CVE-2024-8015

HIGH Year: 2024
CVSS v3 Score
7.2
High
Weakness Type
CWE-470
View all →

Vulnerability Description

In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability.

Related Vulnerabilities

CVE-2018-5511

HIGH
CVSS:7.2(High)

On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, ...

CWE-4702018

CVE-2023-0460

HIGH
CVSS:7.3(High)

The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. After binding, a remote context is created with the flags Context.CONTEXT_INCLUDE_CODE | Context.CONTEXT_IGNORE_SECURITY. T...

CWE-4702023

CVE-2019-10174

HIGH
CVSS:7.5(High)

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's...

CWE-4702019

CVE-2025-2794

HIGH
CVSS:7.5(High)

An unsafe reflection vulnerability in Kentico Xperience allows an unauthenticated attacker to kill the current process, leading to a Denial-of-Service condition. This issue affects Xperience: through ...

CWE-4702025

CVE-2025-31119

HIGH
CVSS:7.6(High)

generator-jhipster-entity-audit is a JHipster module to enable entity audit and audit log page. Prior to 5.9.1, generator-jhipster-entity-audit allows unsafe reflection when having Javers selected as ...

CWE-4702025

CVE-2024-1574

MEDIUM
CVSS:6.7(Medium)

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in the licensing feature of ICONICS GENESIS64 versions 10.97 to 10.97.2, Mitsubishi Electric GENESIS64 ...

CWE-4702024