22 matches found
EUVD-2023-39810
Malicious code in bioql PyPI...
CVE-2023-35816
DevExpress before 23.1.3 allows arbitrary TypeConverter conversion...
CVE-2023-35814
DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms...
CVE-2023-35817
DevExpress before 23.1.3 allows AsyncDownloader SSRF...
CVE-2023-35817
DevExpress before 23.1.3 allows AsyncDownloader SSRF...
CVE-2023-35816
DevExpress before 23.1.3 allows arbitrary TypeConverter conversion...
CVE-2023-35814
DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms...
CVE-2023-35815
DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML data...
CVE-2023-35815
DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML data...
CVE-2023-35816
DevExpress CVE-2023-35816 affects DevExpress products prior to version 23.1.3, where an issue allows arbitrary TypeConverter conversions. The observed impact is described across multiple feeds as a vulnerability in DevExpress software before 23.1.3; the root cause is tied to TypeConverter behavio...
DevExpress 安全漏洞
DevExpress is a software from the American company DevExpress, Inc. for providing best-in-class UI controls, tools and frameworks for WinForms, ASP.NET, MVC, Blazor, ASP.NET Core, WPF, VCL, Xamarin and JavaScript. A security vulnerability exists in DevExpress versions prior to 23.1.3 that stems...
PT-2025-18089 · Devexpress · Devexpress
Name of the Vulnerable Software and Affected Versions: DevExpress versions prior to 23.1.3 Description: The issue allows for arbitrary TypeConverter conversion. This could potentially lead to unintended consequences, although specific details about the impact or exploitation of this issue are not...
PT-2025-18085 · Devexpress · Devexpress
Name of the Vulnerable Software and Affected Versions: DevExpress versions prior to 23.1.3 Description: The issue concerns a data-source protection mechanism bypass during the deserialization of XML data. This means that the normal protections in place to safeguard data sources can be circumvente...
CVE-2023-35816
DevExpress before 23.1.3 allows arbitrary TypeConverter conversion...
CVE-2023-35817
DevExpress before 23.1.3 allows AsyncDownloader SSRF...
CVE-2023-35817
DevExpress prior to version 23.1.3 is vulnerable to Server-Side Request Forgery (SSRF) via AsyncDownloader. Affected software is DevExpress before 23.1.3; root cause is SSRF in AsyncDownloader. Public references and vendor advisories confirm the issue and provide remediation guidance: upgrade to ...
CVE-2023-35816
DevExpress before 23.1.3 allows arbitrary TypeConverter conversion...
CVE-2022-28684
This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Authentication is required to exploit this vulnerability. The specific flaw exists within the SafeBinaryFormatter library. The issue results from the lack of proper validation of...
EUVD-2022-33126
This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Authentication is required to exploit this vulnerability. The specific flaw exists within the SafeBinaryFormatter library. The issue results from the lack of proper validation of...
PT-2022-19168 · Devexpress · Safebinaryformatter +1
Name of the Vulnerable Software and Affected Versions: DevExpress affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this issue. The flaw exists within the SafeBinaryFormatter...