Telerik UI for WinForms
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-0332 | 0.00 | — | 0.00 | Feb 12, 2025 | In Progress® Telerik® UI for WinForms, versions prior to 2025 Q1 (2025.1.211), using the improper limitation of a target path can lead to decompressing an archive's content into a restricted directory. | |||
| CVE-2024-10095 | 0.00 | — | 0.01 | Dec 16, 2024 | In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability. | |||
| CVE-2024-10012 | 0.00 | — | 0.00 | Nov 13, 2024 | In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1111), a code execution attack is possible through an insecure deserialization vulnerability. | |||
| CVE-2024-10013 | 0.00 | — | 0.00 | Nov 13, 2024 | In Progress Telerik UI for WinForms versions prior to 2024 Q4 (2024.4.1113), a code execution attack is possible through an insecure deserialization vulnerability. | |||
| CVE-2024-8316 | 0.00 | — | 0.00 | Sep 25, 2024 | In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability. | |||
| CVE-2024-7576 | 0.00 | — | 0.00 | Sep 25, 2024 | In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability. | |||
| CVE-2024-7575 | 0.00 | — | 0.01 | Sep 25, 2024 | In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. | |||
| CVE-2024-7679 | 0.00 | — | 0.01 | Sep 25, 2024 | In Progress Telerik UI for WinForms versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. |
- CVE-2025-0332Feb 12, 2025risk 0.00cvss —epss 0.00
In Progress® Telerik® UI for WinForms, versions prior to 2025 Q1 (2025.1.211), using the improper limitation of a target path can lead to decompressing an archive's content into a restricted directory.
- CVE-2024-10095Dec 16, 2024risk 0.00cvss —epss 0.01
In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability.
- CVE-2024-10012Nov 13, 2024risk 0.00cvss —epss 0.00
In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1111), a code execution attack is possible through an insecure deserialization vulnerability.
- CVE-2024-10013Nov 13, 2024risk 0.00cvss —epss 0.00
In Progress Telerik UI for WinForms versions prior to 2024 Q4 (2024.4.1113), a code execution attack is possible through an insecure deserialization vulnerability.
- CVE-2024-8316Sep 25, 2024risk 0.00cvss —epss 0.00
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability.
- CVE-2024-7576Sep 25, 2024risk 0.00cvss —epss 0.00
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability.
- CVE-2024-7575Sep 25, 2024risk 0.00cvss —epss 0.01
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements.
- CVE-2024-7679Sep 25, 2024risk 0.00cvss —epss 0.01
In Progress Telerik UI for WinForms versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements.