Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-9272 |
|
SQL Injection in progress (CVE-2026-9272)
SQL injection in progress (CVE-2026-9272). Confidential information can be exposed externally.
|
| CVE-2026-8079 |
|
Authorization Flaw in progress (CVE-2026-8079)
vulnerability in progress (CVE-2026-8079). Confidential information can be exposed externally.
|
| CVE-2026-7313 |
|
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from...
CWE‑522: Insufficiently Protected Credentials in web services in Progress Sitefinity version from...
|
| CVE-2026-7312 |
|
Vulnerability in progress (CVE-2026-7312)
vulnerability in progress (CVE-2026-7312). Confidential information can be exposed externally.
|
| CVE-2026-7201 |
|
CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity...
CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity...
|
| CVE-2026-7198 |
|
Vulnerability in progress (CVE-2026-7198)
vulnerability in progress (CVE-2026-7198). Successful exploitation can lead to full system takeover.
|
| CVE-2026-7195 |
|
CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x,...
CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x,...
|
| CVE-2026-8488 |
|
Vulnerability in progress (CVE-2026-8488)
vulnerability in progress (CVE-2026-8488). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8487 |
|
Vulnerability in progress (CVE-2026-8487)
vulnerability in progress (CVE-2026-8487). Confidential information can be exposed externally.
|
| CVE-2026-8486 |
|
Vulnerability in progress (CVE-2026-8486)
vulnerability in progress (CVE-2026-8486). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-8485 |
|
Vulnerability in progress (CVE-2026-8485)
vulnerability in progress (CVE-2026-8485). Risk of unauthorized operations or information disclosure.
|
| CVE-2026-3692 |
|
OS Command Injection in progress (CVE-2026-3692)
OS command injection in progress (CVE-2026-3692). Successful exploitation can lead to full system takeover.
|
| CVE-2026-2737 |
|
Cross-Site Scripting (XSS) in progress (CVE-2026-2737)
cross-site scripting in progress (CVE-2026-2737). Risk of unauthorized operations or information disclosure.
|
| CVE-2024-4885 KEV |
|
[KEV] Path Traversal in Progress whatsup-gold (CVE-2024-4885)
path traversal in Progress whatsup-gold (CVE-2024-4885). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-12251 |
|
Command Injection in telerik (CVE-2024-12251)
command injection in telerik (CVE-2024-12251). Successful exploitation can lead to full system takeover.
|
| CVE-2024-1212 KEV |
|
[KEV] OS Command Injection in Progress kemp-loadmaster (CVE-2024-1212)
OS command injection in Progress kemp-loadmaster (CVE-2024-1212). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-6670 KEV |
|
[KEV] SQL Injection in Progress whatsup-gold (CVE-2024-6670)
SQL injection in Progress whatsup-gold (CVE-2024-6670). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2024-4358 KEV |
|
[KEV] Vulnerability in Progress telerik-report-server (CVE-2024-4358)
vulnerability in Progress telerik-report-server (CVE-2024-4358). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-40044 KEV |
|
[KEV] Unsafe Deserialization in Progress ws-ftp-server (CVE-2023-40044)
vulnerability in Progress ws-ftp-server (CVE-2023-40044). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2023-34362 KEV |
|
[KEV] SQL Injection in Progress moveit-transfer (CVE-2023-34362)
SQL injection in Progress moveit-transfer (CVE-2023-34362). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2017-9248 KEV |
|
[KEV] Vulnerability in Progress aspnet-ajax-and-sitefinity (CVE-2017-9248)
vulnerability in Progress aspnet-ajax-and-sitefinity (CVE-2017-9248). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2019-18935 KEV |
|
[KEV] Unsafe Deserialization in Progress telerik-ui-for-aspnet-ajax (CVE-2019-18935)
vulnerability in Progress telerik-ui-for-aspnet-ajax (CVE-2019-18935). Risk of unauthorized operations or information disclosure. Listed in CISA KEV — actively exploited.
|
| CVE-2015-9245 |
|
Vulnerability in progress (CVE-2015-9245)
vulnerability in progress (CVE-2015-9245). Successful exploitation can lead to full system takeover.
|
| CVE-2017-1000026 |
|
Path Traversal in path-traversal (CVE-2017-1000026)
path traversal in path-traversal (CVE-2017-1000026). Data can be tampered with by attackers.
|
| CVE-2017-9140 |
|
Cross-Site Scripting (XSS) in csharp (CVE-2017-9140)
cross-site scripting in csharp (CVE-2017-9140). Risk of unauthorized operations or information disclosure.
|