Progress
Source repositories
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-48082 | Hig | 0.57 | 8.8 | 0.00 | Oct 22, 2025 | Incorrect Privilege Assignment vulnerability in Progress Planner Progress Planner progress-planner allows Privilege Escalation.This issue affects Progress Planner: from n/a through <= 1.8.0. | ||
| CVE-2026-4048 | Hig | 0.55 | 8.4 | 0.02 | Apr 20, 2026 | OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in a custom WAF rule file during the file… | ||
| CVE-2026-3519 | Hig | 0.55 | 8.4 | 0.02 | Apr 20, 2026 | OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'aclcontrol' command | ||
| CVE-2026-28034 | Hig | 0.53 | 8.1 | 0.00 | Mar 5, 2026 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Progress progress allows PHP Local File Inclusion.This issue affects Progress: from n/a through <= 1.2. | ||
| CVE-2024-37411 | Med | 0.34 | 5.3 | 0.00 | Nov 1, 2024 | Missing Authorization vulnerability in Progress Planner Progress Planner progress-planner.This issue affects Progress Planner: from n/a through <= 0.9.1. | ||
| CVE-2024-37422 | Med | 0.31 | 5.9 | 0.00 | Jul 22, 2024 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Progress Planner Progress Planner progress-planner.This issue affects Progress Planner: from n/a through <= 0.9.2. | ||
| CVE-2007-2506 | 0.03 | — | 0.04 | May 4, 2007 | WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by… | |||
| CVE-2001-1127 | 0.03 | — | 0.02 | Oct 5, 2001 | Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump. | |||
| CVE-2007-2417 | 0.01 | — | 0.16 | Jul 15, 2007 | Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via… | |||
| CVE-2001-1129 | 0.00 | — | 0.00 | Nov 2, 2001 | Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by… | |||
| CVE-2001-1128 | 0.00 | — | 0.01 | Oct 8, 2001 | Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables. |
- risk 0.57cvss 8.8epss 0.00
Incorrect Privilege Assignment vulnerability in Progress Planner Progress Planner progress-planner allows Privilege Escalation.This issue affects Progress Planner: from n/a through <= 1.8.0.
- risk 0.55cvss 8.4epss 0.02
OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in a custom WAF rule file during the file…
- risk 0.55cvss 8.4epss 0.02
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'aclcontrol' command
- risk 0.53cvss 8.1epss 0.00
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeREX Progress progress allows PHP Local File Inclusion.This issue affects Progress: from n/a through <= 1.2.
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Progress Planner Progress Planner progress-planner.This issue affects Progress Planner: from n/a through <= 0.9.1.
- risk 0.31cvss 5.9epss 0.00
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Progress Planner Progress Planner progress-planner.This issue affects Progress Planner: from n/a through <= 0.9.2.
- CVE-2007-2506May 4, 2007risk 0.03cvss —epss 0.04
WebSpeed 3.x in OpenEdge 10.x in Progress Software Progress 9.1e, and certain other 9.x versions, allows remote attackers to cause a denial of service (infinite loop and daemon hang) via a messenger URL that invokes _edit.r with no additional parameters, as demonstrated by…
- CVE-2001-1127Oct 5, 2001risk 0.03cvss —epss 0.02
Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8) _sqldump.
- CVE-2007-2417Jul 15, 2007risk 0.01cvss —epss 0.16
Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via…
- CVE-2001-1129Nov 2, 2001risk 0.00cvss —epss 0.00
Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) _mprosrv, (4) _mprshut, (5) _proapsv, (6) _progres, (7) _proutil, (8) _rfutil and (9) prolib in Progress database 9.1C allows a local user to execute arbitrary code via format string specifiers in the file used by…
- CVE-2001-1128Oct 8, 2001risk 0.00cvss —epss 0.01
Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables.