NVD や CVE、ほか複数の脅威フィードを束ね、RCE など高リスクな事象を深く追える一覧です。CVSS と EPSS を組み合わせ、Exploit 参照や PoC の有無から悪用しやすさを追跡します。ベンダー修正や緩和策の文脈とあわせて優先度を決め、対応サイクルを短く保ちつつ重要資産を守る支援をします。
Assigner(CNA/発行元):[email protected] この条件を外す
| CVE | 説明 | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|
| CVE-2026-8037 | OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints | 9.6 | 1.87% | 2026-06-04 | 2026-06-17 |
| CVE-2026-5174 | Improper input validation vulnerability in Progress Software MOVEit Automation allows Privilege Escalation. This issue affects MOVEit Automation: from 2025.1.0 before 2025.1.5, from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0. | 7.7 | 3.24% | 2026-04-30 | 2026-06-17 |
| CVE-2026-4670 | Authentication bypass by primary weakness vulnerability in Progress Software MOVEit Automation allows Authentication Bypass. This issue affects MOVEit Automation: from 2025.0.0 before 2025.0.9, from 2024.0.0 before 2024.1.8, versions prior to 2024.0.0. | 9.8 | 5.63% | 2026-04-30 | 2026-06-17 |
| CVE-2026-4048 | OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in a custom WAF rule file during the file upload process. | 8.4 | 2.13% | 2026-04-20 | 2026-06-17 |
| CVE-2026-3519 | OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'aclcontrol' command | 8.4 | 2.13% | 2026-04-20 | 2026-06-17 |
| CVE-2026-3518 | OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'killsession' command | 8.4 | 2.52% | 2026-04-20 | 2026-06-17 |
| CVE-2026-3517 | OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'addcountry' command | 8.4 | 18.24% | 2026-04-20 | 2026-06-17 |
| CVE-2026-2701 | Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution. | 9.1 | 48.81% | 2026-04-02 | 2026-06-17 |
| CVE-2026-2699 | Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution. | 9.8 | 49.42% | 2026-04-02 | 2026-06-17 |
| CVE-2025-13447 | OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters | 8.4 | 25.39% | 2026-01-13 | 2026-06-17 |
| CVE-2025-13444 | OS Command Injection Remote Code Execution Vulnerability in API in Progress LoadMaster allows an authenticated attacker with “User Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the API input parameters | 8.4 | 25.39% | 2026-01-13 | 2026-06-17 |
| CVE-2025-8868 | In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in the compliance service via improperly neutralized inputs used in an SQL command using a well-known token. | 9.8 | 22.83% | 2025-09-29 | 2026-06-17 |
| CVE-2025-3600 | In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the hosting process and denial of service. | 7.5 | 19.06% | 2025-05-14 | 2026-06-17 |
| CVE-2025-1758 | Improper Input Validation vulnerability in Progress LoadMaster allows : Buffer OverflowThis issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above | 4.3 | 4.79% | 2025-03-19 | 2026-06-17 |
| CVE-2024-56132 | Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) | 8.4 | 6.07% | 2025-02-05 | 2026-06-17 |
| CVE-2024-12108 | In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API. | 9.6 | 6.80% | 2024-12-31 | 2026-06-17 |
| CVE-2024-12106 | In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings. | 9.4 | 9.44% | 2024-12-31 | 2026-06-17 |
| CVE-2024-12105 | In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure. | 6.5 | 42.37% | 2024-12-31 | 2026-06-17 |
| CVE-2024-8785 | In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\. | 9.8 | 9.50% | 2024-12-02 | 2026-06-17 |
| CVE-2024-46909 | In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account. | 9.8 | 49.17% | 2024-12-02 | 2026-06-17 |