progress

261 tracked vulnerabilities.

CVE-2026-8801 LOW
File Extension Restriction Bypass in MOVEit Transfer
Jul 08, 2026
CVSS 3.5
EPSS 0.00
CVE-2026-8800 LOW
Cross-Org External Token Metadata accessible to AuditUser role
Jul 08, 2026
CVSS 2.7
EPSS 0.00
CVE-2026-8651 LOW
IPv6 Loopback Spoof via Trusted Host Header Bypasses Origin Check in MOVEit Transfer
Jul 08, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-8650 MEDIUM
Authenticated Path Traversal allows MOVEit admins to view arbitrary system files
Jul 08, 2026
CVSS 4.5
EPSS 0.00
CVE-2026-8649 MEDIUM
Progress MOVEit Transfer Custom Reports - Data Query Logic Injection
Jul 08, 2026
CVSS 6.4
EPSS 0.00
CVE-2026-11903 HIGH
Stored XSS in MOVEit Transfer Ad Hoc module
Jul 08, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-10699 HIGH
Memory leak in SFTP service can result in a denial of service in MOVEit Transfer
Jul 08, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-10698 HIGH
Progress MOVEit Transfer Custom Reports - Query Logic Injection
Jul 08, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-9272 HIGH
Possibility of unintended database operations when querying data related to detected anomalies in Progress Flowmon ADS
Jul 02, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-8079 HIGH
Progress Flowmon < 12.5.9/13.0.11 - Authenticated Unauthorized Actions via PDF Generation
Jul 02, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-8037 CRITICAL NUCLEI
Progress ADC Products - Unauthenticated OS Command Injection
Jun 04, 2026
CVSS 9.6
EPSS 0.30
CVE-2026-7313 HIGH
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity
Jun 02, 2026
CVSS 8.7
EPSS 0.00
CVE-2026-7312 CRITICAL
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity
Jun 02, 2026
CVSS 10.0
EPSS 0.00
CVE-2026-7201 HIGH
CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity
Jun 02, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-7198 CRITICAL
CWE-284: Improper Access Control in web services in Progress Sitefinity
Jun 02, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-7195 HIGH
CWE-20: Improper Input Validation in web services in Progress Sitefinity
Jun 02, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-8488 MEDIUM
Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation
May 20, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-8487 MEDIUM
Incorrect default permissions vulnerability in Progress Software MOVEit Automation
May 20, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-8486 MEDIUM
Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation
May 20, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-8485 MEDIUM
Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation
May 20, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-5174 HIGH
Improper Access Control Vulnerability in Progress MOVEit Automation
Apr 30, 2026
CVSS 7.7
EPSS 0.03
CVE-2026-4670 CRITICAL
Improper Authentication vulnerability in Progress MOVEit Automation
Apr 30, 2026
CVSS 9.8
EPSS 0.06
CVE-2026-6023 HIGH
Deserialization of Untrusted Data Vulnerability in Telerik UI for ASP.NET AJAX
Apr 22, 2026
CVSS 8.1
EPSS 0.01
CVE-2026-6022 HIGH
Uncontrolled Resource Consumption Vulnerability in Telerik UI for ASP.NET AJAX
Apr 22, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-4048 HIGH
Progress LoadMaster WAF Rule Upload - Authenticated Command Injection RCE
Apr 20, 2026
CVSS 8.4
EPSS 0.02