VYPR
Vendor

Progress (organisation)

Progress is a political organisation associated with the British Labour Party, founded in 1996 to support the New Labour leadership of Tony Blair. It is seen as being on the right of the party.

Founded 1996
Products
40
CVEs
218
Across products
235
Status
Private

Products

40
View all 40 products →

Recent CVEs

218
View all 218 CVEs →
  • CVE-2017-11357CriKEVAug 23, 2017
    risk 0.91cvss 9.8epss 0.76

    Progress Telerik UI for ASP.NET AJAX before R2 2017 SP2 does not properly restrict user input to RadAsyncUpload, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.

  • CVE-2017-11317CriKEVAug 23, 2017
    risk 0.85cvss 9.8epss 0.83

    Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX before R1 2017 and R2 before R2 2017 SP2 uses weak RadAsyncUpload encryption, which allows remote attackers to perform arbitrary file uploads or execute arbitrary code.

  • CVE-2017-9248CriKEVJul 3, 2017
    risk 0.85cvss 9.8epss 0.75

    Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection…

  • CVE-2015-8261CriJan 8, 2016
    risk 0.67cvss 9.8epss 0.04

    The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request.

  • CVE-2026-2699CriApr 2, 2026
    risk 0.66cvss 9.8epss 0.49

    Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution.

  • CVE-2026-7312CriJun 2, 2026
    risk 0.65cvss 10.0epss 0.00

    CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1.8300 to 15.1.8335, 15.2.8400 to 15.2.8441, 15.3.8500 to 15.3.8531, and 15.4.8600 to 15.4.8630 allows a remote…

  • CVE-2026-7198CriJun 2, 2026
    risk 0.64cvss 9.8epss 0.00

    CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated attacker to access content that should be restricted, resulting in full compromise of confidentiality, integrity, and availability of affected…

  • CVE-2026-4670CriApr 30, 2026
    risk 0.64cvss 9.8epss 0.06

    Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0.

  • CVE-2017-15883CriJan 8, 2018
    risk 0.64cvss 9.8epss 0.02

    Sitefinity 5.1, 5.2, 5.3, 5.4, 6.x, 7.x, 8.x, 9.x, and 10.x allow remote attackers to bypass authentication and consequently cause a denial of service on load balanced sites or gain privileges via vectors related to weak cryptography.

  • CVE-2015-9245CriOct 31, 2017
    risk 0.64cvss 9.8epss 0.02

    Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931.

  • CVE-2026-8037CriJun 4, 2026
    risk 0.62cvss 9.6epss 0.02

    OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints

  • CVE-2025-8095CriApr 14, 2026
    risk 0.59cvss epss 0.00

    The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform.  It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications.  OECH1 encodings should be considered exploitable and immediately replaced…

  • CVE-2026-2701CriApr 2, 2026
    risk 0.59cvss 9.1epss 0.49

    Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution.

  • CVE-2013-10036HigJul 31, 2025
    risk 0.58cvss epss 0.00

    A stack-based buffer overflow vulnerability exists in Beetel Connection Manager version PCW_BTLINDV1.0.0B04 when parsing the UserName parameter in the NetConfig.ini configuration file. A crafted .ini file containing an overly long UserName value can overwrite the Structured…

  • CVE-2026-7313HigJun 2, 2026
    risk 0.57cvss 8.7epss 0.00

    CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 8.0.5700 to 13.3.7652 allows a remote authenticated attacker to obtain plain-text credentials used connect to Sitefinity Insight service. Successful exploitation requires active…

  • CVE-2026-7201HigJun 2, 2026
    risk 0.57cvss 8.8epss 0.00

    CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote authenticated attacker to modify account properties of other users, potentially leading…

  • CVE-2026-7195HigJun 2, 2026
    risk 0.57cvss 8.8epss 0.00

    CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote…

  • CVE-2026-3692HigApr 2, 2026
    risk 0.57cvss 8.8epss 0.00

    In Progress Flowmon versions prior to 12.5.8, a vulnerability exists whereby an authenticated low-privileged user may craft a request during the report generation process that results in unintended commands being executed on the server.

  • CVE-2025-48082HigOct 22, 2025
    risk 0.57cvss 8.8epss 0.00

    Incorrect Privilege Assignment vulnerability in Progress Planner Progress Planner progress-planner allows Privilege Escalation.This issue affects Progress Planner: from n/a through <= 1.8.0.

  • CVE-2025-10240HigOct 9, 2025
    risk 0.57cvss 8.8epss 0.00

    A vulnerability exists in the Progress Flowmon web application prior to version 12.5.5, whereby a user who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated session.