In Progress Telerik UI for WinForms versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements.
https://docs.telerik.com/devtools/winforms/knowledge-base/command-injection-cve-2024-7679