Vulnerabilities > Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

DATE CVE VULNERABILITY TITLE RISK
2024-10-09 CVE-2024-8014 Unsafe Reflection vulnerability in Progress Telerik Reporting 12.0.18.125
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability.
network
low complexity
progress CWE-470
8.8
2024-10-09 CVE-2024-8015 Unsafe Reflection vulnerability in Progress Telerik Report Server
In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability.
network
low complexity
progress CWE-470
7.2
2024-10-09 CVE-2024-8048 Unsafe Reflection vulnerability in Progress Telerik Reporting 12.0.18.125
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation.
local
low complexity
progress CWE-470
7.8
2024-07-24 CVE-2024-6096 Unsafe Reflection vulnerability in Progress Telerik Reporting
In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability.
network
low complexity
progress CWE-470
critical
9.8
2024-01-16 CVE-2024-0200 Unsafe Reflection vulnerability in Github Enterprise Server
An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead to reflection injection.
network
low complexity
github CWE-470
critical
9.8
2023-07-05 CVE-2023-37207 Unsafe Reflection vulnerability in multiple products
A website could have obscured the fullscreen notification by using a URL with a scheme handled by an external program, such as a mailto URL.
network
low complexity
mozilla debian CWE-470
6.5
2023-06-06 CVE-2023-33652 Unsafe Reflection vulnerability in Sitecore Experience Platform 9.3
Sitecore Experience Platform (XP) v9.3 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the component /sitecore/shell/Invoke.aspx.
network
low complexity
sitecore CWE-470
8.8
2023-06-05 CVE-2023-34102 Unsafe Reflection vulnerability in Avohq AVO
Avo is an open source ruby on rails admin panel creation framework.
network
low complexity
avohq CWE-470
8.8
2023-06-05 CVE-2023-32217 Unsafe Reflection vulnerability in Sailpoint Identityiq
IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p3, IdentityIQ 8.2 and all 8.2 patch levels prior to 8.2p6, IdentityIQ 8.1 and all 8.1 patch levels prior to 8.1p7, IdentityIQ 8.0 and all 8.0 patch levels prior to 8.0p6 allow an authenticated user to invoke a Java constructor with no arguments or a Java constructor with a single Map argument in any Java class available in the IdentityIQ application classpath.
network
low complexity
sailpoint CWE-470
8.8
2023-03-01 CVE-2023-0460 Unsafe Reflection vulnerability in Google Youtube Android Player API 1.2/1.2.2
The YouTube Embedded 1.2 SDK binds to a service within the YouTube Main App.
local
low complexity
google CWE-470
7.3