progress

244 tracked vulnerabilities.

CVE-2024-4202 HIGH
Telerik Reporting <2024 Q2 - Code Injection
May 15, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-4200 HIGH
Telerik Reporting <2024 Q2 - Code Injection
May 15, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-3892 HIGH
Telerik UI for WinForms 2021.1.122-2024.2.514 - Local Code Execution via Untrusted Theme Assembly
May 15, 2024
CVSS 7.2
EPSS 0.00
CVE-2024-4562 MEDIUM
WhatsUp Gold < 23.1.2 - Authenticated Server-Side Request Forgery in HTTP Monitoring
May 14, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-4561 MEDIUM
WhatsUp Gold < 23.1.2 - Server-Side Request Forgery via FaviconController
May 14, 2024
CVSS 4.2
EPSS 0.00
CVE-2024-3544 HIGH
Progress LoadMaster < 7.2.48.11, 7.2.49.0-7.2.54.10, 7.2.55.0-7.2.59.4 - Hard-coded SSH Credentials
May 02, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-3543 MEDIUM
Reversible Password Encryption - Info Disclosure
May 02, 2024
CVSS 6.4
EPSS 0.00
CVE-2024-2389 CRITICAL NUCLEI
Progress Kemp Flowmon - Command Injection
Apr 02, 2024
CVSS 10.0
EPSS 0.94
CVE-2024-2449 HIGH
LoadMaster 7.2.49.0-7.2.54.8 and 7.2.55.0-7.2.59.2 - Cross-Site Request Forgery
Mar 22, 2024
CVSS 7.5
EPSS 0.03
CVE-2024-2448 HIGH
LoadMaster 7.2.49.0-7.2.54.8 and 7.2.55.0-7.2.59.2 - Authenticated OS Command Injection via UI Component
Mar 22, 2024
CVSS 8.4
EPSS 0.45
CVE-2024-2291 MEDIUM
MOVEit Transfer <2022.0.11, 2022.1.12, 2023.0.9, 2023.1.4 - Auth By...
Mar 20, 2024
CVSS 4.3
EPSS 0.00
CVE-2024-1856 HIGH
Progress Telerik Reporting < 18.0.24.130 - Remote Code Execution via Insecure Deserialization
Mar 20, 2024
CVSS 8.5
EPSS 0.00
CVE-2024-1801 HIGH
Progress Telerik Reporting < 18.0.24.130 - Local Code Execution via Insecure Deserialization
Mar 20, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-1800 CRITICAL
Progress Telerik Report Server < 10.0.24.130 - Remote Code Execution via Insecure Deserialization
Mar 20, 2024
CVSS 9.9
EPSS 0.72
CVE-2024-1636 HIGH
Sitefinity < 13.3.7649 - Cross-Site Scripting in Page Editing Area
Feb 28, 2024
CVSS 8.0
EPSS 0.00
CVE-2024-1632 HIGH
Progress Sitefinity < 13.3.7649 - Authenticated Sensitive Information Exposure in Administrative Area
Feb 28, 2024
CVSS 8.8
EPSS 0.02
CVE-2024-1403 CRITICAL
OpenEdge < 11.7.19 - Authentication Bypass via Credential Handling Failure
Feb 27, 2024
CVSS 10.0
EPSS 0.16
CVE-2024-1212 CRITICAL KEVNUCLEI
LoadMaster 7.2.48.1-7.2.48.9 - Unauthenticated OS Command Injection
Feb 21, 2024
CVSS 10.0
EPSS 0.94
CVE-2024-1474 HIGH
WS_FTP Server < 8.8.5 - Reflected Cross-Site Scripting in Administrative Interface
Feb 21, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-0833 HIGH
Telerik Test Studio <v2023.3.1330 - Privilege Escalation
Jan 31, 2024
CVSS 7.8
EPSS 0.00
CVE-2024-0832 HIGH
Telerik Reporting <2024 R1 - Privilege Escalation
Jan 31, 2024
CVSS 7.8
EPSS 0.01
CVE-2024-0219 HIGH
Telerik JustDecompile < 2019.1.118.0 - Privilege Escalation via Installer Manipulation
Jan 31, 2024
CVSS 7.8
EPSS 0.01
CVE-2024-0396 HIGH
Progress MOVEit Transfer < 2022.0.10, 2022.1.11, 2023.0.8, 2023.1.3 - DoS via HTTPS Parameter Manipulation
Jan 17, 2024
CVSS 7.1
EPSS 0.00
CVE-2023-27636 MEDIUM
Progress Sitefinity < 15.0.0 - Authenticated Cross-Site Scripting via Content Form
Jun 16, 2024
CVSS 5.4
EPSS 0.00
CVE-2023-40052 HIGH
Progress OpenEdge 11.7-11.7.17 and 12.2-12.2.12 - Denial of Service via Malformed Web Request
Jan 18, 2024
CVSS 7.5
EPSS 0.00
Products
whatsup_gold 56 ws_ftp_server 28 moveit_transfer 25 loadmaster 19 sitefinity 19 telerik_reporting 14 openedge 12 moveit_automation 8 telerik_ui_for_asp.net_ajax 8 multi-tenant_loadmaster 7 telerik_report_server 7 ecs_connection_manager 6 connection_manager_for_objectscale 5 progress 5 sitefinity_cms 5 flowmon 3 telerik_document_processing_libraries 3 telerik_ui_for_winforms 3 DataDirect Connect for JDBC Autonomous REST Connector 2 DataDirect Connect for JDBC for Amazon Redshift 2 DataDirect Connect for JDBC for Apache Cassandra 2 DataDirect Connect for JDBC for Apache Impala 2 DataDirect Connect for JDBC for Apache SparkSQL 2 DataDirect Connect for JDBC for DB2 2 DataDirect Connect for JDBC for Google Analytics 4 2 DataDirect Connect for JDBC for Google BigQuery 2 DataDirect Connect for JDBC for Greenplum 2 DataDirect Connect for JDBC for Hive 2 DataDirect Connect for JDBC for Informix 2 DataDirect Connect for JDBC for Microsoft Dynamics 365 2
Quick Filters
Critical CVEs With Exploits In CISA KEV