Progress Software Telerik Ui For Wpf vulnerabilities
5 known vulnerabilities affecting progress_software/telerik_ui_for_wpf.
Total CVEs
5
CISA KEV
0
Public exploits
0
Exploited in wild
3
Severity breakdown
CRITICAL3HIGH2
Vulnerabilities
Page 1 of 1
CVE-2024-7575P1CRITICALCVSS 9.8Exploited≥ 2011.3.1116, < 2024.3.9242024-09-25
CVE-2024-7575 [CRITICAL] CWE-77 CVE-2024-7575: In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a command injection attack is
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements.
nvd
CVE-2024-7576P1CRITICALCVSS 9.8Exploited≥ 2011.1.315, < 2024.3.9242024-09-25
CVE-2024-7576 [CRITICAL] CWE-502 CVE-2024-7576: In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is po
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability.
nvd
CVE-2024-8316P2HIGHCVSS 7.8Exploited≥ 2011.1.315, < 2024.3.9242024-09-25
CVE-2024-8316 [HIGH] CWE-502 CVE-2024-8316: In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is po
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability.
nvd
CVE-2024-10095P2CRITICALCVSS 9.8fixed in 2024.4.12132024-12-16
CVE-2024-10095 [CRITICAL] CWE-502 CVE-2024-10095: In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is p
In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability.
nvd
CVE-2024-10012P3HIGHCVSS 7.8≥ 2011.1.315, < 2024.4.11112024-11-13
CVE-2024-10012 [HIGH] CWE-502 CVE-2024-10012: In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1111), a code execution attack is p
In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1111), a code execution attack is possible through an insecure deserialization vulnerability.
nvd