VYPR

Loadmaster

by Progress (organisation)

CVEs (21)

  • CVE-2026-8037CriJun 4, 2026
    risk 0.62cvss 9.6epss 0.02

    OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints

  • CVE-2026-4048HigApr 20, 2026
    risk 0.55cvss 8.4epss 0.02

    OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in a custom WAF rule file during the file…

  • CVE-2026-3519HigApr 20, 2026
    risk 0.55cvss 8.4epss 0.02

    OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'aclcontrol' command

  • CVE-2026-3518HigApr 20, 2026
    risk 0.55cvss 8.4epss 0.03

    OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'killsession' command

  • CVE-2026-3517HigApr 20, 2026
    risk 0.55cvss 8.4epss 0.18

    OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'addcountry'…

  • CVE-2023-29929HigAug 21, 2024
    risk 0.49cvss 7.5epss 0.01

    Buffer Overflow vulnerability found in Kemptechnologies Loadmaster before v.7.2.60.0 allows a remote attacker to casue a denial of service via the libkemplink.so, isreverse library.

  • CVE-2024-1212KEVFeb 21, 2024
    risk 0.23cvss epss 0.95

    Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution.

  • CVE-2024-7591Sep 5, 2024
    risk 0.03cvss epss 0.44

    Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above

  • CVE-2025-13447Jan 13, 2026
    risk 0.00cvss epss 0.25

    OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters

  • CVE-2025-13444Jan 13, 2026
    risk 0.00cvss epss 0.25

    OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters

  • CVE-2025-1758Mar 19, 2025
    risk 0.00cvss epss 0.05

    Improper Input Validation vulnerability in Progress LoadMaster allows : Buffer OverflowThis issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above

  • CVE-2024-56135Feb 5, 2025
    risk 0.00cvss epss 0.01

    Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.2.49.0 to 7.2.54.12…

  • CVE-2024-56134Feb 5, 2025
    risk 0.00cvss epss 0.01

    Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.2.49.0 to 7.2.54.12…

  • CVE-2024-56133Feb 5, 2025
    risk 0.00cvss epss 0.01

    Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.2.49.0 to 7.2.54.12…

  • CVE-2024-56132Feb 5, 2025
    risk 0.00cvss epss 0.06

    Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.2.49.0 to 7.2.54.12…

  • CVE-2024-56131Feb 5, 2025
    risk 0.00cvss epss 0.01

    Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.2.49.0 to 7.2.54.12…

  • CVE-2024-8755Oct 11, 2024
    risk 0.00cvss epss 0.01

    Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.2.49.0 to 7.2.54.12…

  • CVE-2024-6658Sep 12, 2024
    risk 0.00cvss epss 0.01

    Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.0 (inclusive)    From 7.2.49.0 to 7.2.54.11…

  • CVE-2024-3544May 2, 2024
    risk 0.00cvss epss 0.00

    Unauthenticated attackers can perform actions, using SSH private keys, by knowing the IP address and having access to the same network of one of the machines in the HA or Cluster group. This vulnerability has been closed by enhancing LoadMaster partner communications to require…

  • CVE-2024-2449Mar 22, 2024
    risk 0.00cvss epss 0.13

    A cross-site request forgery vulnerability has been identified in LoadMaster.  It is possible for a malicious actor, who has prior knowledge of the IP or hostname of a specific LoadMaster, to direct an authenticated LoadMaster administrator to a third-party site. In such a…

Page 1 of 2