VYPR

Progress

by Progress (organisation)

Source repositories

CVEs (11)

  • CVE-2025-48082HigOct 22, 2025
    risk 0.57cvss 8.8epss 0.00

    Incorrect Privilege Assignment vulnerability in Progress Planner Progress Planner progress-planner allows Privilege Escalation.This issue affects Progress Planner: from n/a through <= 1.8.0.

  • CVE-2026-4048HigApr 20, 2026
    risk 0.55cvss 8.4epss 0.02

    OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in a custom WAF rule file during the file…

  • CVE-2026-3519HigApr 20, 2026
    risk 0.55cvss 8.4epss 0.02

    OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'aclcontrol' command

  • CVE-2026-28034HigMar 5, 2026
    risk 0.53cvss 8.1epss 0.00

    Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Progress progress allows PHP Local File Inclusion.This issue affects Progress: from n/a through <= 1.2.

  • CVE-2024-37411MedNov 1, 2024
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in Progress Planner Progress Planner progress-planner.This issue affects Progress Planner: from n/a through <= 0.9.1.

  • CVE-2024-37422MedJul 22, 2024
    risk 0.31cvss 5.9epss 0.00

    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Progress Planner Progress Planner progress-planner.This issue affects Progress Planner: from n/a through <= 0.9.2.

  • CVE-2007-2506May 4, 2007
    risk 0.03cvss epss 0.04

    WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by…

  • CVE-2001-1127Oct 5, 2001
    risk 0.03cvss epss 0.02

    Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump.

  • CVE-2007-2417Jul 15, 2007
    risk 0.01cvss epss 0.16

    Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via…

  • CVE-2001-1129Nov 2, 2001
    risk 0.00cvss epss 0.00

    Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by…

  • CVE-2001-1128Oct 8, 2001
    risk 0.00cvss epss 0.01

    Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables.