Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-12 | CVE-2024-11629 | Files or Directories Accessible to External Parties vulnerability in Progress Telerik Document Processing Libraries In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), using .NET Standard 2.0, the contents of a file at an arbitrary path can be exported to RTF. | 6.5 |
| 2025-02-12 | CVE-2025-1209 | Cross-site Scripting vulnerability in Anisha Wazifa System 1.0 A vulnerability classified as problematic has been found in code-projects Wazifa System 1.0. | 5.4 |
| 2025-02-12 | CVE-2025-1210 | SQL Injection vulnerability in Anisha Wazifa System 1.0 A vulnerability classified as critical was found in code-projects Wazifa System 1.0. | 8.8 |
| 2025-02-12 | CVE-2025-25742 | Out-of-bounds Write vulnerability in Dlink Dir-853 Firmware 1.20B07 D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the AccountPassword parameter in the SetSysEmailSettings module. | 9.8 |
| 2025-02-12 | CVE-2025-25743 | Command Injection vulnerability in Dlink Dir-853 Firmware 1.20B07 D-Link DIR-853 A1 FW1.20B07 was discovered to contain a command injection vulnerability in the SetVirtualServerSettings module. | 7.2 |
| 2025-02-12 | CVE-2025-25744 | Out-of-bounds Write vulnerability in Dlink Dir-853 Firmware 1.20B07 D-Link DIR-853 A1 FW1.20B07 was discovered to contain a stack-based buffer overflow vulnerability via the Password parameter in the SetDynamicDNSSettings module. | 9.8 |
| 2025-02-12 | CVE-2024-11343 | Path Traversal vulnerability in Progress Telerik Document Processing Libraries In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), unzipping an archive can lead to arbitrary file system access. | 8.8 |
| 2025-02-12 | CVE-2024-12629 | Unspecified vulnerability in Telerik Kendoreact In Progress® Telerik® KendoReact versions v3.5.0 through v9.4.0, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection. | 7.2 |
| 2025-02-12 | CVE-2025-0332 | Path Traversal vulnerability in Telerik UI for Winforms In Progress® Telerik® UI for WinForms, versions prior to 2025 Q1 (2025.1.211), using the improper limitation of a target path can lead to decompressing an archive's content into a restricted directory. | 9.8 |
| 2025-02-12 | CVE-2025-0556 | Cleartext Transmission of Sensitive Information vulnerability in Progress Telerik Report Server In Progress® Telerik® Report Server, versions prior to 2025 Q1 (11.0.25.211) when using the older .NET Framework implementation, communication of non-sensitive information between the service agent process and app host process occurs over an unencrypted tunnel, which can be subjected to local network traffic sniffing. | 6.5 |