Aggregates CVE and security vulnerability intelligence across all Progress Software-related products, including CVSS, EPSS, publication dates, and vulnerability intelligence data.
Historical issues mainly involve vendor risk ssrf, vendor risk csrf, and vendor risk buffer overflow and related problems; some flaws may lead to vendor impact application crash and vendor impact memory corruption.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2024-12251 | In Progress Telerik UI for WinUI versions prior to 2025 Q1 (3.0.0), a command injection attack is possible through improper neutralization of hyperlink elements. | [email protected] | 7.8 | 0.54% | 2025-02-12 | 2026-05-21 |
| CVE-2024-56135 | Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) | [email protected] | 8.4 | 0.56% | 2025-02-05 | 2025-07-31 |
| CVE-2024-56134 | Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) | [email protected] | 8.4 | 0.56% | 2025-02-05 | 2025-07-31 |
| CVE-2024-56133 | Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) | [email protected] | 8.4 | 0.56% | 2025-02-05 | 2025-07-31 |
| CVE-2024-56132 | Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) | [email protected] | 8.4 | 6.07% | 2025-02-05 | 2025-07-31 |
| CVE-2024-56131 | Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) | [email protected] | 8.4 | 0.58% | 2025-02-05 | 2025-07-31 |
| CVE-2024-11627 | : Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. | [email protected] | 6.8 | 0.31% | 2025-01-07 | 2025-07-29 |
| CVE-2024-11626 | Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Progress Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. | [email protected] | 8.4 | 0.34% | 2025-01-07 | 2025-07-29 |
| CVE-2024-11625 | Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. | [email protected] | 7.7 | 0.29% | 2025-01-07 | 2025-07-29 |
| CVE-2024-12108 | In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API. | [email protected] | 9.6 | 6.80% | 2024-12-31 | 2025-01-06 |
| CVE-2024-12106 | In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings. | [email protected] | 9.4 | 9.44% | 2024-12-31 | 2025-01-06 |
| CVE-2024-12105 | In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure. | [email protected] | 6.5 | 42.37% | 2024-12-31 | 2025-01-08 |
| CVE-2024-8785 | In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage NmAPI.exe to create or change an existing registry value in registry path HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Ipswitch\. | [email protected] | 9.8 | 9.50% | 2024-12-02 | 2024-12-09 |
| CVE-2024-46909 | In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account. | [email protected] | 9.8 | 49.17% | 2024-12-02 | 2024-12-10 |
| CVE-2024-46908 | In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. | [email protected] | 8.8 | 2.21% | 2024-12-02 | 2024-12-10 |
| CVE-2024-46907 | In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. | [email protected] | 8.8 | 2.21% | 2024-12-02 | 2024-12-10 |
| CVE-2024-46906 | In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. | [email protected] | 8.8 | 40.58% | 2024-12-02 | 2024-12-06 |
| CVE-2024-46905 | In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated lower-privileged user (at least Network Manager permissions required) to achieve privilege escalation to the admin account. | [email protected] | 8.8 | 2.21% | 2024-12-02 | 2024-12-03 |
| CVE-2024-8049 | In Progress Telerik Document Processing Libraries, versions prior to 2024 Q4 (2024.4.1106), importing a document with unsupported features can lead to excessive processing, leading to excessive use of computing resources leaving the application process unavailable. | [email protected] | 6.5 | 0.41% | 2024-11-13 | 2024-11-18 |
| CVE-2024-7295 | In Progress® Telerik® Report Server versions prior to 2024 Q4 (10.3.24.1112), the encryption of local asset data used an older algorithm which may allow a sophisticated actor to decrypt this information. | [email protected] | 7.1 | 0.11% | 2024-11-13 | 2024-11-18 |