability in Microsoft ODBC Driver for SQL Server allows remote attackers to execute arbitrary code on affected systems by sending specially crafted requests. It affects applications using vu...
This vulnerability allows remote code execution in .NET, .NET Framework, and Visual Studio through a use-after-free memory corruption issue (CWE-416). Attackers can exploit this to execute arbitrary c...
This vulnerability in Microsoft's QUIC protocol implementation allows attackers to cause denial of service by sending specially crafted network packets. It affects systems running Microsoft Windows wi...
This vulnerability in .NET and Visual Studio allows attackers to cause a denial of service by sending specially crafted requests to affected systems. It affects applications built with vulnerable .NET...
This CVE describes an elevation of privilege vulnerability in Visual Studio that allows authenticated attackers to gain SYSTEM-level privileges on affected Windows systems. It affects users running vu...
This vulnerability in ASP.NET Core allows attackers to cause denial of service by sending specially crafted requests that consume excessive resources. It affects ASP.NET Core applications running on W...
This vulnerability allows attackers to elevate privileges on systems running affected .NET, .NET Framework, and Visual Studio versions. An authenticated attacker could exploit this to gain higher priv...
This vulnerability in Microsoft's QUIC protocol implementation allows attackers to cause denial of service by sending specially crafted network packets. It affects Windows systems running QUIC-enabled...
CVE-2023-44487 is an HTTP/2 protocol vulnerability that allows attackers to cause denial of service by rapidly resetting streams, consuming server resources. This affects any system using HTTP/2, incl...
This vulnerability in Visual Studio allows attackers to execute arbitrary code on a victim's system by tricking them into opening a specially crafted file. It affects developers and organizations usin...
This vulnerability allows remote code execution in Visual Studio when processing specially crafted files. Attackers could exploit this to run arbitrary code on affected systems. Users running vulnerab...
This CVE describes a denial of service vulnerability in .NET and Visual Studio that allows attackers to crash affected applications by sending specially crafted requests. It affects systems running vu...
This vulnerability in Visual Studio Tools for Office Runtime allows attackers to spoof file paths, potentially tricking users into opening malicious files. It affects systems running vulnerable versio...
CVE-2023-35390 is a remote code execution vulnerability in .NET and Visual Studio that allows attackers to execute arbitrary code on affected systems. The vulnerability affects systems running vulnera...
This vulnerability allows attackers to bypass security features in ASP.NET and Visual Studio, potentially enabling unauthorized access or privilege escalation. It affects systems running vulnerable ve...
This vulnerability allows remote attackers to execute arbitrary code on affected systems by exploiting a flaw in .NET, .NET Framework, and Visual Studio. It affects systems running vulnerable versions...
CVE-2023-33126 is a remote code execution vulnerability in .NET and Visual Studio that allows attackers to execute arbitrary code on affected systems. This affects systems running vulnerable versions ...
CVE-2023-28260 is a .NET DLL hijacking vulnerability that allows attackers to execute arbitrary code by placing malicious DLLs in specific directories. This affects .NET applications running on Window...
This command injection vulnerability in Visual Studio allows authenticated attackers to execute arbitrary code on the local system by injecting malicious commands. It affects developers and organizati...
This vulnerability involves inadequate encryption strength in .NET, .NET Framework, and Visual Studio, allowing an authorized attacker to disclose sensitive information over a network. It affects syst...
This vulnerability in Visual Studio allows authenticated local attackers to bypass access controls and access sensitive information they shouldn't have permission to view. It affects users running vul...
This CVE describes an elevation of privilege vulnerability in Visual Studio that allows authenticated attackers to gain higher privileges than intended. It affects developers and organizations using V...
This vulnerability in .NET and Visual Studio allows attackers to read sensitive information from memory that should be protected. It affects applications built with vulnerable .NET versions and develo...
This CVE describes an elevation of privilege vulnerability in Visual Studio that allows authenticated attackers to gain higher privileges than intended. It affects users running vulnerable versions of...
This CVE describes a denial of service vulnerability in Visual Studio where a race condition (CWE-362) could allow an attacker to crash the application. This affects developers and organizations using...