progress
261 tracked vulnerabilities.
CVE-2026-8801
LOW
File Extension Restriction Bypass in MOVEit Transfer
Jul 08, 2026
CVSS 3.5
EPSS 0.00
CVE-2026-8800
LOW
Cross-Org External Token Metadata accessible to AuditUser role
Jul 08, 2026
CVSS 2.7
EPSS 0.00
CVE-2026-8651
LOW
IPv6 Loopback Spoof via Trusted Host Header Bypasses Origin Check in MOVEit Transfer
Jul 08, 2026
CVSS 3.7
EPSS 0.00
CVE-2026-8650
MEDIUM
Authenticated Path Traversal allows MOVEit admins to view arbitrary system files
Jul 08, 2026
CVSS 4.5
EPSS 0.00
CVE-2026-8649
MEDIUM
Progress MOVEit Transfer Custom Reports - Data Query Logic Injection
Jul 08, 2026
CVSS 6.4
EPSS 0.00
CVE-2026-11903
HIGH
Stored XSS in MOVEit Transfer Ad Hoc module
Jul 08, 2026
CVSS 8.0
EPSS 0.00
CVE-2026-10699
HIGH
Memory leak in SFTP service can result in a denial of service in MOVEit Transfer
Jul 08, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-10698
HIGH
Progress MOVEit Transfer Custom Reports - Query Logic Injection
Jul 08, 2026
CVSS 7.2
EPSS 0.00
CVE-2026-9272
HIGH
Possibility of unintended database operations when querying data related to detected anomalies in Progress Flowmon ADS
Jul 02, 2026
CVSS 8.1
EPSS 0.00
CVE-2026-8079
HIGH
Progress Flowmon < 12.5.9/13.0.11 - Authenticated Unauthorized Actions via PDF Generation
Jul 02, 2026
CVSS 7.3
EPSS 0.00
CVE-2026-8037
CRITICAL
NUCLEI
Progress ADC Products - Unauthenticated OS Command Injection
Jun 04, 2026
CVSS 9.6
EPSS 0.30
CVE-2026-7313
HIGH
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity
Jun 02, 2026
CVSS 8.7
EPSS 0.00
CVE-2026-7312
CRITICAL
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity
Jun 02, 2026
CVSS 10.0
EPSS 0.00
CVE-2026-7201
HIGH
CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity
Jun 02, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-7198
CRITICAL
CWE-284: Improper Access Control in web services in Progress Sitefinity
Jun 02, 2026
CVSS 9.8
EPSS 0.00
CVE-2026-7195
HIGH
CWE-20: Improper Input Validation in web services in Progress Sitefinity
Jun 02, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-8488
MEDIUM
Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation
May 20, 2026
CVSS 4.3
EPSS 0.00
CVE-2026-8487
MEDIUM
Incorrect default permissions vulnerability in Progress Software MOVEit Automation
May 20, 2026
CVSS 6.5
EPSS 0.00
CVE-2026-8486
MEDIUM
Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation
May 20, 2026
CVSS 5.3
EPSS 0.00
CVE-2026-8485
MEDIUM
Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation
May 20, 2026
CVSS 5.9
EPSS 0.00
CVE-2026-5174
HIGH
Improper Access Control Vulnerability in Progress MOVEit Automation
Apr 30, 2026
CVSS 7.7
EPSS 0.03
CVE-2026-4670
CRITICAL
Improper Authentication vulnerability in Progress MOVEit Automation
Apr 30, 2026
CVSS 9.8
EPSS 0.06
CVE-2026-6023
HIGH
Deserialization of Untrusted Data Vulnerability in Telerik UI for ASP.NET AJAX
Apr 22, 2026
CVSS 8.1
EPSS 0.01
CVE-2026-6022
HIGH
Uncontrolled Resource Consumption Vulnerability in Telerik UI for ASP.NET AJAX
Apr 22, 2026
CVSS 7.5
EPSS 0.00
CVE-2026-4048
HIGH
Progress LoadMaster WAF Rule Upload - Authenticated Command Injection RCE
Apr 20, 2026
CVSS 8.4
EPSS 0.02
Products
whatsup_gold 56
moveit_transfer 33
ws_ftp_server 28
sitefinity 24
loadmaster 21
telerik_reporting 14
openedge 12
MOVEit Transfer 9
moveit_automation 8
telerik_ui_for_asp.net_ajax 8
ecs_connection_manager 7
multi-tenant_loadmaster 7
telerik_report_server 7
connection_manager_for_objectscale 6
progress 5
sitefinity_cms 5
flowmon 4
telerik_document_processing_libraries 3
telerik_ui_for_winforms 3
DataDirect Connect for JDBC Autonomous REST Connector 2
DataDirect Connect for JDBC for Amazon Redshift 2
DataDirect Connect for JDBC for Apache Cassandra 2
DataDirect Connect for JDBC for Apache Impala 2
DataDirect Connect for JDBC for Apache SparkSQL 2
DataDirect Connect for JDBC for DB2 2
DataDirect Connect for JDBC for Google Analytics 4 2
DataDirect Connect for JDBC for Google BigQuery 2
DataDirect Connect for JDBC for Greenplum 2
DataDirect Connect for JDBC for Hive 2
DataDirect Connect for JDBC for Informix 2
Quick Filters