Filtered by vendor Progress
Subscribe
Total
246 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2026-7313 | 1 Progress | 1 Sitefinity | 2026-06-04 | N/A | 8.7 HIGH |
| CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 8.0.5700 to 13.3.7652 allows a remote authenticated attacker to obtain plain-text credentials used connect to Sitefinity Insight service. Successful exploitation requires active integration with Sitefinity Insight, non-default site configuration and valid back-end authorization. | |||||
| CVE-2026-7312 | 1 Progress | 1 Sitefinity | 2026-06-04 | N/A | 10.0 CRITICAL |
| CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from 14.0.7700 to 14.4.8152, and 15.0.8200 to 15.0.8234, and 15.1.8300 to 15.1.8335, 15.2.8400 to 15.2.8441, 15.3.8500 to 15.3.8531, and 15.4.8600 to 15.4.8630 allows a remote unauthenticated attacker to obtain plain-text credentials used connect to Sitefinity Insight service. Successful exploitation requires active integration with Sitefinity Insight and non-default site configuration. | |||||
| CVE-2026-7195 | 1 Progress | 1 Sitefinity | 2026-06-04 | N/A | 8.8 HIGH |
| CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote unauthenticated attacker to compromise the integrity and confidentiality of user accounts. Successful exploitation requires user interaction and a non-default site configuration. | |||||
| CVE-2026-7198 | 1 Progress | 1 Sitefinity | 2026-06-04 | N/A | 9.8 CRITICAL |
| CWE-284: Improper Access Control in web services in Progress Sitefinity 15.4.8623 before 15.4.8630 allows a remote unauthenticated attacker to access content that should be restricted, resulting in full compromise of confidentiality, integrity, and availability of affected installations. | |||||
| CVE-2026-7201 | 1 Progress | 1 Sitefinity | 2026-06-04 | N/A | 8.8 HIGH |
| CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote authenticated attacker to modify account properties of other users, potentially leading to account compromise. Successful exploitation requires knowledge of values that are not generally exposed to low-privileged users. | |||||
| CVE-2024-12251 | 1 Progress | 1 Telerik Ui For Winui | 2026-05-21 | N/A | 7.8 HIGH |
| In Progress Telerik UI for WinUI versions prior to 2025 Q1 (3.0.0), a command injection attack is possible through improper neutralization of hyperlink elements. | |||||
| CVE-2026-8488 | 1 Progress | 1 Moveit Automation | 2026-05-21 | N/A | 4.3 MEDIUM |
| Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7. | |||||
| CVE-2026-8487 | 1 Progress | 1 Moveit Automation | 2026-05-21 | N/A | 6.5 MEDIUM |
| Incorrect default permissions vulnerability in Progress Software MOVEit Automation allows Retrieve Embedded Sensitive Data. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7. | |||||
| CVE-2026-8486 | 1 Progress | 1 Moveit Automation | 2026-05-21 | N/A | 5.3 MEDIUM |
| Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation allows Flooding. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7. | |||||
| CVE-2026-8485 | 1 Progress | 1 Moveit Automation | 2026-05-20 | N/A | 5.9 MEDIUM |
| Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation allows Excessive Allocation. This issue affects MOVEit Automation: before 2025.0.11, from 2025.1.0 before 2025.1.7. | |||||
| CVE-2017-1000026 | 1 Progress | 1 Mixlib-archive | 2026-05-13 | 5.0 MEDIUM | 7.5 HIGH |
| Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries | |||||
| CVE-2017-9140 | 1 Progress | 2 Sitefinity Cms, Telerik Reporting | 2026-05-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd. | |||||
| CVE-2015-9245 | 1 Progress | 1 Openedge | 2026-05-13 | 7.5 HIGH | 9.8 CRITICAL |
| Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931. | |||||
| CVE-2016-1000000 | 1 Progress | 1 Whatsup Gold | 2026-05-06 | 6.5 MEDIUM | 8.8 HIGH |
| Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection | |||||
| CVE-2014-8555 | 1 Progress | 1 Openedge | 2026-05-06 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the selection parameter. | |||||
| CVE-2015-6004 | 1 Progress | 1 Whatsup Gold | 2026-05-06 | 6.5 MEDIUM | 6.5 MEDIUM |
| Multiple SQL injection vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to execute arbitrary SQL commands via (1) the UniqueID (aka sUniqueID) parameter to WrFreeFormText.asp in the Reports component or (2) the Find Device parameter. | |||||
| CVE-2015-8261 | 1 Progress | 1 Whatsup Gold | 2026-05-06 | 7.5 HIGH | 9.8 CRITICAL |
| The DroneDeleteOldMeasurements implementation in Ipswitch WhatsUp Gold before 16.4 does not properly validate serialized XML objects, which allows remote attackers to conduct SQL injection attacks via a crafted SOAP request. | |||||
| CVE-2015-6005 | 1 Progress | 1 Whatsup Gold | 2026-05-06 | 3.5 LOW | 6.9 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor Credentials field, (6) the Flow Monitor Threshold Name field, (7) the Task Library Name field, (8) the Task Library Description field, (9) the Policy Library Name field, (10) the Policy Library Description field, (11) the Template Library Name field, (12) the Template Library Description field, (13) the System Script Library Name field, (14) the System Script Library Description field, or (15) the CLI Settings Library Description field. | |||||
| CVE-2014-2217 | 1 Progress | 1 Telerik Ui For Asp.net Ajax | 2026-05-06 | 7.5 HIGH | N/A |
| Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in the UploadID metadata value. | |||||
| CVE-2026-6022 | 1 Progress | 1 Telerik Ui For Asp.net Ajax | 2026-05-05 | N/A | 7.5 HIGH |
| In Progress® Telerik® UI for AJAX prior to 2026.1.421, RadAsyncUpload contains an uncontrolled resource consumption vulnerability that allows file uploads to exceed the configured maximum size due to missing cumulative size enforcement during chunk reassembly, leading to disk space exhaustion. | |||||