progress

261 tracked vulnerabilities.

CVE-2023-6217 HIGH
MOVEit Transfer <2022.0.9-2023.0.7 - XSS
Nov 29, 2023
CVSS 7.1
EPSS 0.01
CVE-2023-42659 CRITICAL
WS_FTP Server < 8.7.6 and 8.8.4 - Authenticated Unrestricted File Upload via API Call
Nov 07, 2023
CVSS 9.1
EPSS 0.01
CVE-2023-42657 CRITICAL
WS_FTP Server < 8.7.4 - Path Traversal and Arbitrary File Operations
Sep 27, 2023
CVSS 9.9
EPSS 0.17
CVE-2023-40049 MEDIUM
WS_FTP Server < 8.8.2 - Unauthenticated Sensitive Information Exposure via WebServiceHost Directory Listing
Sep 27, 2023
CVSS 5.3
EPSS 0.01
CVE-2023-40048 MEDIUM
WS_FTP Server < 8.8.2 - Cross-Site Request Forgery in Server Manager Interface
Sep 27, 2023
CVSS 6.8
EPSS 0.00
CVE-2023-40047 HIGH
WS_FTP Server < 8.8.2 - Authenticated Stored Cross-Site Scripting via SSL Certificate Import
Sep 27, 2023
CVSS 8.3
EPSS 0.00
CVE-2023-40046 HIGH
WS_FTP Server < 8.7.4 - SQL Injection in Manager Interface
Sep 27, 2023
CVSS 8.2
EPSS 0.01
CVE-2023-40045 HIGH
WS_FTP Server < 8.7.4 - Reflected Cross-Site Scripting in Ad Hoc Transfer Module
Sep 27, 2023
CVSS 8.3
EPSS 0.01
CVE-2023-40044 CRITICAL KEVNUCLEI
WS_FTP Server < 8.7.4 - Unauthenticated Remote Code Execution via .NET Deserialization
Sep 27, 2023
CVSS 10.0
EPSS 0.90
CVE-2023-42660 HIGH
Progress MOVEit Transfer < 2021.1.8 - Authenticated SQL Injection via Machine Interface
Sep 20, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-42656 MEDIUM
Progress MOVEit Transfer < 2021.1.8 - Reflected Cross-Site Scripting via Package Composition Procedure
Sep 20, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-40043 HIGH
Progress MOVEit Transfer < 2021.1.8 - Authenticated SQL Injection via Web Interface
Sep 20, 2023
CVSS 7.2
EPSS 0.01
CVE-2023-28864 MEDIUM
Progress Chef Infra Server <15.7 - Info Disclosure
Jul 17, 2023
CVSS 5.5
EPSS 0.00
CVE-2023-36934 CRITICAL NUCLEI
Progress MOVEit Transfer < 12.1.11 - Unauthenticated SQL Injection
Jul 05, 2023
CVSS 9.1
EPSS 0.95
CVE-2023-36933 HIGH
MOVEit Transfer <2021.0.9, 13.0.9 - Unhandled Exception
Jul 05, 2023
CVSS 7.5
EPSS 0.72
CVE-2023-36932 HIGH
Progress MOVEit Transfer < 2020.1.11, 2021.0.9, 2021.1.7, 2022.0.7, 2022.1.8, 2023.0.4 - Authenticated SQL Injection
Jul 05, 2023
CVSS 8.1
EPSS 0.81
CVE-2023-35759 MEDIUM
Progress WhatsUp Gold < 23.0.0 - Unauthenticated Cross-Site Scripting via SNMP Endpoint
Jun 23, 2023
CVSS 6.1
EPSS 0.02
CVE-2023-34203 HIGH
Progress OpenEdge < 11.7.16, 12.x < 12.2.12, 12.3.x-12.6.x < 12.7 - Authenticated URL Injection in OEM and OEE
Jun 23, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-35708 CRITICAL NUCLEI
Progress MOVEit Transfer < 2020.1.10 - Unauthenticated SQL Injection
Jun 16, 2023
CVSS 9.8
EPSS 0.97
CVE-2023-35036 CRITICAL
Progress MOVEit Transfer < 2021.0.7, 2021.1.5, 2022.0.5, 2022.1.6, 2023.0.2 - Unauthenticated SQL Injection
Jun 12, 2023
CVSS 9.1
EPSS 0.13
CVE-2023-34364 CRITICAL
Progress DataDirect ODBC Oracle Wire Protocol Driver < 08.02.2770 - Buffer Overflow via Connection String Options
Jun 09, 2023
CVSS 9.8
EPSS 0.02
CVE-2023-34363 MEDIUM
Progress DataDirect Connect for ODBC <08.02.2770 - Info Disclosure
Jun 09, 2023
CVSS 5.9
EPSS 0.00
CVE-2023-34362 CRITICAL KEVNUCLEI
MOVEit SQL Injection vulnerability
Jun 02, 2023
CVSS 9.8
EPSS 1.00
CVE-2023-26101 HIGH
Flowmon Packet Investigator <12.1.0 - Path Traversal
Apr 21, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-26100 MEDIUM
Progress Flowmon < 12.2.0 - Reflected Cross-Site Scripting
Apr 21, 2023
CVSS 6.1
EPSS 0.00