Vulnerabilities > Devexpress

DATE	CVE	VULNERABILITY TITLE	RISK
2025-04-28	CVE-2023-35814	Unspecified vulnerability in Devexpress DevExpress before 23.1.3 does not properly protect XtraReport serialized data in ASP.NET web forms. network low complexity devexpress critical	9.8
2025-04-28	CVE-2023-35815	Unspecified vulnerability in Devexpress DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML data. network low complexity devexpress critical	9.8
2025-04-28	CVE-2023-35816	Incorrect Type Conversion or Cast vulnerability in Devexpress DevExpress before 23.1.3 allows arbitrary TypeConverter conversion. network low complexity devexpress CWE-704	5.3
2025-04-28	CVE-2023-35817	Unspecified vulnerability in Devexpress DevExpress before 23.1.3 allows AsyncDownloader SSRF. network low complexity devexpress critical	9.8
2022-10-18	CVE-2022-41479	Authorization Bypass Through User-Controlled Key vulnerability in Devexpress Asp.Net web Forms Controls 19.2.3 The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. network low complexity devexpress CWE-639	7.5
2022-08-03	CVE-2022-28684	Unspecified vulnerability in Devexpress 22.1.0 This vulnerability allows remote attackers to execute arbitrary code on affected installations of DevExpress. network low complexity devexpress	8.8
2021-08-04	CVE-2021-36483	Deserialization of Untrusted Data vulnerability in Devexpress DevExpress.XtraReports.UI through v21.1 allows attackers to execute arbitrary code via insecure deserialization. network low complexity devexpress CWE-502	8.8

Vulnerabilities > Devexpress {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Devexpress"}]}

Vulnerabilities > Devexpress