CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-0332 – Progress UI for WinForms decompression path traversal vulnerability
https://notcve.org/view.php?id=CVE-2025-0332
12 Feb 2025 — In Progress® Telerik® UI for WinForms, versions prior to 2025 Q1 (2025.1.211), using the improper limitation of a target path can lead to decompressing an archive's content into a restricted directory. • https://docs.telerik.com/devtools/winforms/knowledge-base/kb-security-path-traversal-cve-2025-0332 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2024-7679 – Improper neutralization special element in hyperlinks
https://notcve.org/view.php?id=CVE-2024-7679
25 Sep 2024 — In Progress Telerik UI for WinForms versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. • https://docs.telerik.com/devtools/winforms/knowledge-base/command-injection-cve-2024-7679 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •