Vendor CVEs
Progress (organisation)
All CVEs
218 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-2417 | 0.01 | — | 0.16 | Jul 15, 2007 | Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via… | |||
| CVE-2004-1848 | 0.01 | — | 0.08 | Dec 31, 2004 | Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial of service (disk consumption) and bypass file size restrictions via a REST command with a large size argument, followed by a STOR of a smaller file. | |||
| CVE-2002-0826 | 0.01 | — | 0.12 | Aug 12, 2002 | Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated users to execute arbitrary code via a long SITE CPWD command. | |||
| CVE-2026-8100 | 0.00 | — | 0.00 | Jun 18, 2026 | Impact A security issue has been identified in Chef 360 that could allow unauthorized access to protected API endpoints under specific conditions. This issue is due to improper handling of URL-encoded paths during request processing. In certain scenarios, an authenticated… | |||
| CVE-2026-2514 | 0.00 | — | 0.00 | Mar 12, 2026 | In Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, a vulnerability exists whereby an adversary with access to Flowmon monitoring ports may craft malicious network data that, when processed by Flowmon ADS and viewed by an authenticated user, could result in unintended… | |||
| CVE-2026-2878 | 0.00 | — | 0.00 | Feb 25, 2026 | In Progress® Telerik® UI for AJAX, versions prior to 2026.1.225, an insufficient entropy vulnerability exists in RadAsyncUpload, where a predictable temporary identifier, based on timestamp and filename, can enable collisions and file content tampering. | |||
| CVE-2025-13447 | 0.00 | — | 0.25 | Jan 13, 2026 | OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters | |||
| CVE-2025-13444 | 0.00 | — | 0.25 | Jan 13, 2026 | OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters | |||
| CVE-2025-13774 | 0.00 | — | 0.00 | Jan 13, 2026 | A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.4 and 13.0.1 where an SQL injection vulnerability allows authenticated users to execute unintended SQL queries and commands. | |||
| CVE-2025-6724 | 0.00 | — | 0.00 | Sep 29, 2025 | In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in multiple services via improperly neutralized inputs used in an SQL command. | |||
| CVE-2025-3600 | 0.00 | — | 0.19 | May 14, 2025 | In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the hosting process and denial of service. | |||
| CVE-2025-1758 | 0.00 | — | 0.05 | Mar 19, 2025 | Improper Input Validation vulnerability in Progress LoadMaster allows : Buffer OverflowThis issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above | |||
| CVE-2024-6097 | 0.00 | — | 0.00 | Feb 12, 2025 | In Progress® Telerik® Reporting versions prior to 2025 Q1 (19.0.25.211), information disclosure is possible by a local threat actor through an absolute path vulnerability. | |||
| CVE-2024-11629 | 0.00 | — | 0.00 | Feb 12, 2025 | In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), using .NET Standard 2.0, the contents of a file at an arbitrary path can be exported to RTF. | |||
| CVE-2024-11628 | 0.00 | — | 0.01 | Feb 12, 2025 | In Progress® Telerik® Kendo UI for Vue versions v2.4.0 through v6.0.1, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection. | |||
| CVE-2024-11343 | 0.00 | — | 0.01 | Feb 12, 2025 | In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), unzipping an archive can lead to arbitrary file system access. | |||
| CVE-2024-12629 | 0.00 | — | 0.01 | Feb 12, 2025 | In Progress® Telerik® KendoReact versions v3.5.0 through v9.4.0, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection. | |||
| CVE-2025-0332 | 0.00 | — | 0.00 | Feb 12, 2025 | In Progress® Telerik® UI for WinForms, versions prior to 2025 Q1 (2025.1.211), using the improper limitation of a target path can lead to decompressing an archive's content into a restricted directory. | |||
| CVE-2025-0556 | 0.00 | — | 0.00 | Feb 12, 2025 | In Progress® Telerik® Report Server, versions prior to 2025 Q1 (11.0.25.211) when using the older .NET Framework implementation, communication of non-sensitive information between the service agent process and app host process occurs over an unencrypted tunnel, which can be… | |||
| CVE-2024-56135 | 0.00 | — | 0.01 | Feb 5, 2025 | Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12… | |||
| CVE-2024-56134 | 0.00 | — | 0.01 | Feb 5, 2025 | Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12… | |||
| CVE-2024-56133 | 0.00 | — | 0.01 | Feb 5, 2025 | Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12… | |||
| CVE-2024-56132 | 0.00 | — | 0.06 | Feb 5, 2025 | Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12… | |||
| CVE-2024-56131 | 0.00 | — | 0.01 | Feb 5, 2025 | Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12… | |||
| CVE-2024-11627 | 0.00 | — | 0.00 | Jan 7, 2025 | : Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. | |||
| CVE-2024-11626 | 0.00 | — | 0.00 | Jan 7, 2025 | Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Progress Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300… | |||
| CVE-2024-11625 | 0.00 | — | 0.00 | Jan 7, 2025 | Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. | |||
| CVE-2024-10095 | 0.00 | — | 0.01 | Dec 16, 2024 | In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability. | |||
| CVE-2024-46905 | 0.00 | — | 0.02 | Dec 2, 2024 | In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user (at least Network Manager permissions required) to achieve privilege escalation to the admin account. | |||
| CVE-2024-7295 | 0.00 | — | 0.00 | Nov 13, 2024 | In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information. | |||
| CVE-2024-8049 | 0.00 | — | 0.00 | Nov 13, 2024 | In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 (2024.4.1106), importing a document with unsupported features can lead to excessive processing, leading to excessive use of computing resources leaving the application process unavailable. | |||
| CVE-2024-10012 | 0.00 | — | 0.00 | Nov 13, 2024 | In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1111), a code execution attack is possible through an insecure deserialization vulnerability. | |||
| CVE-2024-10013 | 0.00 | — | 0.00 | Nov 13, 2024 | In Progress Telerik UI for WinForms versions prior to 2024 Q4 (2024.4.1113), a code execution attack is possible through an insecure deserialization vulnerability. | |||
| CVE-2024-7763 | 0.00 | — | 0.01 | Oct 24, 2024 | In WhatsUp Gold versions released before 2024.0.0, an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials. | |||
| CVE-2024-8755 | 0.00 | — | 0.01 | Oct 11, 2024 | Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12… | |||
| CVE-2024-8015 | 0.00 | — | 0.01 | Oct 9, 2024 | In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability. | |||
| CVE-2024-7292 | 0.00 | — | 0.00 | Oct 9, 2024 | In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a credential stuffing attack is possible through improper restriction of excessive login attempts. | |||
| CVE-2024-7294 | 0.00 | — | 0.00 | Oct 9, 2024 | In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting. | |||
| CVE-2024-7293 | 0.00 | — | 0.00 | Oct 9, 2024 | In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements. | |||
| CVE-2024-7840 | 0.00 | — | 0.01 | Oct 9, 2024 | In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements. | |||
| CVE-2024-8048 | 0.00 | — | 0.00 | Oct 9, 2024 | In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation. | |||
| CVE-2024-8014 | 0.00 | — | 0.01 | Oct 9, 2024 | In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability. | |||
| CVE-2024-8316 | 0.00 | — | 0.00 | Sep 25, 2024 | In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability. | |||
| CVE-2024-7576 | 0.00 | — | 0.00 | Sep 25, 2024 | In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability. | |||
| CVE-2024-7575 | 0.00 | — | 0.01 | Sep 25, 2024 | In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. | |||
| CVE-2024-7679 | 0.00 | — | 0.01 | Sep 25, 2024 | In Progress Telerik UI for WinForms versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements. | |||
| CVE-2024-6658 | 0.00 | — | 0.01 | Sep 12, 2024 | Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.0 (inclusive) From 7.2.49.0 to 7.2.54.11… | |||
| CVE-2024-7346 | 0.00 | — | 0.00 | Sep 3, 2024 | Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection. This has been corrected so that default certificates are no longer capable of overriding host name… | |||
| CVE-2024-7345 | 0.00 | — | 0.01 | Sep 3, 2024 | Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms | |||
| CVE-2024-7654 | 0.00 | — | 0.00 | Sep 3, 2024 | An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OEM auto-discovery feature was activated. Unauthorized access to the discovery service's UDP port allowed content injection into parts of the OEM web interface making it… |
- CVE-2007-2417Jul 15, 2007risk 0.01cvss —epss 0.16
Heap-based buffer overflow in _mprosrv.exe in Progress Software Progress 9.1E and OpenEdge 10.1x, as used by the RSA Authentication Manager 6.0 and 6.1, SecurID Appliance 2.0, ACE/Server 5.2, and possibly other products, allows remote attackers to execute arbitrary code via…
- CVE-2004-1848Dec 31, 2004risk 0.01cvss —epss 0.08
Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial of service (disk consumption) and bypass file size restrictions via a REST command with a large size argument, followed by a STOR of a smaller file.
- CVE-2002-0826Aug 12, 2002risk 0.01cvss —epss 0.12
Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated users to execute arbitrary code via a long SITE CPWD command.
- CVE-2026-8100Jun 18, 2026risk 0.00cvss —epss 0.00
Impact A security issue has been identified in Chef 360 that could allow unauthorized access to protected API endpoints under specific conditions. This issue is due to improper handling of URL-encoded paths during request processing. In certain scenarios, an authenticated…
- CVE-2026-2514Mar 12, 2026risk 0.00cvss —epss 0.00
In Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, a vulnerability exists whereby an adversary with access to Flowmon monitoring ports may craft malicious network data that, when processed by Flowmon ADS and viewed by an authenticated user, could result in unintended…
- CVE-2026-2878Feb 25, 2026risk 0.00cvss —epss 0.00
In Progress® Telerik® UI for AJAX, versions prior to 2026.1.225, an insufficient entropy vulnerability exists in RadAsyncUpload, where a predictable temporary identifier, based on timestamp and filename, can enable collisions and file content tampering.
- CVE-2025-13447Jan 13, 2026risk 0.00cvss —epss 0.25
OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters
- CVE-2025-13444Jan 13, 2026risk 0.00cvss —epss 0.25
OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters
- CVE-2025-13774Jan 13, 2026risk 0.00cvss —epss 0.00
A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.4 and 13.0.1 where an SQL injection vulnerability allows authenticated users to execute unintended SQL queries and commands.
- CVE-2025-6724Sep 29, 2025risk 0.00cvss —epss 0.00
In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in multiple services via improperly neutralized inputs used in an SQL command.
- CVE-2025-3600May 14, 2025risk 0.00cvss —epss 0.19
In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the hosting process and denial of service.
- CVE-2025-1758Mar 19, 2025risk 0.00cvss —epss 0.05
Improper Input Validation vulnerability in Progress LoadMaster allows : Buffer OverflowThis issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above
- CVE-2024-6097Feb 12, 2025risk 0.00cvss —epss 0.00
In Progress® Telerik® Reporting versions prior to 2025 Q1 (19.0.25.211), information disclosure is possible by a local threat actor through an absolute path vulnerability.
- CVE-2024-11629Feb 12, 2025risk 0.00cvss —epss 0.00
In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), using .NET Standard 2.0, the contents of a file at an arbitrary path can be exported to RTF.
- CVE-2024-11628Feb 12, 2025risk 0.00cvss —epss 0.01
In Progress® Telerik® Kendo UI for Vue versions v2.4.0 through v6.0.1, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection.
- CVE-2024-11343Feb 12, 2025risk 0.00cvss —epss 0.01
In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), unzipping an archive can lead to arbitrary file system access.
- CVE-2024-12629Feb 12, 2025risk 0.00cvss —epss 0.01
In Progress® Telerik® KendoReact versions v3.5.0 through v9.4.0, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection.
- CVE-2025-0332Feb 12, 2025risk 0.00cvss —epss 0.00
In Progress® Telerik® UI for WinForms, versions prior to 2025 Q1 (2025.1.211), using the improper limitation of a target path can lead to decompressing an archive's content into a restricted directory.
- CVE-2025-0556Feb 12, 2025risk 0.00cvss —epss 0.00
In Progress® Telerik® Report Server, versions prior to 2025 Q1 (11.0.25.211) when using the older .NET Framework implementation, communication of non-sensitive information between the service agent process and app host process occurs over an unencrypted tunnel, which can be…
- CVE-2024-56135Feb 5, 2025risk 0.00cvss —epss 0.01
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12…
- CVE-2024-56134Feb 5, 2025risk 0.00cvss —epss 0.01
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12…
- CVE-2024-56133Feb 5, 2025risk 0.00cvss —epss 0.01
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12…
- CVE-2024-56132Feb 5, 2025risk 0.00cvss —epss 0.06
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12…
- CVE-2024-56131Feb 5, 2025risk 0.00cvss —epss 0.01
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12…
- CVE-2024-11627Jan 7, 2025risk 0.00cvss —epss 0.00
: Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421.
- CVE-2024-11626Jan 7, 2025risk 0.00cvss —epss 0.00
Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Progress Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300…
- CVE-2024-11625Jan 7, 2025risk 0.00cvss —epss 0.00
Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421.
- CVE-2024-10095Dec 16, 2024risk 0.00cvss —epss 0.01
In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213), a code execution attack is possible through an insecure deserialization vulnerability.
- CVE-2024-46905Dec 2, 2024risk 0.00cvss —epss 0.02
In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user (at least Network Manager permissions required) to achieve privilege escalation to the admin account.
- CVE-2024-7295Nov 13, 2024risk 0.00cvss —epss 0.00
In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information.
- CVE-2024-8049Nov 13, 2024risk 0.00cvss —epss 0.00
In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 (2024.4.1106), importing a document with unsupported features can lead to excessive processing, leading to excessive use of computing resources leaving the application process unavailable.
- CVE-2024-10012Nov 13, 2024risk 0.00cvss —epss 0.00
In Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1111), a code execution attack is possible through an insecure deserialization vulnerability.
- CVE-2024-10013Nov 13, 2024risk 0.00cvss —epss 0.00
In Progress Telerik UI for WinForms versions prior to 2024 Q4 (2024.4.1113), a code execution attack is possible through an insecure deserialization vulnerability.
- CVE-2024-7763Oct 24, 2024risk 0.00cvss —epss 0.01
In WhatsUp Gold versions released before 2024.0.0, an Authentication Bypass issue exists which allows an attacker to obtain encrypted user credentials.
- CVE-2024-8755Oct 11, 2024risk 0.00cvss —epss 0.01
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12…
- CVE-2024-8015Oct 9, 2024risk 0.00cvss —epss 0.01
In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability.
- CVE-2024-7292Oct 9, 2024risk 0.00cvss —epss 0.00
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a credential stuffing attack is possible through improper restriction of excessive login attempts.
- CVE-2024-7294Oct 9, 2024risk 0.00cvss —epss 0.00
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), an HTTP DoS attack is possible on anonymous endpoints without rate limiting.
- CVE-2024-7293Oct 9, 2024risk 0.00cvss —epss 0.00
In Progress® Telerik® Report Server versions prior to 2024 Q3 (10.2.24.806), a password brute forcing attack is possible through weak password requirements.
- CVE-2024-7840Oct 9, 2024risk 0.00cvss —epss 0.01
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a command injection attack is possible through improper neutralization of hyperlink elements.
- CVE-2024-8048Oct 9, 2024risk 0.00cvss —epss 0.00
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible using object injection via insecure expression evaluation.
- CVE-2024-8014Oct 9, 2024risk 0.00cvss —epss 0.01
In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability.
- CVE-2024-8316Sep 25, 2024risk 0.00cvss —epss 0.00
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability.
- CVE-2024-7576Sep 25, 2024risk 0.00cvss —epss 0.00
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a code execution attack is possible through an insecure deserialization vulnerability.
- CVE-2024-7575Sep 25, 2024risk 0.00cvss —epss 0.01
In Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements.
- CVE-2024-7679Sep 25, 2024risk 0.00cvss —epss 0.01
In Progress Telerik UI for WinForms versions prior to 2024 Q3 (2024.3.924), a command injection attack is possible through improper neutralization of hyperlink elements.
- CVE-2024-6658Sep 12, 2024risk 0.00cvss —epss 0.01
Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.0 (inclusive) From 7.2.49.0 to 7.2.54.11…
- CVE-2024-7346Sep 3, 2024risk 0.00cvss —epss 0.00
Host name validation for TLS certificates is bypassed when the installed OpenEdge default certificates are used to perform the TLS handshake for a networked connection. This has been corrected so that default certificates are no longer capable of overriding host name…
- CVE-2024-7345Sep 3, 2024risk 0.00cvss —epss 0.01
Local ABL Client bypass of the required PASOE security checks may allow an attacker to commit unauthorized code injection into Multi-Session Agents on supported OpenEdge LTS platforms up to OpenEdge LTS 11.7.18 and LTS 12.2.13 on all supported release platforms
- CVE-2024-7654Sep 3, 2024risk 0.00cvss —epss 0.00
An ActiveMQ Discovery service was reachable by default from an OpenEdge Management installation when an OEE/OEM auto-discovery feature was activated. Unauthorized access to the discovery service's UDP port allowed content injection into parts of the OEM web interface making it…
Page 3 of 5