Lucene search
K

141 matches found

Vulnrichment
Vulnrichment
added 2025/05/14 1:21 p.m.10 views

CVE-2025-3600 Unsafe Reflection Vulnerability in Telerik UI for ASP.NET AJAX

In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the hosting process and denial of service...

7.5CVSS7.6AI score0.19422EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/14 1:21 p.m.106 views

CVE-2025-3600 Unsafe Reflection Vulnerability in Telerik UI for ASP.NET AJAX

In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the hosting process and denial of service...

7.5CVSS0.19422EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/05/14 12:0 a.m.8 views

PT-2025-21164

Name of the Vulnerable Software and Affected Versions Progress Telerik UI for AJAX versions 2011.2.712 through 2025.1.218 Description An unsafe reflection issue exists in Progress Telerik UI for AJAX. This flaw can lead to an unhandled exception, potentially causing a crash of the hosting process...

7.8CVSS9.3AI score0.19422EPSS
Exploits0References29
Veracode
Veracode
added 2025/04/15 3:40 a.m.9 views

Remote Code Execution (RCE)

generator-jhipster-entity-audit is vulnerable to Remote Code Execution RCE. The vulnerability is due to unsafe reflection caused by using Javers as the Entity Audit Framework, which allows malicious classes on the classpath to be exploited through exposed REST endpoints...

7.6CVSS7.3AI score0.00491EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/04/04 2:6 p.m.13 views

GHSA-7RMP-3G9F-CVQ8 generator-jhipster-entity-audit vulnerable to Unsafe Reflection when having Javers selected as Entity Audit Framework

Summary CWE-470 Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' when having Javers selected as Entity Audit Framework Details In the following two occurences, user input directly leads to class loading without checking against e.g. a whitelist of allowed classes...

7.6CVSS7.9AI score0.00491EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/04/04 2:6 p.m.24 views

generator-jhipster-entity-audit vulnerable to Unsafe Reflection when having Javers selected as Entity Audit Framework

Summary CWE-470 Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' when having Javers selected as Entity Audit Framework Details In the following two occurences, user input directly leads to class loading without checking against e.g. a whitelist of allowed classes...

7.6CVSS7.9AI score0.00491EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/04/03 7:11 p.m.12 views

CVE-2025-31119 CWE-470 in generator-jhipster-entity-audit when having Javers selected as Entity Audit Framework

generator-jhipster-entity-audit is a JHipster module to enable entity audit and audit log page. Prior to 5.9.1, generator-jhipster-entity-audit allows unsafe reflection when having Javers selected as Entity Audit Framework. If an attacker manages to place some malicious classes into the classpath...

7.6CVSS7.8AI score0.00491EPSS
Exploits0References2
CVE
CVE
added 2025/04/03 7:11 p.m.60 views

CVE-2025-31119

generator-jhipster-entity-audit (a JHipster module) is affected by unsafe reflection when Javers is used as the Entity Audit Framework. Before version 5.9.1, an attacker who can place malicious classes on the classpath and access the REST endpoints could trigger remote code execution. The issue i...

7.6CVSS7.8AI score0.00491EPSS
Exploits0References2
OSV
OSV
added 2025/04/03 7:11 p.m.4 views

CVE-2025-31119 CWE-470 in generator-jhipster-entity-audit when having Javers selected as Entity Audit Framework

generator-jhipster-entity-audit is a JHipster module to enable entity audit and audit log page. Prior to 5.9.1, generator-jhipster-entity-audit allows unsafe reflection when having Javers selected as Entity Audit Framework. If an attacker manages to place some malicious classes into the classpath...

7.6CVSS8.1AI score0.00491EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/04/03 12:0 a.m.12 views

PT-2025-14791 · Jhipster · Generator-Jhipster-Entity-Audit

Name of the Vulnerable Software and Affected Versions: generator-jhipster-entity-audit versions prior to 5.9.1 Description: The issue allows for unsafe reflection when Javers is selected as the Entity Audit Framework. If an attacker can place malicious classes into the classpath and access the RE...

7.6CVSS7.2AI score0.00491EPSS
Exploits0References9
OSV
OSV
added 2025/03/31 5:15 p.m.3 views

CVE-2025-2794

An unsafe reflection vulnerability in Kentico Xperience allows an unauthenticated attacker to kill the current process, leading to a Denial-of-Service condition. This issue affects Xperience: through 13.0.180...

8.7CVSS5.8AI score0.0044EPSS
Exploits0References2
NVD
NVD
added 2025/03/31 5:15 p.m.14 views

CVE-2025-2794

An unsafe reflection vulnerability in Kentico Xperience allows an unauthenticated attacker to kill the current process, leading to a Denial-of-Service condition. This issue affects Xperience: through 13.0.180...

8.7CVSS0.0044EPSS
Exploits0References2
Snyk
Snyk
added 2025/03/31 4:42 p.m.3 views

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

Overview Kentico.Xperience.Libraries is a package for libraries and applications that use Kentico Xperience API. Affected versions of this package are vulnerable to Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' through the system's Content staging feature. An...

8.7CVSS7AI score0.0044EPSS
Exploits0References2
CVE
CVE
added 2025/03/31 4:22 p.m.69 views

CVE-2025-2794

CVE-2025-2794 describes an unsafe reflection vulnerability in Kentico Xperience (affecting Xperience up to and including version 13.0.180). An unauthenticated attacker can trigger the vulnerability to terminate the current process, resulting in a Denial-of-Service condition. The issue is rooted i...

8.7CVSS7.5AI score0.0044EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/03/31 4:22 p.m.9 views

CVE-2025-2794 Kentico Xperience <= 13.0.180 Unsafe Reflection

An unsafe reflection vulnerability in Kentico Xperience allows an unauthenticated attacker to kill the current process, leading to a Denial-of-Service condition. This issue affects Xperience: through 13.0.180...

8.7CVSS6.6AI score0.0044EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/31 4:22 p.m.16 views

CVE-2025-2794 Kentico Xperience <= 13.0.180 Unsafe Reflection

An unsafe reflection vulnerability in Kentico Xperience allows an unauthenticated attacker to kill the current process, leading to a Denial-of-Service condition. This issue affects Xperience: through 13.0.180...

8.7CVSS0.0044EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/03/20 10:11 a.m.35 views

CVE-2024-4990 Unsafe Reflection in base Component class in yiisoft/yii2

In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the set magic method does not validate that the value passed is a valid Behavior class name or configuration. This allows an attacker to instantiate arbitrary classes, passing parameters to their constructors...

8.1CVSS0.7939EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/03/20 10:11 a.m.13 views

CVE-2024-4990 Unsafe Reflection in base Component class in yiisoft/yii2

In yiisoft/yii2 version 2.0.48, the base Component class contains a vulnerability where the set magic method does not validate that the value passed is a valid Behavior class name or configuration. This allows an attacker to instantiate arbitrary classes, passing parameters to their constructors...

8.1CVSS8.1AI score0.7939EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/13 9:21 a.m.8 views

CVE-2023-6943

Use of Externally-Controlled Input to Select Classes or Code 'Unsafe Reflection' vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 to 5.92, GT Designer3 Version1GOT1000 versions 1.325P and prior, GT Designer3 Version1GOT2000 versions 1.320J and prior, GX Works2 versions 1.11M...

9.8CVSS9.5AI score0.01844EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/04 11:2 p.m.14 views

CVE-2024-0200

An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. This vulnerability could lead to the execution of user-controlled methods and remote code execution. To exploit this bug, an actor would need to be logged into an account on the...

9.8CVSS7.9AI score0.71725EPSS
Exploits1References1
Rows per page
Query Builder