progress

244 tracked vulnerabilities.

CVE-2025-6505 HIGH
Progress Hybrid Data Pipeline < 4.6.2.3275 - Unauthenticated Client Impersonation via OAuth Credential Combination
Jul 29, 2025
CVSS 8.1
EPSS 0.00
CVE-2025-6504 HIGH
HDP Server <4.6.2.2978 - Privilege Escalation
Jul 29, 2025
CVSS 8.4
EPSS 0.00
CVE-2025-3600 HIGH
Progress Telerik UI for ASP.NET AJAX 2011.2.712-2025.1.218 - Denial of Service via Unsafe Reflection
May 14, 2025
CVSS 7.5
EPSS 0.01
CVE-2025-2572 MEDIUM
WhatsUp Gold < 24.0.3 - Unauthenticated Database Manipulation in WhatsUp.dbo.WrlsMacAddressGroup
Apr 14, 2025
CVSS 5.6
EPSS 0.00
CVE-2025-2324 MEDIUM
Progress MOVEit Transfer Privilege Escalation via Shared Account Misconfiguration
Mar 19, 2025
CVSS 5.9
EPSS 0.00
CVE-2025-1758 MEDIUM
Progress LoadMaster <7.2.40.0 - Buffer Overflow
Mar 19, 2025
CVSS 4.3
EPSS 0.01
CVE-2025-0556 HIGH
Telerik Report Server <2025 Q1 (11.0.25.211) - Info Disclosure
Feb 12, 2025
CVSS 8.8
EPSS 0.00
CVE-2025-0332 HIGH
Telerik UI for WinForms <2025.1.211 - Path Traversal
Feb 12, 2025
CVSS 7.8
EPSS 0.00
CVE-2024-6097 MEDIUM
Progress Telerik Reporting < 19.0.25.211 - Local Path Traversal via Absolute Path
Feb 12, 2025
CVSS 5.3
EPSS 0.00
CVE-2024-11629 HIGH
Telerik Document Processing <2025.1.205 - Path Traversal
Feb 12, 2025
CVSS 7.1
EPSS 0.01
CVE-2024-11628 MEDIUM
Telerik Kendo UI for Vue <6.0.1 - Command Injection
Feb 12, 2025
CVSS 4.1
EPSS 0.00
CVE-2024-12629 MEDIUM
Progress KendoReact 3.5.0-9.4.0 - Prototype Pollution
Feb 12, 2025
CVSS 4.1
EPSS 0.00
CVE-2024-11343 HIGH
Telerik Document Processing <2025.1.205 - Path Traversal
Feb 12, 2025
CVSS 8.3
EPSS 0.00
CVE-2024-12251 HIGH
Telerik UI for WinUI 2.0.0-2.0.0 - Command Injection via Hyperlink Element
Feb 12, 2025
CVSS 7.8
EPSS 0.00
CVE-2024-56135 HIGH
Progress LoadMaster < 7.2.48.12 and 7.2.49.0-7.2.54.12 and 7.2.55.0-7.2.60.1 - Authenticated OS Command Injection
Feb 05, 2025
CVSS 8.4
EPSS 0.00
CVE-2024-56134 HIGH
Progress LoadMaster 7.2.48.12 and prior - Authenticated OS Command Injection
Feb 05, 2025
CVSS 8.4
EPSS 0.00
CVE-2024-56133 HIGH
Progress LoadMaster < 7.2.48.12 - Authenticated OS Command Injection
Feb 05, 2025
CVSS 8.4
EPSS 0.00
CVE-2024-56132 HIGH
Progress LoadMaster 7.2.48.12-7.2.60.1 - Authenticated OS Command Injection
Feb 05, 2025
CVSS 8.4
EPSS 0.01
CVE-2024-56131 HIGH
Progress LoadMaster and Multi-Tenant Hypervisor - Authenticated OS Command Injection
Feb 05, 2025
CVSS 8.4
EPSS 0.00
CVE-2024-11627 MEDIUM
Progress Sitefinity 4.0-15.2.8421 Session Fixation via Insufficient Session Expiration
Jan 07, 2025
CVSS 6.8
EPSS 0.00
CVE-2024-11626 HIGH
Progress Sitefinity 4.0-15.2.8421 - Stored XSS in CMS Backend
Jan 07, 2025
CVSS 8.4
EPSS 0.00
CVE-2024-11625 HIGH
Progress Sitefinity 4.0-15.2.8421 - Information Exposure Through Error Message
Jan 07, 2025
CVSS 7.7
EPSS 0.00
CVE-2024-12108 CRITICAL
WhatsUp Gold 23.1.0-24.0.1 - Authentication Bypass via Public API
Dec 31, 2024
CVSS 9.6
EPSS 0.22
CVE-2024-12106 CRITICAL
WhatsUp Gold 23.1.0-24.0.1 - Unauthenticated LDAP Settings Modification
Dec 31, 2024
CVSS 9.4
EPSS 0.33
CVE-2024-12105 MEDIUM
WhatsUp Gold 23.1.0-24.0.1 - Authenticated Path Traversal
Dec 31, 2024
CVSS 6.5
EPSS 0.09
Products
whatsup_gold 56 ws_ftp_server 28 moveit_transfer 25 loadmaster 19 sitefinity 19 telerik_reporting 14 openedge 12 moveit_automation 8 telerik_ui_for_asp.net_ajax 8 multi-tenant_loadmaster 7 telerik_report_server 7 ecs_connection_manager 6 connection_manager_for_objectscale 5 progress 5 sitefinity_cms 5 flowmon 3 telerik_document_processing_libraries 3 telerik_ui_for_winforms 3 DataDirect Connect for JDBC Autonomous REST Connector 2 DataDirect Connect for JDBC for Amazon Redshift 2 DataDirect Connect for JDBC for Apache Cassandra 2 DataDirect Connect for JDBC for Apache Impala 2 DataDirect Connect for JDBC for Apache SparkSQL 2 DataDirect Connect for JDBC for DB2 2 DataDirect Connect for JDBC for Google Analytics 4 2 DataDirect Connect for JDBC for Google BigQuery 2 DataDirect Connect for JDBC for Greenplum 2 DataDirect Connect for JDBC for Hive 2 DataDirect Connect for JDBC for Informix 2 DataDirect Connect for JDBC for Microsoft Dynamics 365 2
Quick Filters
Critical CVEs With Exploits In CISA KEV