Lucene search
K

21 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-43993

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.007EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/11/15 12:0 a.m.14 views

Progress Telerik Report Server <= 10.2.24.924 Encryption Weakness (CVE-2024-7295)

The version of Progress Telerik Report Server installed on the remote host is affected by an encryption weakness vulnerability: - The encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information. CVE-2024-7295 Note that Nessus has not...

7.1CVSS5.5AI score0.00106EPSS
Exploits0References2
NVD
NVD
added 2024/11/13 4:15 p.m.30 views

CVE-2024-7295

In Progress® Telerik® Report Server versions prior to 2024 Q4 10.3.24.1112, the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information...

7.1CVSS0.00106EPSS
Exploits0References1
CVE
CVE
added 2024/11/13 3:22 p.m.49 views

CVE-2024-7295

CVE-2024-7295 affects Progress Telerik Report Server and is tied to an encryption weakness in the local asset data protection. Versions prior to 2024 Q4 (10.3.24.1112) reportedly use an older encryption algorithm, which may allow a sophisticated actor to decrypt local asset data. The vulnerabilit...

7.1CVSS6.3AI score0.00106EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/11/01 12:0 a.m.11 views

Progress Telerik Report Server <= 10.2.24.806 Insecure Type Resolution (CVE-2024-8015)

The version of Progress Telerik Report Server installed on the remote host is affected by an insecure type resolution vulnerability: - A remote code execution attack is possible through object injection via an insecure type resolution vulnerability. CVE-2024-8015 Note that Nessus has not tested f...

9.1CVSS6.4AI score0.00822EPSS
Exploits0References2
NVD
NVD
added 2024/10/09 3:15 p.m.9 views

CVE-2024-7294

In Progress® Telerik® Report Server versions prior to 2024 Q3 10.2.24.806, an HTTP DoS attack is possible on anonymous endpoints without rate limiting...

7.5CVSS0.00312EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/09 2:47 p.m.41 views

CVE-2024-7292 Account Controller allows high count of login attempts

In Progress® Telerik® Report Server versions prior to 2024 Q3 10.2.24.806, a credential stuffing attack is possible through improper restriction of excessive login attempts...

7.5CVSS0.00317EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/09 2:45 p.m.14 views

CVE-2024-7294 Uncontrolled resource consumption of anonymous endpoints

In Progress® Telerik® Report Server versions prior to 2024 Q3 10.2.24.806, an HTTP DoS attack is possible on anonymous endpoints without rate limiting...

7.5CVSS0.00312EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/09 2:45 p.m.9 views

CVE-2024-7294 Uncontrolled resource consumption of anonymous endpoints

In Progress® Telerik® Report Server versions prior to 2024 Q3 10.2.24.806, an HTTP DoS attack is possible on anonymous endpoints without rate limiting...

7.5CVSS6.8AI score0.00312EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/09 2:43 p.m.9 views

CVE-2024-7293 Password policy for new users is not strong enough

In Progress® Telerik® Report Server versions prior to 2024 Q3 10.2.24.806, a password brute forcing attack is possible through weak password requirements...

7.5CVSS7AI score0.00306EPSS
Exploits0References1
CVE
CVE
added 2024/10/09 2:43 p.m.48 views

CVE-2024-7293

Affected product: Progress Telerik Report Server. Vulnerability: Password brute forcing possible due to weak password requirements in versions prior to 2024 Q3 (10.2.24.806). Root cause / details: Weak password policy enables brute-force attempts; attack vector is network-based. Impact: High conf...

8.8CVSS7.7AI score0.00306EPSS
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2024/06/04 12:0 a.m.32 views

Progress Telerik Report Server Insecure Deserialization (CVE-2024-1800)

The version of Progress Telerik Report Server installed on the remote host is affected by an insecure deserialization vulnerability, as follows: - In Progress Telerik Report Server versions prior to 2024 Q1 10.0.24.130, a remote code execution attack is possible through an insecure deserializatio...

9.9CVSS9.4AI score0.40375EPSS
Exploits8References2
Tenable Nessus
Tenable Nessus
added 2024/06/04 12:0 a.m.41 views

Progress Telerik Report Server Authentication Bypass (CVE-2024-4358)

The version of Progress Telerik Report Server installed on the remote host is affected by an authentication bypass vulnerability, as follows: - In Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server...

9.8CVSS8.7AI score0.97482EPSS
Exploits14References2
NVD
NVD
added 2024/05/29 3:16 p.m.27 views

CVE-2024-4358

In Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability...

9.8CVSS9.8AI score0.97482EPSS
Exploits14References2
Vulnrichment
Vulnrichment
added 2024/05/29 2:51 p.m.36 views

CVE-2024-4358 Registration Authentication Bypass Vulnerability

In Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability...

9.8CVSS7.3AI score0.97482EPSS
Exploits14References1
NVD
NVD
added 2024/05/15 5:15 p.m.13 views

CVE-2024-4837

In Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability...

5.3CVSS5.4AI score0.00431EPSS
Exploits0References1
CVE
CVE
added 2024/05/15 5:4 p.m.23 views

CVE-2024-4837

CVE-2024-4837 affects Progress Telerik Report Server (Progress) on IIS, with the 2024 Q1 release (10.0.24.305) or earlier vulnerable to a trust boundary violation that lets an unauthenticated attacker access restricted functionality. Connected sources identify the affected product, version range,...

5.3CVSS7AI score0.00431EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/05/15 5:4 p.m.13 views

CVE-2024-4837 Trust Boundary Violation Vulnerability

In Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability...

5.3CVSS7.1AI score0.00431EPSS
Exploits0References1
CVE
CVE
added 2024/05/15 4:58 p.m.32 views

CVE-2024-4357

Progress Telerik Report Server (versions 10.0.24.305 and earlier, i.e., 2024 Q1) suffers an XML External Entity Processing (XXE) information-disclosure vulnerability in the ValidateMetadaUri path. A low-privilege attacker could read system files; an authenticated context is required but may be by...

6.5CVSS6.1AI score0.007EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/05/15 4:58 p.m.35 views

CVE-2024-4357 XML External Entity Processing Information Disclosure

An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 10.0.24.305 or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing...

6.5CVSS6.3AI score0.007EPSS
Exploits0References1
Rows per page
Query Builder