progress

244 tracked vulnerabilities.

CVE-2023-35759 MEDIUM
Progress WhatsUp Gold < 23.0.0 - Unauthenticated Cross-Site Scripting via SNMP Endpoint
Jun 23, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-34203 HIGH
Progress OpenEdge < 11.7.16, 12.x < 12.2.12, 12.3.x-12.6.x < 12.7 - Authenticated URL Injection in OEM and OEE
Jun 23, 2023
CVSS 8.8
EPSS 0.01
CVE-2023-35708 CRITICAL NUCLEI
Progress MOVEit Transfer < 2020.1.10 - Unauthenticated SQL Injection
Jun 16, 2023
CVSS 9.8
EPSS 0.77
CVE-2023-35036 CRITICAL
Progress MOVEit Transfer < 2021.0.7, 2021.1.5, 2022.0.5, 2022.1.6, 2023.0.2 - Unauthenticated SQL Injection
Jun 12, 2023
CVSS 9.1
EPSS 0.34
CVE-2023-34364 CRITICAL
Progress DataDirect ODBC Oracle Wire Protocol Driver < 08.02.2770 - Buffer Overflow via Connection String Options
Jun 09, 2023
CVSS 9.8
EPSS 0.00
CVE-2023-34363 MEDIUM
Progress DataDirect Connect for ODBC <08.02.2770 - Info Disclosure
Jun 09, 2023
CVSS 5.9
EPSS 0.00
CVE-2023-34362 CRITICAL KEVNUCLEI
MOVEit SQL Injection vulnerability
Jun 02, 2023
CVSS 9.8
EPSS 0.94
CVE-2023-26101 HIGH
Flowmon Packet Investigator <12.1.0 - Path Traversal
Apr 21, 2023
CVSS 7.5
EPSS 0.01
CVE-2023-26100 MEDIUM
Progress Flowmon < 12.2.0 - Reflected Cross-Site Scripting
Apr 21, 2023
CVSS 6.1
EPSS 0.00
CVE-2023-29376 MEDIUM
Progress Sitefinity <14.3.8025 - XSS
Apr 10, 2023
CVSS 5.4
EPSS 0.00
CVE-2023-29375 CRITICAL
Progress Sitefinity <14.3.8025 - File Upload
Apr 10, 2023
CVSS 9.8
EPSS 0.05
CVE-2023-24029 HIGH
WS_FTP Server <8.8 - Privilege Escalation
Feb 03, 2023
CVSS 7.2
EPSS 0.01
CVE-2022-27665 MEDIUM
Progress WS_FTP Server 8.6.0 - Reflected Cross-Site Scripting via AngularJS Sandbox Escape
Apr 03, 2023
CVSS 6.1
EPSS 0.01
CVE-2022-42711 CRITICAL
Progress WhatsUp Gold < 22.1.0 - Unauthenticated Stored Cross-Site Scripting via SNMP MIB Walker Endpoint
Oct 12, 2022
CVSS 9.6
EPSS 0.01
CVE-2022-36968 MEDIUM
Progress WS_FTP Server < 8.7.3 - Cross-Site Request Forgery in Administrative Interface
Aug 02, 2022
CVSS 4.3
EPSS 0.00
CVE-2022-36967 MEDIUM
Progress WS_FTP Server < 8.7.3 - Reflected Cross-Site Scripting in Administrative Web Interface
Aug 02, 2022
CVSS 6.1
EPSS 0.00
CVE-2022-29848 MEDIUM
Progress WhatsUp Gold 17.0.0-21.1.1 and 22.0.0 - Authenticated Server-Side Request Forgery
May 11, 2022
CVSS 6.5
EPSS 0.61
CVE-2022-29847 HIGH
Progress WhatsUp Gold 21.0.0-21.1.1 and 22.0.0 - Unauthenticated Server-Side Request Forgery
May 11, 2022
CVSS 7.5
EPSS 0.85
CVE-2022-29846 MEDIUM
Ipswitch WhatsUp Gold <22.0.0 - Info Disclosure
May 11, 2022
CVSS 5.3
EPSS 0.39
CVE-2022-29845 MEDIUM
Ipswitch WhatsUp Gold <22.0.0 - Info Disclosure
May 11, 2022
CVSS 6.5
EPSS 0.44
CVE-2022-29849 HIGH
Progress OpenEdge < 11.7.14 and 12.x < 12.2.9 - Privilege Escalation via SUID Binary
May 02, 2022
CVSS 7.8
EPSS 0.00
CVE-2021-41318 MEDIUM
Progress WhatsUp Gold < 21.1.0 - Unauthenticated Stored Cross-Site Scripting
Sep 28, 2021
CVSS 6.1
EPSS 0.00
CVE-2021-38159 CRITICAL
Progress MOVEit Transfer <2021.0.4 - SQL Injection
Aug 07, 2021
CVSS 9.8
EPSS 0.03
CVE-2021-37614 HIGH
Progress MOVEit Transfer < 2019.0.7 - Authenticated SQL Injection via Transaction Type Strings
Aug 05, 2021
CVSS 8.8
EPSS 0.00
CVE-2021-33894 HIGH
Progress MOVEit Transfer SQL Injection in SILUtility.vb
Jun 09, 2021
CVSS 8.8
EPSS 0.02
Products
whatsup_gold 56 ws_ftp_server 28 moveit_transfer 25 loadmaster 19 sitefinity 19 telerik_reporting 14 openedge 12 moveit_automation 8 telerik_ui_for_asp.net_ajax 8 multi-tenant_loadmaster 7 telerik_report_server 7 ecs_connection_manager 6 connection_manager_for_objectscale 5 progress 5 sitefinity_cms 5 flowmon 3 telerik_document_processing_libraries 3 telerik_ui_for_winforms 3 DataDirect Connect for JDBC Autonomous REST Connector 2 DataDirect Connect for JDBC for Amazon Redshift 2 DataDirect Connect for JDBC for Apache Cassandra 2 DataDirect Connect for JDBC for Apache Impala 2 DataDirect Connect for JDBC for Apache SparkSQL 2 DataDirect Connect for JDBC for DB2 2 DataDirect Connect for JDBC for Google Analytics 4 2 DataDirect Connect for JDBC for Google BigQuery 2 DataDirect Connect for JDBC for Greenplum 2 DataDirect Connect for JDBC for Hive 2 DataDirect Connect for JDBC for Informix 2 DataDirect Connect for JDBC for Microsoft Dynamics 365 2
Quick Filters
Critical CVEs With Exploits In CISA KEV