Progress Security Vulnerabilities (CVEs)
Track 89 security vulnerabilities affecting Progress products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This CVE describes an OS command injection vulnerability in Progress LoadMaster's API that allows authenticated attackers with 'User Administration' p...
Jan 13, 2026An SQL injection vulnerability in Progress Flowmon ADS allows authenticated users to execute arbitrary SQL queries and commands. This affects versions...
Jan 13, 2026This vulnerability allows attackers to change passwords without proper verification in Progress MOVEit Transfer's REST API modules on Windows. It affe...
Jan 7, 2026This CVE describes a Server-Side Request Forgery (SSRF) vulnerability in Progress MOVEit Transfer that allows attackers to make unauthorized requests ...
Nov 19, 2025This vulnerability in Progress Software's Hybrid Data Pipeline Server allows attackers to combine OAuth client credentials from both HTTP headers and ...
Jul 29, 2025An unsafe reflection vulnerability in Progress Telerik UI for AJAX allows attackers to cause unhandled exceptions that crash the hosting process, resu...
May 14, 2025An unauthenticated database manipulation vulnerability in WhatsUp Gold allows attackers to modify the WrlsMacAddressGroup table without credentials. T...
Apr 14, 2025This vulnerability allows a local threat actor to disclose sensitive information through absolute path traversal in Progress Telerik Reporting. It aff...
Feb 12, 2025This CVE describes a prototype pollution vulnerability in Progress Telerik Kendo UI for Vue components. Attackers can manipulate global prototype obje...
Feb 12, 2025This vulnerability in Progress Telerik Document Processing Libraries allows attackers to export the contents of arbitrary files to RTF format, potenti...
Feb 12, 2025This vulnerability allows local network attackers to intercept unencrypted communication between Telerik Report Server components, potentially exposin...
Feb 12, 2025This vulnerability in Progress Telerik UI for WinForms allows attackers to perform path traversal attacks during archive decompression, potentially wr...
Feb 12, 2025This vulnerability in Progress Telerik Document Processing Libraries allows attackers to perform path traversal attacks when processing ZIP archives, ...
Feb 12, 2025This CVE describes a prototype pollution vulnerability in Progress Telerik KendoReact components where attackers can inject malicious properties into ...
Feb 12, 2025This CVE-2024-56134 is an OS command injection vulnerability in Progress LoadMaster that allows authenticated users to execute arbitrary operating sys...
Feb 5, 2025This CVE-2024-56135 is an authenticated OS command injection vulnerability in Progress LoadMaster that allows authenticated users to execute arbitrary...
Feb 5, 2025An authenticated user can execute arbitrary operating system commands on Progress LoadMaster due to improper input validation. This affects LoadMaster...
Feb 5, 2025This CVE-2024-56132 is an OS command injection vulnerability in Progress LoadMaster that allows authenticated users to execute arbitrary commands on t...
Feb 5, 2025This CVE-2024-56133 is an authenticated OS command injection vulnerability in Progress LoadMaster load balancers. It allows authenticated users to exe...
Feb 5, 2025This CVE describes an information exposure vulnerability in Progress Software Corporation's Sitefinity CMS where error messages reveal sensitive syste...
Jan 7, 2025This is a cross-site scripting (XSS) vulnerability in Progress Sitefinity CMS administrative backend that allows attackers to inject malicious scripts...
Jan 7, 2025This CVE describes a session fixation vulnerability in Progress Sitefinity CMS where session identifiers are not properly invalidated, allowing attack...
Jan 7, 2025This vulnerability allows authenticated users of WhatsUp Gold to craft HTTP requests that can disclose sensitive information. It affects all WhatsUp G...
Dec 31, 2024This vulnerability allows unauthenticated attackers to configure LDAP settings in WhatsUp Gold, potentially enabling them to redirect authentication t...
Dec 31, 2024CVE-2024-46909 is a critical remote code execution vulnerability in WhatsUp Gold network monitoring software. Unauthenticated attackers can exploit th...
Dec 2, 2024This vulnerability allows remote unauthenticated attackers to modify registry values in WhatsUp Gold installations, potentially enabling system compro...
Dec 2, 2024A SQL injection vulnerability in WhatsUp Gold versions before 2024.0.1 allows authenticated users with Network Manager permissions to escalate privile...
Dec 2, 2024A SQL injection vulnerability in WhatsUp Gold allows authenticated users with at least Report Viewer permissions to escalate privileges to admin accou...
Dec 2, 2024A SQL injection vulnerability in WhatsUp Gold allows authenticated low-privileged users (with at least Report Viewer permissions) to escalate privileg...
Dec 2, 2024A SQL injection vulnerability in WhatsUp Gold allows authenticated users with Report Viewer permissions to escalate privileges to admin accounts. This...
Dec 2, 2024This vulnerability in Progress Telerik Document Processing Libraries allows attackers to cause denial of service by submitting specially crafted docum...
Nov 13, 2024WhatsUp Gold versions before 2024.0.0 contain an authentication bypass vulnerability that allows attackers to obtain encrypted user credentials withou...
Oct 24, 2024This vulnerability allows remote attackers to execute arbitrary code on Progress Telerik Report Server by exploiting insecure type resolution through ...
Oct 9, 2024This vulnerability allows attackers to launch HTTP Denial-of-Service attacks against Progress Telerik Report Server by targeting anonymous endpoints t...
Oct 9, 2024This vulnerability allows remote attackers to execute arbitrary code on systems running vulnerable versions of Progress Telerik Reporting. Attackers c...
Oct 9, 2024This vulnerability allows attackers to perform credential stuffing attacks against Progress Telerik Report Server by bypassing login attempt restricti...
Oct 9, 2024This vulnerability allows attackers to bypass TLS host name validation when OpenEdge default certificates are used for network connections, enabling m...
Sep 3, 2024An unauthenticated SQL injection vulnerability in WhatsUp Gold allows attackers to retrieve encrypted user passwords. This affects all WhatsUp Gold ve...
Aug 29, 2024This SQL injection vulnerability in WhatsUp Gold allows authenticated low-privileged users to modify privileged user passwords, leading to privilege e...
Aug 29, 2024This vulnerability allows attackers to bypass multi-factor authentication in WS_FTP Server's Web Transfer Module. Users can log in with only username ...
Aug 28, 2024This CVE describes a remote code execution vulnerability in Progress Telerik Report Server caused by insecure deserialization. Attackers can exploit t...
Jul 24, 2024This path traversal vulnerability in WhatsUp Gold allows unauthenticated attackers to access files outside the intended directory via specially crafte...
Jun 25, 2024This vulnerability allows unauthenticated attackers to read arbitrary files on WhatsUp Gold servers with IIS application pool privileges. It affects W...
Jun 25, 2024An unauthenticated Denial of Service vulnerability in WhatsUp Gold allows attackers to force the application into the SetAdminPassword installation st...
Jun 25, 2024This vulnerability allows authenticated low-privileged users in WhatsUp Gold to perform server-side request forgery (SSRF) attacks. By chaining this S...
Jun 25, 2024This vulnerability allows local attackers to modify the administrator password in WhatsUp Gold through improper access control in the SetAdminPassword...
Jun 25, 2024An unauthenticated attacker can send specially crafted HTTP requests to the TestController Chart functionality in WhatsUp Gold, causing uncontrolled r...
Jun 25, 2024This vulnerability allows unauthenticated remote attackers to execute arbitrary code on WhatsUp Gold systems through the NmApi.exe component. Attacker...
Jun 25, 2024An unauthenticated remote code execution vulnerability in Progress WhatsUp Gold allows attackers to execute arbitrary commands with IIS application po...
Jun 25, 2024CVE-2024-5805 is an authentication bypass vulnerability in Progress MOVEit Gateway's SFTP modules that allows attackers to gain unauthorized access wi...
Jun 25, 2024Why Monitor Progress Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 89+ known vulnerabilities affecting Progress products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Progress packages in under 60 seconds. No agents required - completely agentless scanning that works across Progress deployments.
Free vulnerability database: Access detailed information about every Progress CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Progress CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
