Progress Security Vulnerabilities (CVEs)
Track 89 security vulnerabilities affecting Progress products and software. Get instant email alerts when new CVEs are discovered, automated security monitoring, and patch guidance.
This vulnerability allows unauthenticated attackers to access restricted functionality in Progress Telerik Report Server due to a trust boundary viola...
May 15, 2024This vulnerability allows a local threat actor to execute arbitrary code on systems running vulnerable versions of Progress Telerik Reporting. The att...
May 15, 2024This CVE describes an XML External Entity (XXE) vulnerability in Progress Telerik Report Server that allows low-privilege authenticated attackers to r...
May 15, 2024A local code execution vulnerability in Telerik UI for WinForms allows untrusted theme assemblies to execute arbitrary code on Windows systems. This a...
May 15, 2024This SSRF vulnerability in WhatsUp Gold allows authenticated users to make unauthorized HTTP requests through the HTTP Monitoring functionality. Attac...
May 14, 2024Unauthenticated attackers on the same network can use SSH private keys to perform actions on LoadMaster HA/Cluster machines by knowing their IP addres...
May 2, 2024CVE-2024-2389 is a critical command injection vulnerability in Flowmon network monitoring software that allows unauthenticated attackers to execute ar...
Apr 2, 2024An authenticated OS command injection vulnerability in LoadMaster allows any authenticated UI user to execute arbitrary operating system commands thro...
Mar 22, 2024This vulnerability allows remote attackers to execute arbitrary code on Progress Telerik Report Server through insecure deserialization. Attackers can...
Mar 20, 2024CVE-2024-1632 is an improper access control vulnerability in Progress Sitefinity CMS that allows low-privileged backend users to access sensitive admi...
Feb 28, 2024CVE-2024-1212 is a critical vulnerability in LoadMaster load balancers that allows unauthenticated remote attackers to execute arbitrary system comman...
Feb 21, 2024This vulnerability allows attackers to inject malicious scripts into the WS_FTP Server administrative interface through user-supplied inputs. When exp...
Feb 21, 2024A privilege elevation vulnerability in Telerik Test Studio installer allows lower-privileged users to manipulate installation packages and gain elevat...
Jan 31, 2024This CVE describes a privilege escalation vulnerability in Telerik JustDecompile's installer component. Attackers with local access can manipulate ins...
Jan 31, 2024This vulnerability allows attackers to upload arbitrary files to Progress Application Server (PAS) for OpenEdge via the WEB transport. Affected organi...
Jan 18, 2024This CVE describes an input validation vulnerability in Progress MOVEit Transfer that allows authenticated users to manipulate HTTPS transaction param...
Jan 17, 2024CVE-2023-6595 is an authentication bypass vulnerability in WhatsUp Gold network monitoring software. Unauthenticated attackers can access an API endpo...
Dec 14, 2023This stored XSS vulnerability in WhatsUp Gold allows attackers to inject malicious JavaScript into the Alert Center. When users interact with the craf...
Dec 14, 2023A stored cross-site scripting (XSS) vulnerability in WhatsUp Gold allows attackers to inject malicious JavaScript into dashboard components. When user...
Dec 14, 2023This reflected cross-site scripting (XSS) vulnerability in Progress MOVEit Transfer allows attackers to execute malicious JavaScript in victims' brows...
Nov 29, 2023This vulnerability allows authenticated Ad Hoc Transfer users in WS_FTP Server to upload arbitrary files to any location on the underlying operating s...
Nov 7, 2023A directory traversal vulnerability in WS_FTP Server allows attackers to perform file operations (delete, rename, create, remove) outside their author...
Sep 27, 2023This stored XSS vulnerability in WS_FTP Server allows attackers with administrative privileges to inject malicious JavaScript via SSL certificate impo...
Sep 27, 2023This reflected cross-site scripting (XSS) vulnerability in WS_FTP Server's Ad Hoc Transfer module allows attackers to execute malicious JavaScript in ...
Sep 27, 2023This SQL injection vulnerability in Progress MOVEit Transfer allows authenticated attackers to execute arbitrary SQL commands against the database. At...
Sep 20, 2023This CVE describes multiple SQL injection vulnerabilities in Progress MOVEit Transfer that allow authenticated attackers to modify and disclose databa...
Jul 5, 2023This is a critical SQL injection vulnerability in Progress MOVEit Transfer that allows unauthenticated attackers to access and modify the database. Al...
Jul 5, 2023This vulnerability allows any authenticated user in Progress OpenEdge Management or OpenEdge Explorer to perform URL injection attacks to escalate pri...
Jun 23, 2023This is a critical SQL injection vulnerability in Progress MOVEit Transfer that allows unauthenticated attackers to execute arbitrary SQL commands aga...
Jun 16, 2023CVE-2023-35036 is a critical SQL injection vulnerability in Progress MOVEit Transfer that allows unauthenticated attackers to execute arbitrary SQL co...
Jun 12, 2023This vulnerability allows remote code execution via buffer overflow in Progress DataDirect Connect for ODBC Oracle Wire Protocol driver. Attackers can...
Jun 9, 2023This path traversal vulnerability in Progress Flowmon Packet Investigator allows authenticated users to access arbitrary files on the local filesystem...
Apr 21, 2023This vulnerability allows attackers to upload dangerous files through the SharePoint connector in Progress Sitefinity CMS. It affects all Sitefinity i...
Apr 10, 2023This vulnerability allows unauthenticated attackers to invoke an API transaction that relays encrypted WhatsUp Gold user credentials to arbitrary host...
May 11, 2022This vulnerability allows local attackers to escalate privileges on Progress OpenEdge systems by exploiting SUID binaries. Affected users are those ru...
May 2, 2022CVE-2021-38159 is a critical SQL injection vulnerability in Progress MOVEit Transfer that allows unauthenticated remote attackers to execute arbitrary...
Aug 7, 2021This SQL injection vulnerability in Progress MOVEit Transfer allows authenticated remote attackers to execute arbitrary SQL queries against the databa...
Aug 5, 2021This SQL injection vulnerability in Progress MOVEit Transfer allows authenticated attackers to execute arbitrary SQL commands against the database. Af...
Jun 9, 2021This CVE describes a vulnerability in Progress Telerik UI for ASP.NET AJAX that allows unauthorized access to MicrosoftAjax.js through the Telerik.Web...
Mar 11, 2021Why Monitor Progress Security Vulnerabilities?
Real-time CVE tracking: Our automated system monitors 89+ known vulnerabilities affecting Progress products and software packages. Stay ahead of emerging threats with instant email notifications when new security issues are discovered.
Automated security monitoring: Unlike manual CVE checking, FixTheCVE automatically scans your servers and detects vulnerable Progress packages in under 60 seconds. No agents required - completely agentless scanning that works across Progress deployments.
Free vulnerability database: Access detailed information about every Progress CVE including CVSS scores, severity ratings, affected versions, and actionable patch guidance. Filter by critical, high, medium, or low severity to prioritize your security remediation efforts.
🚀 Get Started in 60 Seconds
- Register free account & add your servers
- Run one-time scan or schedule automatic monitoring (every 1-24 hours)
- Receive instant alerts when new Progress CVEs affect your systems
- Access dashboard with severity breakdown & fix instructions
