progress

244 tracked vulnerabilities.

CVE-2026-8488 MEDIUM
Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation
May 20, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-8487 MEDIUM
Incorrect default permissions vulnerability in Progress Software MOVEit Automation
May 20, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-8486 MEDIUM
Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation
May 20, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-8485 MEDIUM
Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation
May 20, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-5174 HIGH
Improper Access Control Vulnerability in Progress MOVEit Automation
Apr 30, 2026
CVSS 7.7
EPSS 0.00
CVE-2026-4670 CRITICAL
Improper Authentication vulnerability in Progress MOVEit Automation
Apr 30, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-6023 HIGH
Deserialization of Untrusted Data Vulnerability in Telerik UI for ASP.NET AJAX
Apr 22, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-6022 HIGH
Uncontrolled Resource Consumption Vulnerability in Telerik UI for ASP.NET AJAX
Apr 22, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-4048 HIGH
Progress LoadMaster WAF Rule Upload - Authenticated Command Injection RCE
Apr 20, 2026
CVSS 8.4
EPSS 0.00
CVE-2026-3519 HIGH
Progress LoadMaster aclcontrol API - Authenticated Command Injection RCE
Apr 20, 2026
CVSS 8.4
EPSS 0.00
CVE-2026-3518 HIGH
Progress LoadMaster killsession API - Authenticated Command Injection RCE
Apr 20, 2026
CVSS 8.4
EPSS 0.00
CVE-2026-3517 HIGH
Progress LoadMaster addcountry API - Authenticated Command Injection RCE
Apr 20, 2026
CVSS 8.4
EPSS 0.00
CVE-2026-3692 HIGH
Unintended command execution during report generation in Progress Flowmon
Apr 02, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-2737 MEDIUM
Possibility of unintended actions when an administrator clicks a malicious link in the Progress Flowmon web application
Apr 02, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-2701 CRITICAL
RCE vulnerability in Progress ShareFile Storage Zones Controller (SZC)
Apr 02, 2026
CVSS 9.1
EPSS 0.01
CVE-2026-2699 CRITICAL NUCLEI
EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC)
Apr 02, 2026
CVSS 9.8
EPSS 0.42
CVE-2026-2878 MEDIUM
Progress Telerik UI for AJAX <2026.1.225 - Info Disclosure
Feb 25, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-13447 HIGH
Progress LoadMaster < 7.2.54.16 and < 7.2.62.2 - Authenticated Remote Code Execution via API Input Parameter
Jan 13, 2026
CVSS 8.4
EPSS 0.00
CVE-2025-13444 HIGH
Progress LoadMaster < 7.2.62.2 - Authenticated OS Command Injection via API Input Parameters
Jan 13, 2026
CVSS 8.4
EPSS 0.00
CVE-2025-13774 HIGH
Progress Flowmon ADS < 12.5.4 - Authenticated SQL Injection
Jan 13, 2026
CVSS 8.8
EPSS 0.00
CVE-2025-11235 LOW
Progress MOVEit Transfer <2023.1.3-2022.0.10 - Unverified Password ...
Jan 07, 2026
CVSS 3.7
EPSS 0.00
CVE-2025-13147 MEDIUM
Progress MOVEit Transfer < 2024.1.8, 2025.0.0-2025.0.3 - Server-Side Request Forgery
Nov 19, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-10703 HIGH
Progress DataDirect - Code Injection
Nov 19, 2025
EPSS 0.00
CVE-2025-10702 HIGH
Progress DataDirect - Code Injection
Nov 19, 2025
EPSS 0.00
CVE-2025-10932 HIGH
Progress MOVEit Transfer - Uncontrolled Resource Consumption
Oct 29, 2025
CVSS 8.2
EPSS 0.00
Products
whatsup_gold 56 ws_ftp_server 28 moveit_transfer 25 loadmaster 19 sitefinity 19 telerik_reporting 14 openedge 12 moveit_automation 8 telerik_ui_for_asp.net_ajax 8 multi-tenant_loadmaster 7 telerik_report_server 7 ecs_connection_manager 6 connection_manager_for_objectscale 5 progress 5 sitefinity_cms 5 flowmon 3 telerik_document_processing_libraries 3 telerik_ui_for_winforms 3 DataDirect Connect for JDBC Autonomous REST Connector 2 DataDirect Connect for JDBC for Amazon Redshift 2 DataDirect Connect for JDBC for Apache Cassandra 2 DataDirect Connect for JDBC for Apache Impala 2 DataDirect Connect for JDBC for Apache SparkSQL 2 DataDirect Connect for JDBC for DB2 2 DataDirect Connect for JDBC for Google Analytics 4 2 DataDirect Connect for JDBC for Google BigQuery 2 DataDirect Connect for JDBC for Greenplum 2 DataDirect Connect for JDBC for Hive 2 DataDirect Connect for JDBC for Informix 2 DataDirect Connect for JDBC for Microsoft Dynamics 365 2
Quick Filters
Critical CVEs With Exploits In CISA KEV