Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2024-6670 KEV | In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. | 9.8 | 94.47% | 2024-08-29 | 2025-10-31 |
| CVE-2023-40044 KEV | In WS_FTP Server versions prior to 8.7.4 and 8.8.2, a pre-authenticated attacker could leverage a .NET deserialization vulnerability in the Ad Hoc Transfer module to execute remote commands on the underlying WS_FTP Server operating system. | 10.0 | 94.44% | 2023-09-27 | 2025-10-31 |
| CVE-2024-2389 | In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands. | 10.0 | 94.35% | 2024-04-02 | 2025-02-07 |
| CVE-2024-1212 KEV | Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution. | 10.0 | 94.35% | 2024-02-21 | 2026-02-26 |
| CVE-2024-4358 KEV | In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability. | 9.8 | 94.34% | 2024-05-29 | 2025-10-31 |
| CVE-2024-4885 KEV | In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The WhatsUp.ExportUtilities.Export.GetFileWithoutZip allows execution of commands with iisapppool\nmconsole privileges. | 9.8 | 94.26% | 2024-06-25 | 2025-10-31 |
| CVE-2024-4883 | In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. This vulnerability allows an unauthenticated attacker to achieve the RCE as a service account through NmApi.exe. | 9.8 | 90.21% | 2024-06-25 | 2024-11-21 |
| CVE-2024-5806 | Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2. | 9.1 | 89.46% | 2024-06-25 | 2025-01-16 |
| CVE-2024-6671 | In WhatsUp Gold versions released before 2024.0.0, if the application is configured with only a single user, a SQL Injection vulnerability allows an unauthenticated attacker to retrieve the users encrypted password. | 9.8 | 76.18% | 2024-08-29 | 2024-09-04 |
| CVE-2024-1800 | In Progress® Telerik® Report Server versions prior to 2024 Q1 (10.0.24.130), a remote code execution attack is possible through an insecure deserialization vulnerability. | 9.9 | 72.33% | 2024-03-20 | 2025-01-16 |
| CVE-2024-4884 | In WhatsUp Gold versions released before 2023.1.3, an unauthenticated Remote Code Execution vulnerability in Progress WhatsUpGold. The Apm.UI.Areas.APM.Controllers.CommunityController allows execution of commands with iisapppool\nmconsole privileges. | 9.8 | 55.49% | 2024-06-25 | 2024-11-21 |
| CVE-2024-2448 | An OS command injection vulnerability has been identified in LoadMaster. An authenticated UI user with any permission settings may be able to inject commands into a UI component using a shell command resulting in OS command injection. | 8.4 | 44.75% | 2024-03-22 | 2025-02-11 |
| CVE-2024-46909 | In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account. | 9.8 | 40.81% | 2024-12-02 | 2024-12-10 |
| CVE-2024-5009 | In WhatsUp Gold versions released before 2023.1.3, an Improper Access Control vulnerability in Wug.UI.Controllers.InstallController.SetAdminPassword allows local attackers to modify admin's password. | 8.4 | 36.01% | 2024-06-25 | 2024-11-21 |
| CVE-2024-7591 | Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above | 10.0 | 34.53% | 2024-09-05 | 2025-02-18 |
| CVE-2024-12106 | In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings. | 9.4 | 32.66% | 2024-12-31 | 2025-01-06 |
| CVE-2024-5008 | In WhatsUp Gold versions released before 2023.1.3, an authenticated user with certain permissions can upload an arbitrary file and obtain RCE using Apm.UI.Areas.APM.Controllers.Api.Applications.AppProfileImportController. | 8.8 | 32.04% | 2024-06-25 | 2024-11-21 |
| CVE-2026-2699 | Customer Managed ShareFile Storage Zones Controller (SZC) allows an unauthenticated attacker to access restricted configuration pages. This leads to changing system configuration and potential remote code execution. | 9.8 | 31.16% | 2026-04-02 | 2026-04-21 |
| CVE-2024-5010 | In WhatsUp Gold versions released before 2023.1.3, a vulnerability exists in the TestController functionality. A specially crafted unauthenticated HTTP request can lead to a disclosure of sensitive information. | 7.5 | 28.49% | 2024-06-25 | 2024-11-21 |
| CVE-2024-46906 | In WhatsUp Gold versions released before 2024.0.1, a SQL Injection vulnerability allows an authenticated low-privileged user (at least Report Viewer permissions required) to achieve privilege escalation to the admin account. | 8.8 | 26.99% | 2024-12-02 | 2024-12-06 |