CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2024-4885	High	94.3%	ProgressWhatsUp Gold	Progress WhatsUp Gold contains a path traversal vulnerability that allows an unauthenticated attacker to achieve remote code execution.	Mar 3, 2025	KEV
CVE-2024-1212	High	94.3%	ProgressKemp LoadMaster	Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution.	Nov 18, 2024	KEV
CVE-2024-6670	High 9.8	94.5%	ProgressWhatsUp Gold	Progress WhatsUp Gold contains a SQL injection vulnerability that allows an unauthenticated attacker to retrieve the user's encrypted password if the application is configured with only a single user.	Sep 16, 2024	KEV
CVE-2024-4358	High	94.3%	ProgressTelerik Report Server	Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability that allows an attacker to obtain unauthorized access.	Jun 13, 2024	KEV
CVE-2022-22071	High	0.6%	QualcommMultiple Chipsets	Multiple Qualcomm chipsets contain a use-after-free vulnerability when process shell memory is freed using IOCTL munmap call and process initialization is in progress.	Dec 5, 2023	KEV
CVE-2023-40044	High 10	94.4%	ProgressWS_FTP Server	Progress WS_FTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on the underlying operating system.	Oct 5, 2023	KEVExploit
CVE-2023-34362	High	94.3%	ProgressMOVEit Transfer	Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or delete database elements.	Jun 2, 2023	KEV
CVE-2017-11317	High	92.0%	TelerikUser Interface (UI) for ASP.NET AJAX	Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX allows remote attackers to perform arbitrary file uploads or execute arbitrary code.	Apr 11, 2022	KEV
CVE-2019-18935	High	93.7%	ProgressTelerik UI for ASP.NET AJAX	Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the server in the context of the w3wp.exe process.	Nov 3, 2021	KEV
CVE-2017-9248	High	87.8%	ProgressASP.NET AJAX and Sitefinity	Progress Telerik UI for ASP.NET AJAX and Sitefinity have a cryptographic weakness in Telerik.Web.UI.dll that can be exploited to disclose encryption keys (Telerik.Web.UI.DialogParametersEncryptionKey and/or the MachineKey), perform cross-site-scripting (XSS) attacks, compromise the ASP.NET ViewState, and/or upload and download files.	Nov 3, 2021	KEV
CVE-2021-27103	High	2.9%	AccellionFTA	Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmProgressstat.html.	Nov 3, 2021	KEV

CVE-2024-4885KEV

High

Progress WhatsUp Gold contains a path traversal vulnerability that allows an unauthenticated attacker to achieve remote code execution.

ProgressEPSS 94.3%

CVE-2024-1212KEV

High

Progress Kemp LoadMaster contains an OS command injection vulnerability that allows an unauthenticated, remote attacker to access the system through the LoadMaster management interface, enabling arbitrary system command execution.

ProgressEPSS 94.3%

CVE-2024-6670KEV

High

Progress WhatsUp Gold contains a SQL injection vulnerability that allows an unauthenticated attacker to retrieve the user's encrypted password if the application is configured with only a single user.

ProgressCVSS 9.8EPSS 94.5%

CVE-2024-4358KEV

High

Progress Telerik Report Server contains an authorization bypass by spoofing vulnerability that allows an attacker to obtain unauthorized access.

ProgressEPSS 94.3%

CVE-2022-22071KEV

High

Multiple Qualcomm chipsets contain a use-after-free vulnerability when process shell memory is freed using IOCTL munmap call and process initialization is in progress.

QualcommEPSS 0.6%

CVE-2023-40044KEV

High

Progress WS_FTP Server contains a deserialization of untrusted data vulnerability in the Ad Hoc Transfer module that allows an authenticated attacker to execute remote commands on the underlying operating system.

ProgressCVSS 10EPSS 94.4%

Exploit

CVE-2023-34362KEV

High

Progress MOVEit Transfer contains a SQL injection vulnerability that could allow an unauthenticated attacker to gain unauthorized access to MOVEit Transfer's database. Depending on the database engine being used (MySQL, Microsoft SQL Server, or Azure SQL), an attacker may be able to infer information about the structure and contents of the database in addition to executing SQL statements that alter or delete database elements.

ProgressEPSS 94.3%

CVE-2017-11317KEV

High

Telerik.Web.UI in Progress Telerik UI for ASP.NET AJAX allows remote attackers to perform arbitrary file uploads or execute arbitrary code.

TelerikEPSS 92.0%

CVE-2019-18935KEV

High

Progress Telerik UI for ASP.NET AJAX contains a deserialization of untrusted data vulnerability through RadAsyncUpload which leads to code execution on the server in the context of the w3wp.exe process.

ProgressEPSS 93.7%

CVE-2017-9248KEV

High

Progress Telerik UI for ASP.NET AJAX and Sitefinity have a cryptographic weakness in Telerik.Web.UI.dll that can be exploited to disclose encryption keys (Telerik.Web.UI.DialogParametersEncryptionKey and/or the MachineKey), perform cross-site-scripting (XSS) attacks, compromise the ASP.NET ViewState, and/or upload and download files.

ProgressEPSS 87.8%

CVE-2021-27103KEV

High

Accellion FTA contains a server-side request forgery (SSRF) vulnerability exploited via a crafted POST request to wmProgressstat.html.

AccellionEPSS 2.9%