CVE-2025-2794

HIGH Year: 2025
CVSS v3 Score
7.5
High
Weakness Type
CWE-470
View all →

Vulnerability Description

An unsafe reflection vulnerability in Kentico Xperience allows an unauthenticated attacker to kill the current process, leading to a Denial-of-Service condition. This issue affects Xperience: through 13.0.180.

Related Vulnerabilities

CVE-2019-10174

HIGH
CVSS:7.5(High)

A vulnerability was found in Infinispan such that the invokeAccessibly method from the public class ReflectionUtil allows any application class to invoke private methods in any class with Infinispan's...

CWE-4702019

CVE-2025-31119

HIGH
CVSS:7.6(High)

generator-jhipster-entity-audit is a JHipster module to enable entity audit and audit log page. Prior to 5.9.1, generator-jhipster-entity-audit allows unsafe reflection when having Javers selected as ...

CWE-4702025

CVE-2023-0460

HIGH
CVSS:7.3(High)

The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. After binding, a remote context is created with the flags Context.CONTEXT_INCLUDE_CODE | Context.CONTEXT_IGNORE_SECURITY. T...

CWE-4702023

CVE-2018-5511

HIGH
CVSS:7.2(High)

On F5 BIG-IP 13.1.0-13.1.0.3 or 13.0.0, when authenticated administrative users execute commands in the Traffic Management User Interface (TMUI), also referred to as the BIG-IP Configuration utility, ...

CWE-4702018

CVE-2022-26469

HIGH
CVSS:7.8(High)

In MtkEmail, there is a possible escalation of privilege due to fragment injection. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is...

CWE-4702022

CVE-2024-8015

HIGH
CVSS:7.2(High)

In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability.

CWE-4702024