Vulnerabilities > Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-09 | CVE-2024-8014 | Unsafe Reflection vulnerability in Progress Telerik Reporting 12.0.18.125 In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability. | 8.8 |
| 2024-10-09 | CVE-2024-8015 | Unsafe Reflection vulnerability in Progress Telerik Report Server In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability. | 7.2 |
| 2024-10-09 | CVE-2024-8048 | Unsafe Reflection vulnerability in Progress Telerik Reporting 12.0.18.125 In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation. | 7.8 |
| 2024-07-24 | CVE-2024-6096 | Unsafe Reflection vulnerability in Progress Telerik Reporting In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability. | 9.8 |
| 2024-01-30 | CVE-2023-6943 | Unsafe Reflection vulnerability in Mitsubishielectric products Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Mitsubishi Electric Corporation EZSocket versions 3.0 and later, GT Designer3 Version1(GOT1000) all versions, GT Designer3 Version1(GOT2000) all versions, GX Works2 versions 1.11M and later, GX Works3 versions 1.106L and prior, MELSOFT Navigator versions 1.04E and later, MT Works2 all versions, MX Component versions 4.00A and later and MX OPC Server DA/UA all versions allows a remote unauthenticated attacker to execute a malicious code by RPC with a path to a malicious library while connected to the products. | 9.8 |
| 2024-01-16 | CVE-2024-0200 | Unsafe Reflection vulnerability in Github Enterprise Server An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection. | 9.8 |
| 2023-07-05 | CVE-2023-37207 | Unsafe Reflection vulnerability in multiple products A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL. | 6.5 |
| 2023-06-06 | CVE-2023-33652 | Unsafe Reflection vulnerability in Sitecore Experience Platform 9.3 Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /sitecore/shell/Invoke.aspx. | 8.8 |
| 2023-06-05 | CVE-2023-34102 | Unsafe Reflection vulnerability in Avohq AVO Avo is an open source ruby on rails admin panel creation framework. | 8.8 |
| 2023-06-05 | CVE-2023-32217 | Unsafe Reflection vulnerability in Sailpoint Identityiq IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments or a Java constructor with a single Map argument in any Java class available in the IdentityIQ application classpath. | 8.8 |