Skip to main content

Devexpress

6 CVEs product

Monthly

CVE-2023-35817 MEDIUM This Month

DevExpress before 23.1.3 allows AsyncDownloader SSRF. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Devexpress
NVD
CVSS 3.1
5.0
EPSS
0.3%
CVE-2023-35816 LOW Monitor

DevExpress before 23.1.3 allows arbitrary TypeConverter conversion. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Devexpress
NVD
CVSS 3.1
3.5
EPSS
0.3%
CVE-2023-35815 LOW Monitor

DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML data. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Devexpress
NVD
CVSS 3.1
3.5
EPSS
0.2%
CVE-2023-35814 LOW Monitor

DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Devexpress
NVD
CVSS 3.1
3.5
EPSS
0.6%
CVE-2022-28684 HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Devexpress
NVD
CVSS 3.1
8.8
EPSS
2.6%
CVE-2021-36483 HIGH This Week

DevExpress.XtraReports.UI through v21.1 allows attackers to execute arbitrary code via insecure deserialization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Devexpress
NVD GitHub
CVSS 3.1
8.8
EPSS
2.9%
EPSS 0% CVSS 5.0
MEDIUM This Month

DevExpress before 23.1.3 allows AsyncDownloader SSRF. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Devexpress
NVD
EPSS 0% CVSS 3.5
LOW Monitor

DevExpress before 23.1.3 allows arbitrary TypeConverter conversion. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Information Disclosure Devexpress
NVD
EPSS 0% CVSS 3.5
LOW Monitor

DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML data. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Devexpress
NVD
EPSS 1% CVSS 3.5
LOW Monitor

DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.

Deserialization Devexpress
NVD
EPSS 3% CVSS 8.8
HIGH This Week

This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

RCE Deserialization Devexpress
NVD
EPSS 3% CVSS 8.8
HIGH This Week

DevExpress.XtraReports.UI through v21.1 allows attackers to execute arbitrary code via insecure deserialization. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Deserialization RCE Devexpress
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy