VYPR

Vendor CVEs

Progress (organisation)

All CVEs

218 total · sorted by risk
  • CVE-2007-2417Jul 15, 2007
    risk 0.01cvss epss 0.16

    Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via…

  • CVE-2004-1848Dec 31, 2004
    risk 0.01cvss epss 0.08

    Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial of service (disk consumption) and bypass file size restrictions via a REST command with a large size argument, followed by a STOR of a smaller file.

  • CVE-2002-0826Aug 12, 2002
    risk 0.01cvss epss 0.12

    Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated users to execute arbitrary code via a long SITE CPWD command.

  • CVE-2026-8100Jun 18, 2026
    risk 0.00cvss epss 0.00

    Impact A security issue has been identified in Chef 360 that could allow unauthorized access to protected API endpoints under specific conditions. This issue is due to improper handling of URL-encoded paths during request processing. In certain scenarios, an authenticated…

  • CVE-2026-2514Mar 12, 2026
    risk 0.00cvss epss 0.00

    In Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, a vulnerability exists whereby an adversary with access to Flowmon monitoring ports may craft malicious network data that, when processed by Flowmon ADS and viewed by an authenticated user, could result in unintended…

  • CVE-2026-2878Feb 25, 2026
    risk 0.00cvss epss 0.00

    In Progress® Telerik® UI for AJAX, versions prior to 2026.1.225, an insufficient entropy vulnerability exists in RadAsyncUpload, where a predictable temporary identifier, based on timestamp and filename, can enable collisions and file content tampering.

  • CVE-2025-13447Jan 13, 2026
    risk 0.00cvss epss 0.25

    OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters

  • CVE-2025-13444Jan 13, 2026
    risk 0.00cvss epss 0.25

    OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters

  • CVE-2025-13774Jan 13, 2026
    risk 0.00cvss epss 0.00

    A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.4 and 13.0.1 where an SQL injection vulnerability allows authenticated users to execute unintended SQL queries and commands.

  • CVE-2025-6724Sep 29, 2025
    risk 0.00cvss epss 0.00

    In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in multiple services via improperly neutralized inputs used in an SQL command.

  • CVE-2025-3600May 14, 2025
    risk 0.00cvss epss 0.19

    In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the hosting process and denial of service.

  • CVE-2025-1758Mar 19, 2025
    risk 0.00cvss epss 0.05

    Improper Input Validation vulnerability in Progress LoadMaster allows : Buffer OverflowThis issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above

  • CVE-2024-6097Feb 12, 2025
    risk 0.00cvss epss 0.00

    In Progress® Telerik® Reporting versions prior to 2025 Q1 (19.0.25.211), information disclosure is possible by a local threat actor through an absolute path vulnerability.

  • CVE-2024-11629Feb 12, 2025
    risk 0.00cvss epss 0.00

    In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), using .NET Standard 2.0, the contents of a file at an arbitrary path can be exported to RTF.

  • CVE-2024-11628Feb 12, 2025
    risk 0.00cvss epss 0.01

    In Progress® Telerik® Kendo UI for Vue versions v2.4.0 through v6.0.1, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection.

  • CVE-2024-11343Feb 12, 2025
    risk 0.00cvss epss 0.01

    In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), unzipping an archive can lead to arbitrary file system access.

  • CVE-2024-12629Feb 12, 2025
    risk 0.00cvss epss 0.01

    In Progress® Telerik® KendoReact versions v3.5.0 through v9.4.0, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection.

  • CVE-2025-0332Feb 12, 2025
    risk 0.00cvss epss 0.00

    In Progress® Telerik® UI for WinForms, versions prior to 2025 Q1 (2025.1.211), using the improper limitation of a target path can lead to decompressing an archive's content into a restricted directory.

  • CVE-2025-0556Feb 12, 2025
    risk 0.00cvss epss 0.00

    In Progress® Telerik® Report Server, versions prior to 2025 Q1 (11.0.25.211) when using the older .NET Framework implementation, communication of non-sensitive information between the service agent process and app host process occurs over an unencrypted tunnel, which can be…

  • CVE-2024-56135Feb 5, 2025
    risk 0.00cvss epss 0.01

    Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.2.49.0 to 7.2.54.12…

  • CVE-2024-56134Feb 5, 2025
    risk 0.00cvss epss 0.01

    Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.2.49.0 to 7.2.54.12…

  • CVE-2024-56133Feb 5, 2025
    risk 0.00cvss epss 0.01

    Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.2.49.0 to 7.2.54.12…

  • CVE-2024-56132Feb 5, 2025
    risk 0.00cvss epss 0.06

    Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.2.49.0 to 7.2.54.12…

  • CVE-2024-56131Feb 5, 2025
    risk 0.00cvss epss 0.01

    Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.2.49.0 to 7.2.54.12…

  • CVE-2024-11627Jan 7, 2025
    risk 0.00cvss epss 0.00

    : Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421.

  • CVE-2024-11626Jan 7, 2025
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Progress Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300…

  • CVE-2024-11625Jan 7, 2025
    risk 0.00cvss epss 0.00

    Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421.

  • CVE-2024-10095Dec 16, 2024
    risk 0.00cvss epss 0.01

    In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability.

  • CVE-2024-46905Dec 2, 2024
    risk 0.00cvss epss 0.02

    In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user (at least Network Manager permissions required) to achieve privilege escalation to the admin account.

  • CVE-2024-7295Nov 13, 2024
    risk 0.00cvss epss 0.00

    In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information.

  • CVE-2024-8049Nov 13, 2024
    risk 0.00cvss epss 0.00

    In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 (2024.4.1106), importing a document with unsupported features can lead to excessive processing, leading to excessive use of computing resources leaving the application process unavailable.

  • CVE-2024-10012Nov 13, 2024
    risk 0.00cvss epss 0.00

    In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1111), a code execution attack is possible through an insecure deserialization vulnerability.

  • CVE-2024-10013Nov 13, 2024
    risk 0.00cvss epss 0.00

    In Progress Telerik UI for WinForms versions prior to 2024 Q4 (2024.4.1113), a code execution attack is possible through an insecure deserialization vulnerability.

  • CVE-2024-7763Oct 24, 2024
    risk 0.00cvss epss 0.01

    In WhatsUp Gold versions released before 2024.0.0,  an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials.

  • CVE-2024-8755Oct 11, 2024
    risk 0.00cvss epss 0.01

    Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive)    From 7.2.49.0 to 7.2.54.12…

  • CVE-2024-8015Oct 9, 2024
    risk 0.00cvss epss 0.01

    In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability.

  • CVE-2024-7292Oct 9, 2024
    risk 0.00cvss epss 0.00

    In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a credential stuffing attack is possible through improper restriction of excessive login attempts.

  • CVE-2024-7294Oct 9, 2024
    risk 0.00cvss epss 0.00

    In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting.

  • CVE-2024-7293Oct 9, 2024
    risk 0.00cvss epss 0.00

    In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements.

  • CVE-2024-7840Oct 9, 2024
    risk 0.00cvss epss 0.01

    In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements.

  • CVE-2024-8048Oct 9, 2024
    risk 0.00cvss epss 0.00

    In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation.

  • CVE-2024-8014Oct 9, 2024
    risk 0.00cvss epss 0.01

    In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability.

  • CVE-2024-8316Sep 25, 2024
    risk 0.00cvss epss 0.00

    In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability.

  • CVE-2024-7576Sep 25, 2024
    risk 0.00cvss epss 0.00

    In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability.

  • CVE-2024-7575Sep 25, 2024
    risk 0.00cvss epss 0.01

    In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements.

  • CVE-2024-7679Sep 25, 2024
    risk 0.00cvss epss 0.01

    In Progress Telerik UI for WinForms versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements.

  • CVE-2024-6658Sep 12, 2024
    risk 0.00cvss epss 0.01

    Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects:  Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.0 (inclusive)    From 7.2.49.0 to 7.2.54.11…

  • CVE-2024-7346Sep 3, 2024
    risk 0.00cvss epss 0.00

    Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection.  This has been corrected so that default certificates are no longer capable of overriding host name…

  • CVE-2024-7345Sep 3, 2024
    risk 0.00cvss epss 0.01

    Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms

  • CVE-2024-7654Sep 3, 2024
    risk 0.00cvss epss 0.00

    An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OEM auto-discovery feature was activated.  Unauthorized access to the discovery service's UDP port allowed content injection into parts of the OEM web interface making it…