Vulnerabilities > Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-09 | CVE-2024-8014 | Unsafe Reflection vulnerability in Progress Telerik Reporting 12.0.18.125 In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability. | 8.8 |
2024-10-09 | CVE-2024-8015 | Unsafe Reflection vulnerability in Progress Telerik Report Server In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability. | 7.2 |
2024-10-09 | CVE-2024-8048 | Unsafe Reflection vulnerability in Progress Telerik Reporting 12.0.18.125 In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation. | 7.8 |
2024-07-24 | CVE-2024-6096 | Unsafe Reflection vulnerability in Progress Telerik Reporting In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability. | 9.8 |
2024-01-16 | CVE-2024-0200 | Unsafe Reflection vulnerability in Github Enterprise Server An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. | 9.8 |
2023-07-05 | CVE-2023-37207 | Unsafe Reflection vulnerability in multiple products A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. | 6.5 |
2023-06-06 | CVE-2023-33652 | Unsafe Reflection vulnerability in Sitecore Experience Platform 9.3 Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /sitecore/shell/Invoke.aspx. | 8.8 |
2023-06-05 | CVE-2023-34102 | Unsafe Reflection vulnerability in Avohq AVO Avo is an open source ruby on rails admin panel creation framework. | 8.8 |
2023-06-05 | CVE-2023-32217 | Unsafe Reflection vulnerability in Sailpoint Identityiq IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments or a Java constructor with a single Map argument in any Java class available in the IdentityIQ application classpath. | 8.8 |
2023-03-01 | CVE-2023-0460 | Unsafe Reflection vulnerability in Google Youtube Android Player API 1.2/1.2.2 The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App. | 7.3 |