Vulnerabilities > Devexpress

DATE CVE VULNERABILITY TITLE RISK
2025-04-28 CVE-2023-35814 Unspecified vulnerability in Devexpress
DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms.
network
low complexity
devexpress
critical
9.8
2025-04-28 CVE-2023-35815 Unspecified vulnerability in Devexpress
DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML data.
network
low complexity
devexpress
critical
9.8
2025-04-28 CVE-2023-35816 Incorrect Type Conversion or Cast vulnerability in Devexpress
DevExpress before 23.1.3 allows arbitrary TypeConverter conversion.
network
low complexity
devexpress CWE-704
5.3
2025-04-28 CVE-2023-35817 Unspecified vulnerability in Devexpress
DevExpress before 23.1.3 allows AsyncDownloader SSRF.
network
low complexity
devexpress
critical
9.8
2022-10-18 CVE-2022-41479 Authorization Bypass Through User-Controlled Key vulnerability in Devexpress Asp.Net web Forms Controls 19.2.3
The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter.
network
low complexity
devexpress CWE-639
7.5
2022-08-03 CVE-2022-28684 Unspecified vulnerability in Devexpress 22.1.0
This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress.
network
low complexity
devexpress
8.8
2021-08-04 CVE-2021-36483 Deserialization of Untrusted Data vulnerability in Devexpress
DevExpress.XtraReports.UI through v21.1 allows attackers to execute arbitrary code via insecure deserialization.
network
low complexity
devexpress CWE-502
8.8