GCVE - cpe:2.3:a:progress:telerik_ui_for_winforms:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:progress:telerik_ui_for_winforms:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Progress (`f9d80521-f73f-5a85-8df9-9306f2f67809`)
Product	Telerik Ui For Winforms (`cea5b74e-2372-5e82-9e06-9ece84a20cc1`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-0332`	vulnerable	2026-06-03 14:58:32.068266	Progress UI for WinForms decompression path traversal vulnerability HIGH (7.8) In Progress® Telerik® UI for WinForms, versions prior to 2025 Q1 (2025.1.211), using the improper limitation of a target path can lead to decompressing an archive's content into a restricted directory. Published: 2025-02-12T15:15:31.166Z Updated: 2025-02-12T15:31:36.602Z Open on db.gcve.eu Reference links https://docs.telerik.com/devtools/winforms/knowledge-base/kb-security-path-traversal-cve-2025-0332	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-3892`	vulnerable	2026-06-03 14:56:32.296295	Local code execution vulnerability in Telerik UI for WinForms HIGH (7.2) A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute arbitrary code on the local Windows system. Published: 2024-05-15T16:43:36.426Z Updated: 2024-08-01T20:26:57.172Z Open on db.gcve.eu Reference links https://docs.telerik.com/devtools/winforms/knowledge-base/local-code-execution-vulnerability-cve-2024-3892	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2024-10013`	vulnerable	2026-06-03 14:54:04.696651	Progress UI for WinForms format provider unsafe deserialization vulnerability HIGH (7.8) In Progress Telerik UI for WinForms versions prior to 2024 Q4 (2024.4.1113), a code execution attack is possible through an insecure deserialization vulnerability. Published: 2024-11-13T15:17:07.237Z Updated: 2024-11-13T19:43:38.067Z Open on db.gcve.eu Reference links https://docs.telerik.com/devtools/winforms/knowledge-base/unsafe-deserialization-cve-2024-10013	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.