VYPR
Vendor

Telerik

Products
14
CVEs
15
Across products
17
Status
Private

Products

14

Recent CVEs

15
  • CVE-2017-11317CriKEVAug 23, 2017
    risk 0.85cvss 9.8epss 0.83

    Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.

  • CVE-2017-9248CriKEVJul 3, 2017
    risk 0.85cvss 9.8epss 0.75

    Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection…

  • CVE-2024-12251HigFeb 12, 2025
    risk 0.51cvss 7.8epss 0.01

    In Progress Telerik UI for WinUI versions prior to 2025 Q1 (3.0.0), a command injection attack is possible through improper neutralization of hyperlink elements.

  • CVE-2018-14037MedSep 28, 2018
    risk 0.40cvss 6.1epss 0.01

    Cross-site scripting (XSS) vulnerability in Progress Kendo UI Editor v2018.1.221 allows remote attackers to inject arbitrary JavaScript into the DOM of the WYSIWYG editor because of the editorNS.Serializer toEditableHtml function in kendo.all.min.js. If the victim accesses the…

  • CVE-2025-6725MedJul 2, 2025
    risk 0.35cvss 5.4epss 0.00

    In the PdfViewer component, a Cross-Site Scripting (XSS) vulnerability is possible if a specially-crafted document has already been loaded and the user engages with a tool that requires the DOM to be re-rendered.

  • CVE-2024-3892May 15, 2024
    risk 0.00cvss epss 0.00

    A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute arbitrary code on the local Windows system.

  • CVE-2024-0833Jan 31, 2024
    risk 0.00cvss epss 0.00

    In Telerik Test Studio versions prior to v2023.3.1330, a privilege elevation vulnerability has been identified in the applications installer component.  In an environment where an existing Telerik Test Studio install is present, a lower privileged user has the ability to…

  • CVE-2024-0832Jan 31, 2024
    risk 0.00cvss epss 0.00

    In Telerik Reporting versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component.  In an environment where an existing Telerik Reporting install is present, a lower privileged user has the ability to manipulate the…

  • CVE-2024-0219Jan 31, 2024
    risk 0.00cvss epss 0.00

    In Telerik JustDecompile versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component.  In an environment where an existing Telerik JustDecompile install is present, a lower privileged user has the ability to…

  • CVE-2020-13661Nov 5, 2020
    risk 0.00cvss epss 0.01

    Telerik Fiddler through 5.0.20202.18177 allows attackers to execute arbitrary programs via a hostname with a trailing space character, followed by --utility-and-browser --utility-cmd-prefix= and the pathname of a locally installed program. The victim must interactively choose…

  • CVE-2019-19790Dec 13, 2019
    risk 0.00cvss epss 0.03

    Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. NOTE: RadChart was discontinued in 2014 in favor…

  • CVE-2019-12097Jun 3, 2019
    risk 0.00cvss epss 0.01

    Telerik Fiddler v5.0.20182.28034 doesn't verify the hash of EnableLoopback.exe before running it, which could lead to code execution or local privilege escalation by replacing the original EnableLoopback.exe.

  • CVE-2015-2264Mar 13, 2015
    risk 0.00cvss epss 0.01

    Multiple untrusted search path vulnerabilities in (1) EQATEC.Analytics.Monitor.Win32_vc100.dll and (2) EQATEC.Analytics.Monitor.Win32_vc100-x64.dll in Telerik Analytics Monitor Library before 3.2.125 allow local users to gain privileges via a Trojan horse (a) csunsapi.dll, (b)…

  • CVE-2014-2217Dec 25, 2014
    risk 0.00cvss epss 0.04

    Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in the UploadID metadata…

  • CVE-2014-4958Sep 26, 2014
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in Telerik UI for ASP.NET AJAX RadEditor control 2014.1.403.35, 2009.3.1208.20, and other versions allows remote attackers to inject arbitrary web script or HTML via CSS expressions in style attributes.