VYPR

Proget

by Inedo

CVEs (3)

  • CVE-2017-14944HigSep 30, 2017
    risk 0.49cvss 7.5epss 0.01

    Inedo ProGet before 4.7.14 does not properly address dangerous package IDs during package addition, aka PG-1060.

  • CVE-2025-47244HigMay 3, 2025
    risk 0.48cvss 7.3epss 0.00

    Inedo ProGet through 2024.22 allows remote attackers to reach restricted functionality through the C# reflection layer, as demonstrated by causing a denial of service (when an attacker executes a loop calling RestartWeb) or obtaining potentially sensitive information.…

  • CVE-2017-15608MedSep 26, 2018
    risk 0.42cvss 6.5epss 0.00

    Inedo ProGet before 5.0 Beta5 has CSRF, allowing an attacker to change advanced settings.