Devexpress
Monthly
DevExpress before 23.1.3 allows AsyncDownloader SSRF. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
DevExpress before 23.1.3 allows arbitrary TypeConverter conversion. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.
DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML data. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.
DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
DevExpress.XtraReports.UI through v21.1 allows attackers to execute arbitrary code via insecure deserialization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
DevExpress before 23.1.3 allows AsyncDownloader SSRF. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
DevExpress before 23.1.3 allows arbitrary TypeConverter conversion. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.
DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML data. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.
DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
DevExpress.XtraReports.UI through v21.1 allows attackers to execute arbitrary code via insecure deserialization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.