progress

261 tracked vulnerabilities.

CVE-2024-5015 HIGH
WhatsUp Gold < 23.1.3 - Authenticated Server-Side Request Forgery in SessionController
Jun 25, 2024
CVSS 7.1
EPSS 0.01
CVE-2024-5014 HIGH
WhatsUp Gold < 23.1.3 - Authenticated Server-Side Request Forgery via GetASPReport Feature
Jun 25, 2024
CVSS 7.1
EPSS 0.00
CVE-2024-5013 HIGH
WhatsUp Gold < 23.1.3 - Unauthenticated Denial of Service via SetAdminPassword Installation Step
Jun 25, 2024
CVSS 7.5
EPSS 0.01
CVE-2024-5012 HIGH
WhatsUp Gold < 23.1.3 - Unauthenticated Windows Credential Disclosure via WUGDataAccess.Credentials
Jun 25, 2024
CVSS 8.6
EPSS 0.00
CVE-2024-5011 HIGH
WhatsUp Gold < 23.1.3 - Unauthenticated Denial of Service via TestController Chart Request
Jun 25, 2024
CVSS 7.5
EPSS 0.47
CVE-2024-5010 HIGH
WhatsUp Gold < 23.1.3 - Unauthenticated Sensitive Information Exposure via TestController
Jun 25, 2024
CVSS 7.5
EPSS 0.70
CVE-2024-5009 HIGH
WhatsUp Gold < 23.1.3 - Improper Access Control in InstallController.SetAdminPassword
Jun 25, 2024
CVSS 8.4
EPSS 0.15
CVE-2024-5008 HIGH
WhatsUp Gold < 23.1.3 - Authenticated Remote Code Execution via AppProfileImportController
Jun 25, 2024
CVSS 8.8
EPSS 0.17
CVE-2024-4885 CRITICAL KEVNUCLEI
Progress WhatsUp Gold < 23.1.3 - Unauthenticated Remote Code Execution via ExportUtilities.Export.GetFileWithoutZip
Jun 25, 2024
CVSS 9.8
EPSS 0.99
CVE-2024-4884 CRITICAL
WhatsUp Gold < 23.1.3 - Unauthenticated Remote Code Execution via CommunityController
Jun 25, 2024
CVSS 9.8
EPSS 0.24
CVE-2024-4883 CRITICAL
Progress WhatsUp Gold < 23.1.3 - Unauthenticated Remote Code Execution via NmApi.exe
Jun 25, 2024
CVSS 9.8
EPSS 0.65
CVE-2024-5806 CRITICAL
Progress MOVEit SFTP Authentication Bypass for Arbitrary File Read
Jun 25, 2024
CVSS 9.1
EPSS 0.76
CVE-2024-5805 CRITICAL
Progress MOVEit Gateway 2024.0.0.0 - Authentication Bypass in SFTP Modules
Jun 25, 2024
CVSS 9.1
EPSS 0.08
CVE-2024-4563 MEDIUM
Progress MOVEit Automation < 2024.0.0 - Use of a Broken or Risky Cryptographic Algorithm in Configuration Export
May 22, 2024
CVSS 6.1
EPSS 0.00
CVE-2024-4837 MEDIUM
Progress Telerik Report Server < 10.1.24.514 - Sensitive Information Exposure
May 15, 2024
CVSS 5.3
EPSS 0.00
CVE-2024-4357 MEDIUM
Progress Telerik Report Server < 10.1.24.514 - XML External Entity Injection
May 15, 2024
CVSS 6.5
EPSS 0.01
CVE-2024-4202 HIGH
Telerik Reporting <2024 Q2 - Code Injection
May 15, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-4200 HIGH
Telerik Reporting <2024 Q2 - Code Injection
May 15, 2024
CVSS 7.7
EPSS 0.00
CVE-2024-3892 HIGH
Telerik UI for WinForms 2021.1.122-2024.2.514 - Local Code Execution via Untrusted Theme Assembly
May 15, 2024
CVSS 7.2
EPSS 0.00
CVE-2024-4562 MEDIUM
WhatsUp Gold < 23.1.2 - Authenticated Server-Side Request Forgery in HTTP Monitoring
May 14, 2024
CVSS 5.4
EPSS 0.00
CVE-2024-4561 MEDIUM
WhatsUp Gold < 23.1.2 - Server-Side Request Forgery via FaviconController
May 14, 2024
CVSS 4.2
EPSS 0.00
CVE-2024-3544 HIGH
Progress LoadMaster < 7.2.48.11, 7.2.49.0-7.2.54.10, 7.2.55.0-7.2.59.4 - Hard-coded SSH Credentials
May 02, 2024
CVSS 7.5
EPSS 0.00
CVE-2024-3543 MEDIUM
Reversible Password Encryption - Info Disclosure
May 02, 2024
CVSS 6.4
EPSS 0.00
CVE-2024-2389 CRITICAL NUCLEI
Progress Kemp Flowmon - Command Injection
Apr 02, 2024
CVSS 10.0
EPSS 0.94
CVE-2024-2449 HIGH
LoadMaster 7.2.49.0-7.2.54.8 and 7.2.55.0-7.2.59.2 - Cross-Site Request Forgery
Mar 22, 2024
CVSS 7.5
EPSS 0.13