Vulnerabilities > Progress > Telerik Reporting > 9.2.15.1105
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-02-12 | CVE-2024-6097 | Path Traversal vulnerability in Progress Telerik Reporting In Progress® Telerik® Reporting versions prior to 2025 Q1 (19.0.25.211), information disclosure is possible by a local threat actor through an absolute path vulnerability. | 5.3 |
| 2024-05-15 | CVE-2024-4200 | Deserialization of Untrusted Data vulnerability in Progress Telerik Reporting In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. | 7.8 |
| 2024-05-15 | CVE-2024-4202 | Code Injection vulnerability in Progress Telerik Reporting In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability. | 8.6 |
| 2024-05-15 | CVE-2024-4357 | XXE vulnerability in Progress Telerik Reporting An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing. | 6.5 |
| 2024-03-20 | CVE-2024-1801 | Deserialization of Untrusted Data vulnerability in Progress Telerik Reporting In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability. | 7.8 |
| 2024-03-20 | CVE-2024-1856 | Deserialization of Untrusted Data vulnerability in Progress Telerik Reporting In Progress® Telerik® Reporting versions prior to 2024 Q1 (18.0.24.130), a code execution attack is possible by a remote threat actor through an insecure deserialization vulnerability. | 8.8 |