Aggregating NVD, CVE, and multi-source threat feeds, this list provides deep analysis of high-risk threats such as RCE. By integrating CVSS and EPSS models, the system dynamically tracks Exp (Exploit) resources and PoC availability to accurately assess Exploitability. Combined with official Patches and remediation strategies, it helps prioritize Vulnerability Management workflows, significantly shortening response cycles and securing your critical assets.
Assigner (CNA / source):[email protected] Remove this filter
| CVE | Description | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|
| CVE-2024-4883 | In WhatsUp Gold versions released before 2023.1.3, a Remote Code Execution issue exists in Progress WhatsUp Gold. This vulnerability allows an unauthenticated attacker to achieve the RCE as a service account through NmApi.exe. | 9.8 | 64.78% | 2024-06-25 | 2026-06-17 |
| CVE-2024-46909 | In WhatsUp Gold versions released before 2024.0.1, a remote unauthenticated attacker could leverage this vulnerability to execute code in the context of the service account. | 9.8 | 49.17% | 2024-12-02 | 2026-06-17 |
| CVE-2024-4358 KEV | In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass vulnerability. | 9.8 | 97.48% | 2024-05-29 | 2026-06-17 |
| CVE-2026-8037 | OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints | 9.6 | 1.87% | 2026-06-04 | 2026-06-17 |
| CVE-2024-12108 | In WhatsUp Gold versions released before 2024.0.2, an attacker can gain access to the WhatsUp Gold server via the public API. | 9.6 | 6.80% | 2024-12-31 | 2026-06-17 |
| CVE-2024-12106 | In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings. | 9.4 | 9.44% | 2024-12-31 | 2026-06-17 |
| CVE-2026-2701 | Authenticated user can upload a malicious file to the server and execute it, which leads to remote code execution. | 9.1 | 48.81% | 2026-04-02 | 2026-06-17 |
| CVE-2025-8095 | The OECH1 prefix encoding is intended to obfuscate values across the OpenEdge platform. It has been identified as cryptographically weak and unsuitable for stored encodings and enterprise applications. OECH1 encodings should be considered exploitable and immediately replaced by any other supported prefix encoding, all of which are based on symmetric encryption. | 9.1 | 0.22% | 2026-04-14 | 2026-06-17 |
| CVE-2024-8015 | In Progress Telerik Report Server versions prior to 2024 Q3 (10.2.24.924), a remote code execution attack is possible through object injection via an insecure type resolution vulnerability. | 9.1 | 0.82% | 2024-10-09 | 2026-06-17 |
| CVE-2024-5806 | Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2. | 9.1 | 75.81% | 2024-06-25 | 2026-06-17 |
| CVE-2024-5805 | Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows Authentication Bypass.This issue affects MOVEit Gateway: 2024.0.0. | 9.1 | 7.55% | 2024-06-25 | 2026-06-17 |
| CVE-2023-42659 | In WS_FTP Server versions prior to 8.7.6 and 8.8.4, an unrestricted file upload flaw has been identified. An authenticated Ad Hoc Transfer user has the ability to craft an API call which allows them to upload a file to a specified location on the underlying operating system hosting the WS_FTP Server application. | 9.1 | 0.90% | 2023-11-07 | 2026-06-17 |
| CVE-2023-40051 | This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system running PASOE. If the upload contains a payload that can further exploit the server or its network, the launch of a larger scale attack may be possible. | 9.1 | 0.56% | 2024-01-18 | 2026-06-17 |
| CVE-2026-7201 | CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote authenticated attacker to modify account properties of other users, potentially leading to account compromise. Successful exploitation requires knowledge of values that are not generally exposed to low-privileged users. | 8.8 | 0.31% | 2026-06-02 | 2026-06-17 |
| CVE-2026-7195 | CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote unauthenticated attacker to compromise the integrity and confidentiality of user accounts. Successful exploitation requires user interaction and a non-default site configuration. | 8.8 | 0.47% | 2026-06-02 | 2026-06-17 |
| CVE-2025-6724 | In Progress Chef Automate, versions earlier than 4.13.295, on Linux x86 platform, an authenticated attacker can gain access to Chef Automate restricted functionality in multiple services via improperly neutralized inputs used in an SQL command. | 8.8 | 0.33% | 2025-09-29 | 2026-06-17 |
| CVE-2025-13774 | A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.4 and 13.0.1 where an SQL injection vulnerability allows authenticated users to execute unintended SQL queries and commands. | 8.8 | 0.42% | 2026-01-13 | 2026-06-17 |
| CVE-2025-10240 | A vulnerability exists in the Progress Flowmon web application prior to version 12.5.5, whereby a user who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated session. | 8.8 | 0.29% | 2025-10-09 | 2026-06-17 |
| CVE-2025-0556 | In Progress® Telerik® Report Server, versions prior to 2025 Q1 (11.0.25.211) when using the older .NET Framework implementation, communication of non-sensitive information between the service agent process and app host process occurs over an unencrypted tunnel, which can be subjected to local network traffic sniffing. | 8.8 | 0.29% | 2025-02-12 | 2026-06-17 |
| CVE-2024-8014 | In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a code execution attack is possible through object injection via an insecure type resolution vulnerability. | 8.8 | 0.60% | 2024-10-09 | 2026-06-17 |