cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-7840,https://securityvulnerability.io/vulnerability/CVE-2024-7840,Improper neutralization special element in hyperlinks,"In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a serious command injection vulnerability is introduced due to the improper neutralization of hyperlink elements. This flaw can allow an attacker to execute arbitrary commands on the server by exploiting vulnerable processing of link inputs. To mitigate potential risks, it is essential for users to update to the latest version of Telerik Reporting and follow security best practices to protect their applications.",Progress Software,Telerik Reporting,7.8,HIGH,0.0005300000193528831,false,false,false,false,,false,false,2024-10-09T15:15:00.000Z,0
CVE-2024-6096,https://securityvulnerability.io/vulnerability/CVE-2024-6096,Insecure Type Resolution Vulnerability Affects Telerik Reporting,"A code execution vulnerability exists in Progress Telerik Reporting versions prior to 18.1.24.709 due to an insecure type resolution mechanism. This flaw allows attackers to exploit object injection vulnerabilities, potentially leading to unauthorized code execution within the affected system. Organizations utilizing earlier versions of Telerik Reporting are at risk and should prioritize updating to mitigate this threat.",Progress Software,Telerik Reporting,9.8,CRITICAL,0.000910000002477318,false,false,false,false,,false,false,2024-07-24T14:00:19.107Z,0
CVE-2024-6327,https://securityvulnerability.io/vulnerability/CVE-2024-6327,Remote Code Execution Vulnerability in Telerik Report Server,"In Progress Telerik Report Server, a vulnerability exists due to insecure deserialization processes, allowing attackers to potentially execute arbitrary code remotely. This issue affects versions released prior to 2024 Q2 (10.1.24.709), which may enable malicious users to manipulate serialized data, leading to unauthorized actions and system compromise. Organizations utilizing this software are advised to update to the latest version to mitigate the risks associated with this vulnerability.",Progress Software,Telerik Report Server,9.8,CRITICAL,0.0007099999929778278,false,true,false,true,,true,false,2024-07-24T13:57:07.165Z,6110
CVE-2024-4358,https://securityvulnerability.io/vulnerability/CVE-2024-4358,Unauthenticated Attacker Can Gain Access to Restricted Functionality via Authentication Bypass Vulnerability in Telerik Report Server,"An authentication bypass vulnerability exists in Progress Telerik Report Server, specifically in versions prior to 2024 Q1 (10.0.24.305) deployed on IIS. This issue permits unauthenticated attackers to access restricted features of the Telerik Report Server, compromising the security and privacy of sensitive data. Attackers exploiting this vulnerability can perform unauthorized actions that should otherwise be restricted to authenticated users, significantly undermining the integrity of the server's operations.",Progress Software,Telerik Report Server,9.8,CRITICAL,0.9172800183296204,true,true,true,true,true,true,true,2024-05-29T14:51:21.612Z,13759
CVE-2024-4837,https://securityvulnerability.io/vulnerability/CVE-2024-4837,Unauthenticated Attacker Can Gain Access to Restricted Functionality via Trust Boundary Violation Vulnerability in Telerik Report Server,"In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability.",Progress Software,Telerik Report Server,5.3,MEDIUM,0.0004299999854993075,false,false,false,false,,false,false,2024-05-15T17:04:05.705Z,0
CVE-2024-4357,https://securityvulnerability.io/vulnerability/CVE-2024-4357,Low-Privilege Attacker Can Read Systems Files via XML External Entity Processing Vulnerability,"An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing.",Progress Software,Telerik Report Server,6.5,MEDIUM,0.0006500000017695129,false,false,false,false,,false,false,2024-05-15T16:58:31.306Z,0
CVE-2024-4200,https://securityvulnerability.io/vulnerability/CVE-2024-4200,Insecure Deserialization Vulnerability Affects Telerik Reporting Prior to 2024 Q2,"An insecure deserialization vulnerability exists in Progress Telerik Reporting, specifically in versions released prior to 2024 Q2 (18.1.24.2.514). This vulnerability can be exploited by a local threat actor to execute arbitrary code, posing a significant risk to data integrity and system security. Proper validation mechanisms are crucial to mitigate potential threats associated with this issue.",Progress Software,Telerik Reporting,7.7,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-05-15T16:56:25.177Z,0
CVE-2024-4202,https://securityvulnerability.io/vulnerability/CVE-2024-4202,Insecure Instantiation Vulnerability in Telerik Reporting Prior to 2024 Q2,"An insecure instantiation vulnerability has been identified in Progress Telerik Reporting, allowing potential attackers to execute arbitrary code. This vulnerability affects all versions prior to 2024 Q2 (18.1.24.514). Organizations using affected versions of Telerik Reporting should prioritize the implementation of the latest updates and security patches to mitigate the risk of exploitation.",Progress Software,Telerik Reporting,7.7,HIGH,0.0004299999854993075,false,false,false,false,,false,false,2024-05-15T16:53:30.262Z,0
CVE-2024-1856,https://securityvulnerability.io/vulnerability/CVE-2024-1856,Remote Code Execution Vulnerability in Telerik Reporting Prior to 2024 Q1,"A code execution vulnerability exists in Progress Telerik Reporting due to insecure deserialization, allowing a remote attacker to execute arbitrary code on the server. This risk is present in all versions prior to 2024 Q1 (18.0.24.130), potentially compromising application integrity. Urgent remediation is required to mitigate risks associated with this security flaw.",Progress Software,Telerik Reporting,8.5,HIGH,0.0004600000102072954,false,true,false,false,,false,false,2024-03-20T13:13:51.409Z,0
CVE-2024-1801,https://securityvulnerability.io/vulnerability/CVE-2024-1801,Telerik Reporting at Risk of Code Execution Attack Due to Insecure Deserialization Vulnerability,"The vulnerability identified in Progress Telerik Reporting prior to the 2024 Q1 release (version 18.0.24.130) poses a significant risk due to insecure deserialization. This weakness enables local attackers to exploit the system by potentially executing arbitrary code, leveraging the deserialize mechanism inappropriately. Organizations utilizing affected versions should be aware of the inherent risks and apply necessary security measures to mitigate the threat.",Progress Software,Telerik Reporting,7.7,HIGH,0.0004600000102072954,false,true,false,true,,false,false,2024-03-20T13:12:34.826Z,0
CVE-2024-1800,https://securityvulnerability.io/vulnerability/CVE-2024-1800,Remote Code Execution Vulnerability in Telerik Report Server,"The CVE-2024-1800 vulnerability is a critical remote code execution flaw found in the Progress Telerik Report Server, a widely used business reporting solution. This flaw allows attackers to execute malicious code remotely on affected systems, potentially leading to severe consequences such as data theft, malware installation, or disruption of critical business operations. All versions of the Progress Telerik Report Server before 2024 Q1 (10.0.24.130) are vulnerable to this exploit. Progress Telerik has released a fix in Report Server version 2024 Q1 (10.0.24.305) and organizations using Telerik Report Server are urged to update as soon as possible to address this security flaw.",Progress Software,Telerik Report Server,9.9,CRITICAL,0.0004600000102072954,false,true,false,false,,false,false,2024-03-20T13:11:41.461Z,0
CVE-2024-0832,https://securityvulnerability.io/vulnerability/CVE-2024-0832,Privilege Elevation via Telerik Reporting Installer,"A privilege elevation vulnerability exists in the installer component of Telerik Reporting, affecting versions prior to 2024 R1. In environments with an existing installation of Telerik Reporting, a lower-privileged user can manipulate the installation package to gain elevated privileges on the underlying operating system. This vulnerability poses a significant risk, allowing unauthorized access to system resources and potentially compromising sensitive information, necessitating immediate attention from users and administrators of affected versions.",Progress Software,Telerik Reporting,7.8,HIGH,0.0006099999882280827,false,false,false,false,,false,false,2024-01-31T15:14:44.556Z,0