progress

261 tracked vulnerabilities.

CVE-2026-3519 HIGH
Progress LoadMaster aclcontrol API - Authenticated Command Injection RCE
Apr 20, 2026
CVSS 8.4
EPSS 0.02
CVE-2026-3518 HIGH
Progress LoadMaster killsession API - Authenticated Command Injection RCE
Apr 20, 2026
CVSS 8.4
EPSS 0.03
CVE-2026-3517 HIGH
Progress LoadMaster addcountry API - Authenticated Command Injection RCE
Apr 20, 2026
CVSS 8.4
EPSS 0.18
CVE-2026-3692 HIGH
Unintended command execution during report generation in Progress Flowmon
Apr 02, 2026
CVSS 8.8
EPSS 0.00
CVE-2026-2737 MEDIUM
Possibility of unintended actions when an administrator clicks a malicious link in the Progress Flowmon web application
Apr 02, 2026
CVSS 6.1
EPSS 0.00
CVE-2026-2701 CRITICAL
RCE vulnerability in Progress ShareFile Storage Zones Controller (SZC)
Apr 02, 2026
CVSS 9.1
EPSS 0.49
CVE-2026-2699 CRITICAL NUCLEI
EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC)
Apr 02, 2026
CVSS 9.8
EPSS 0.49
CVE-2026-2878 MEDIUM
Progress Telerik UI for AJAX <2026.1.225 - Info Disclosure
Feb 25, 2026
CVSS 5.3
EPSS 0.00
CVE-2025-13447 HIGH
Progress LoadMaster < 7.2.54.16 and < 7.2.62.2 - Authenticated Remote Code Execution via API Input Parameter
Jan 13, 2026
CVSS 8.4
EPSS 0.25
CVE-2025-13444 HIGH
Progress LoadMaster < 7.2.62.2 - Authenticated OS Command Injection via API Input Parameters
Jan 13, 2026
CVSS 8.4
EPSS 0.25
CVE-2025-13774 HIGH
Progress Flowmon ADS < 12.5.4 - Authenticated SQL Injection
Jan 13, 2026
CVSS 8.8
EPSS 0.00
CVE-2025-11235 LOW
Progress MOVEit Transfer <2023.1.3-2022.0.10 - Unverified Password ...
Jan 07, 2026
CVSS 3.7
EPSS 0.00
CVE-2025-13147 MEDIUM
Progress MOVEit Transfer < 2024.1.8, 2025.0.0-2025.0.3 - Server-Side Request Forgery
Nov 19, 2025
CVSS 5.3
EPSS 0.00
CVE-2025-10703 HIGH
Progress DataDirect - Code Injection
Nov 19, 2025
EPSS 0.00
CVE-2025-10702 HIGH
Progress DataDirect - Code Injection
Nov 19, 2025
EPSS 0.00
CVE-2025-10932 HIGH
Progress MOVEit Transfer - Uncontrolled Resource Consumption
Oct 29, 2025
CVSS 8.2
EPSS 0.00
CVE-2025-6505 HIGH
Progress Hybrid Data Pipeline < 4.6.2.3275 - Unauthenticated Client Impersonation via OAuth Credential Combination
Jul 29, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-6504 HIGH
HDP Server <4.6.2.2978 - Privilege Escalation
Jul 29, 2025
CVSS 8.4
EPSS 0.00
CVE-2025-3600 HIGH
Progress Telerik UI for ASP.NET AJAX 2011.2.712-2025.1.218 - Denial of Service via Unsafe Reflection
May 14, 2025
CVSS 7.5
EPSS 0.19
CVE-2025-2572 MEDIUM
WhatsUp Gold < 24.0.3 - Unauthenticated Database Manipulation in WhatsUp.dbo.WrlsMacAddressGroup
Apr 14, 2025
CVSS 5.6
EPSS 0.00
CVE-2025-2324 MEDIUM
Progress MOVEit Transfer Privilege Escalation via Shared Account Misconfiguration
Mar 19, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-1758 MEDIUM
Progress LoadMaster <7.2.40.0 - Buffer Overflow
Mar 19, 2025
CVSS 4.3
EPSS 0.05
CVE-2025-0556 HIGH
Telerik Report Server <2025 Q1 (11.0.25.211) - Info Disclosure
Feb 12, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-0332 HIGH
Telerik UI for WinForms <2025.1.211 - Path Traversal
Feb 12, 2025
CVSS 7.8
EPSS 0.00
CVE-2024-6097 MEDIUM
Progress Telerik Reporting < 19.0.25.211 - Local Path Traversal via Absolute Path
Feb 12, 2025
CVSS 5.3
EPSS 0.00