Vulnerabilities > Devexpress
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2025-04-28 | CVE-2023-35814 | Unspecified vulnerability in Devexpress DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms. | 9.8 |
2025-04-28 | CVE-2023-35815 | Unspecified vulnerability in Devexpress DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML data. | 9.8 |
2025-04-28 | CVE-2023-35816 | Incorrect Type Conversion or Cast vulnerability in Devexpress DevExpress before 23.1.3 allows arbitrary TypeConverter conversion. | 5.3 |
2025-04-28 | CVE-2023-35817 | Unspecified vulnerability in Devexpress DevExpress before 23.1.3 allows AsyncDownloader SSRF. | 9.8 |
2022-10-18 | CVE-2022-41479 | Authorization Bypass Through User-Controlled Key vulnerability in Devexpress Asp.Net web Forms Controls 19.2.3 The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. | 7.5 |
2022-08-03 | CVE-2022-28684 | Unspecified vulnerability in Devexpress 22.1.0 This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. | 8.8 |
2021-08-04 | CVE-2021-36483 | Deserialization of Untrusted Data vulnerability in Devexpress DevExpress.XtraReports.UI through v21.1 allows attackers to execute arbitrary code via insecure deserialization. | 8.8 |