CVE-2023-35814

DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms...

CVE-2023-35815

DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML data...

PT-2025-18089 · Devexpress · Devexpress

Name of the Vulnerable Software and Affected Versions: DevExpress versions prior to 23.1.3 Description: The issue allows for arbitrary TypeConverter conversion. This could potentially lead to unintended consequences, although specific details about the impact or exploitation of this issue are not...

CVE-2023-35814

DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms...

PT-2025-18085 · Devexpress · Devexpress

Name of the Vulnerable Software and Affected Versions: DevExpress versions prior to 23.1.3 Description: The issue concerns a data-source protection mechanism bypass during the deserialization of XML data. This means that the normal protections in place to safeguard data sources can be circumvente...

PT-2025-18090 · Devexpress · Devexpress

Name of the Vulnerable Software and Affected Versions: DevExpress versions prior to 23.1.3 Description: The issue allows for Server-Side Request Forgery SSRF via AsyncDownloader. Recommendations: For versions prior to 23.1.3, update to version 23.1.3 or later to resolve the issue...

CVE-2023-35816

DevExpress before 23.1.3 allows arbitrary TypeConverter conversion...

DevExpress 安全漏洞

DevExpress is a software from the American company DevExpress, Inc. for providing best-in-class UI controls, tools and frameworks for WinForms, ASP.NET, MVC, Blazor, ASP.NET Core, WPF, VCL, Xamarin and JavaScript. A security vulnerability exists in DevExpress versions prior to 23.1.3 that stems...

CVE-2023-35815

DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML data...

CVE-2023-35817

DevExpress before 23.1.3 allows AsyncDownloader SSRF...

CVE-2023-35815

DevExpress before 23.1.3 has a vulnerability where the data-source protection mechanism can be bypassed during XML deserialization. Affected product: DevExpress (pre-23.1.3). Root cause: bypass of data-source protection on XML data. Practical impact (as stated): potential unauthorized access or m...

DevExpress 安全漏洞

DevExpress is a software from the American company DevExpress, Inc. for providing best-in-class UI controls, tools and frameworks for WinForms, ASP.NET, MVC, Blazor, ASP.NET Core, WPF, VCL, Xamarin and JavaScript. A security vulnerability exists in DevExpress versions prior to 23.1.3, which stems...

DevExpress 安全漏洞

DevExpress is a software from the American company DevExpress, Inc. for providing best-in-class UI controls, tools and frameworks for WinForms, ASP.NET, MVC, Blazor, ASP.NET Core, WPF, VCL, Xamarin and JavaScript. A security vulnerability exists in DevExpress versions prior to 23.1.3, which stems...

DevExpress 安全漏洞

DevExpress is a software from the American company DevExpress, Inc. for providing best-in-class UI controls, tools and frameworks for WinForms, ASP.NET, MVC, Blazor, ASP.NET Core, WPF, VCL, Xamarin and JavaScript. A security vulnerability exists in DevExpress versions prior to 23.1.3 that stems...

PT-2025-18084 · Devexpress · Devexpress

Name of the Vulnerable Software and Affected Versions: DevExpress versions prior to 23.1.3 Description: The issue is related to the improper protection of XtraReport serialized data in ASP.NET web forms. This affects the security of the data, potentially allowing unauthorized access or...

CVE-2023-35816

DevExpress CVE-2023-35816 affects DevExpress products prior to version 23.1.3, where an issue allows arbitrary TypeConverter conversions. The observed impact is described across multiple feeds as a vulnerability in DevExpress software before 23.1.3; the root cause is tied to TypeConverter behavio...

CVE-2023-35816

DevExpress before 23.1.3 allows arbitrary TypeConverter conversion...

CVE-2023-35817

DevExpress before 23.1.3 allows AsyncDownloader SSRF...

CVE-2023-35814

DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms...

CVE-2023-35814

DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET Web Forms. Affects DevExpress XtraReport serialization handling prior to version 23.1.3; impacts confidentiality, integrity and availability as per listed CVSS details. Remediation: upgrade to version 23.1.3 ...