CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6097 – Absolute Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2024-6097
12 Feb 2025 — In Progress® Telerik® Reporting versions prior to 2025 Q1 (19.0.25.211), information disclosure is possible by a local threat actor through an absolute path vulnerability. • https://docs.telerik.com/reporting/knowledge-base/kb-security-absolute-path-traversal-CVE-2024-6097 • CWE-36: Absolute Path Traversal •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8015 – Telerik Report Server Insecure Type Resolution
https://notcve.org/view.php?id=CVE-2024-8015
09 Oct 2024 — In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability. • https://docs.telerik.com/report-server/knowledge-base/insecure-type-resolution-cve-2024-8015 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 7.8EPSS: 1%CPEs: 1EXPL: 0CVE-2024-7840 – Improper neutralization special element in hyperlinks
https://notcve.org/view.php?id=CVE-2024-7840
09 Oct 2024 — In Progress Telerik Reporting versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements. • https://docs.telerik.com/reporting/knowledge-base/command-injection-cve-2024-7840 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-8048 – Telerik Reporting Insecure Expression Evaluation
https://notcve.org/view.php?id=CVE-2024-8048
09 Oct 2024 — In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation. • https://docs.telerik.com/reporting/knowledge-base/insecure-expression-evaluation-cve-2024-8048 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 9.0EPSS: 3%CPEs: 1EXPL: 0CVE-2024-8014 – Telerik Reporting EntityDataSource Insecure Type Resolution
https://notcve.org/view.php?id=CVE-2024-8014
09 Oct 2024 — In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability. • https://docs.telerik.com/reporting/knowledge-base/insecure-type-resolution-cve-2024-8014 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 10.0EPSS: 4%CPEs: 1EXPL: 0CVE-2024-6096 – Unsafe Deserialization Vulnerability
https://notcve.org/view.php?id=CVE-2024-6096
24 Jul 2024 — In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability. • https://docs.telerik.com/reporting/knowledge-base/unsafe-reflection-CVE-2024-6096 • CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4200 – Progress Telerik Reporting Local Deserialization Vulnerability
https://notcve.org/view.php?id=CVE-2024-4200
15 May 2024 — In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. En las versiones de Progress® Telerik® Reporting anteriores al segundo trimestre de 2024 (18.1.24.2.514), un actor de amenazas local puede realizar un ataque de ejecución de código a través de una vulnerabilidad de deserialización insegura. • https://docs.telerik.com/reporting/knowledge-base/deserialization-vulnerability-cve-2024-4200 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4202 – Progress Telerik Reporting Local Instantiation Vulnerability
https://notcve.org/view.php?id=CVE-2024-4202
15 May 2024 — In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability. En las versiones de Progress® Telerik® Reporting anteriores al segundo trimestre de 2024 (18.1.24.514), es posible un ataque de ejecución de código a través de una vulnerabilidad de instanciación insegura. • https://docs.telerik.com/reporting/knowledge-base/instantiation-vulnerability-cve-2024-4202 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1856 – Progress Telerik Reporting Remote Deserialization Vulnerability
https://notcve.org/view.php?id=CVE-2024-1856
20 Mar 2024 — In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Telerik Reporting. Authentication is required to exploit this vulnerability. The specific flaw exists within the ObjectReader class. The issue results from the lack of proper validation of user-supplied data, wh... • https://docs.telerik.com/reporting/knowledge-base/deserialization-vulnerability-cve-2024-1801-cve-2024-1856 • CWE-502: Deserialization of Untrusted Data •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1801 – Progress Telerik Reporting Local Deserialization Vulnerability
https://notcve.org/view.php?id=CVE-2024-1801
20 Mar 2024 — In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Telerik Reporting. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the ObjectReader class. The i... • https://docs.telerik.com/reporting/knowledge-base/deserialization-vulnerability-cve-2024-1801-cve-2024-1856 • CWE-502: Deserialization of Untrusted Data •