Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
ProgressTelerik Reporting

14 matches found

CVE
CVEadded 2017/05/22 4:54 a.m.95 views

CVE-2017-9140

The CVE-2017-9140 issue affects Telerik Reporting for ASP.NET WebForms (Telerik.ReportViewer.WebForms.dll) prior to R1 2017 SP2 (11.0.17.406). It is a reflected XSS vulnerability exploitable via the bgColor parameter to Telerik.ReportViewer.axd, allowing attacker-controlled script/HTML execution ...

6.1CVSS6.1AI score0.09642EPSS
CVE
CVEadded 2024/03/20 1:12 p.m.70 views

CVE-2024-1801

Progress Software Telerik Reporting ObjectReader deserialization vulnerability (CVE-2024-1801 / CVE-2024-1856) enables remote code execution through untrusted data. Affected: Telerik Reporting versions prior to 2024 Q1 (18.0.24.130). Attack requires user interaction (e.g., visiting a malicious pa...

7.8CVSS7.9AI score0.00422EPSS
CVE
CVEadded 2024/07/24 2:0 p.m.70 views

CVE-2024-6096

Progress Telerik Reporting, before version 18.1.24.709, is affected by an object-injection vulnerability due to insecure type resolution that can lead to code execution. The vulnerability affects Progress Telerik Reporting (a .NET/.NET Framework embedded reporting tool) and various advisories ide...

9.8CVSS9AI score0.00861EPSS
CVE
CVEadded 2024/03/20 1:13 p.m.65 views

CVE-2024-1856

CVE-2024-1856 affects Progress Telerik Reporting: an ObjectReader deserialization vulnerability in versions prior to 2024 Q1 (18.0.24.130) allows remote code execution. Exploitation conditions vary by advisory (ZDI notes may require authentication and/or user interaction). Remediation is to upgra...

8.8CVSS8.7AI score0.01129EPSS
CVE
CVEadded 2024/10/09 2:16 p.m.61 views

CVE-2024-8014

Progress Telerik Reporting is affected by CVE-2024-8014 due to an insecure type resolution vulnerability that enables object injection and code execution. Affected versions are prior to 2024 Q3 (18.2.24.924). Remediation is to update to 2024 Q3 (18.2.24.924) or later (per the Nessus/Red Hat/CTTA ...

8.8CVSS9.1AI score0.00602EPSS
CVE
CVEadded 2025/02/12 5:37 p.m.56 views

CVE-2024-6097

Progress Telerik Reporting (Progress) is affected in versions prior to 2025 Q1 (19.0.25.211). The vulnerability is an information disclosure via an absolute path traversal that can be exploited by a local threat actor, as described in multiple sources. The CVE-2024-6097 entry confirms the impact ...

5.3CVSS5AI score0.00471EPSS
CVE
CVEadded 2024/01/31 3:14 p.m.51 views

CVE-2024-0832

Technical details about CVE-2024-0832 are not publicly provided in the supplied documents. No concrete exploit information or affected versions are specified here. Monitor for updates from official advisories and connected sources.

7.8CVSS7.5AI score0.00193EPSS
CVE
CVEadded 2024/10/09 2:41 p.m.51 views

CVE-2024-7840

CVE-2024-7840 – Progress Telerik Reporting : Affected product is Progress Telerik Reporting (desktop Viewers/Standalone Report Designer) prior to 2024 Q3 (18.2.24.924). Root cause: improper neutralization of hyperlink elements enabling a potential command injection. Impact is described as high fo...

7.8CVSS8.1AI score0.00662EPSS
CVE
CVEadded 2024/10/09 2:43 p.m.47 views

CVE-2024-7293

Affected product: Progress Telerik Report Server. Vulnerability: Password brute forcing possible due to weak password requirements in versions prior to 2024 Q3 (10.2.24.806). Root cause / details: Weak password policy enables brute-force attempts; attack vector is network-based. Impact: High conf...

8.8CVSS7.7AI score0.00306EPSS
CVE
CVEadded 2024/10/09 2:45 p.m.47 views

CVE-2024-7294

Progress Telerik Report Server (Progress) is affected by an HTTP DoS vulnerability on anonymous endpoints due to lack of rate limiting. The issue originates from uncontrolled resource consumption of anonymous requests, impacting availability. Affected versions are prior to 2024 Q3 (10.2.24.806). ...

7.5CVSS6.9AI score0.00312EPSS
CVE
CVEadded 2024/10/09 2:18 p.m.45 views

CVE-2024-8048

Progress Telerik Reporting (desktop/Standalone Report Designer) prior to 2024 Q3 (version 18.2.24.924) is affected by an insecure expression evaluation vulnerability that enables object injection and may allow code execution. The issue is documented as CVE-2024-8048; CVSS v3.1 base score 7.8 (HIG...

7.8CVSS8.2AI score0.00221EPSS
CVE
CVEadded 2024/05/15 4:56 p.m.35 views

CVE-2024-4200

Progress Telerik Reporting (prior to 2024 Q2; 18.1.24.2.514) is affected by an insecure deserialization vulnerability that can lead to code execution by a local attacker. The issue affects the remote Windows host running the product, with the root cause being insecure deserialization in the appli...

7.8CVSS7.1AI score0.00286EPSS
CVE
CVEadded 2024/05/15 4:58 p.m.31 views

CVE-2024-4357

Progress Telerik Report Server (versions 10.0.24.305 and earlier, i.e., 2024 Q1) suffers an XML External Entity Processing (XXE) information-disclosure vulnerability in the ValidateMetadaUri path. A low-privilege attacker could read system files; an authenticated context is required but may be by...

6.5CVSS6.1AI score0.007EPSS
CVE
CVEadded 2024/05/15 4:53 p.m.26 views

CVE-2024-4202

CVE-2024-4202 affects Progress Telerik Reporting versions prior to 2024 Q2 (18.1.24.514). The vulnerability is described as an insecure instantiation vulnerability that enables code execution. The CVE details in the provided documents indicate high impact (confidentiality, integrity, and availabi...

8.6CVSS7.2AI score0.00271EPSS