Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Progress Software Corporation — Vulnerabilities & Security Advisories 86

Browse all 86 CVE security advisories affecting Progress Software Corporation. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Progress Software Corporation develops enterprise software solutions, primarily focusing on application development platforms, database management, and IoT connectivity. The company’s product portfolio, including OpenEdge and Telerik components, has historically been associated with a significant volume of security vulnerabilities, currently totaling 86 CVEs. Common flaw categories include remote code execution, cross-site scripting, and privilege escalation, often stemming from input validation errors or improper access controls within legacy codebases. While no single catastrophic incident has defined the company’s public security history, the high CVE count suggests persistent challenges in maintaining secure coding practices across its diverse software suite. Security researchers frequently highlight these issues, urging administrators to apply patches promptly. The firm continues to address these vulnerabilities through regular updates, though the sheer number of recorded exploits indicates a complex attack surface requiring rigorous ongoing maintenance and vigilant configuration management by enterprise users.

Top products by Progress Software Corporation: WhatsUp Gold WS_FTP Server Sitefinity Telerik Report Server MOVEit Transfer OpenEdge Telerik Reporting LoadMaster Chef InSpec Chef Automate Telerik UI for WinForms MOVEit Automation Chef Habitat Builder Progress® Telerik® Reporting
CVE IDTitleCVSSSeverityPublished
CVE-2025-8095 Recoverable obfuscation using the OECH1 prefix encoding in OpenEdge — OpenEdgeCWE-257 8.1 -2026-04-14
CVE-2025-7389 Unauthorized Arbitrary File Read via RMI in AdminServer Interface — OpenEdgeCWE-552 6.5 -2026-04-14
CVE-2025-7388 Authenticated Command Injection via configuration parameter manipulation in exposed RMI interface — OpenEdgeCWE-77 8.4 High2025-09-04
CVE-2025-2572 WhatsUp Gold NmConfigurationManager.exe database manipulation vulnerability — WhatsUp GoldCWE-287 5.6 Medium2025-04-14
CVE-2025-1968 Progress Sitefinity 代码问题漏洞 — SitefinityCWE-613 7.7 High2025-04-09
CVE-2024-6097 Absolute Path Traversal Vulnerability — Progress® Telerik® ReportingCWE-36 5.3 Medium2025-02-12
CVE-2024-11626 Progress Sitefinity 安全漏洞 — SitefinityCWE-79 8.4 High2025-01-07
CVE-2024-11625 Progress Sitefinity 安全漏洞 — SitefinityCWE-209 7.7 High2025-01-07
CVE-2024-12105 WhatsUp Gold - SnmpExtendedActiveMonitor path traversal — WhatsUp GoldCWE-22 6.5 Medium2024-12-31
CVE-2024-12106 WhatsUp Gold - LDAP configuration interface leading to allowing attacker to configure LDAP settings without authentication — WhatsUp GoldCWE-306 9.4 Critical2024-12-31
CVE-2024-12108 WhatsUp Gold - Public API signing key rotation issue — WhatsUp GoldCWE-290 9.6 Critical2024-12-31
CVE-2024-8785 WhatsUp Gold Registry Overwrite Remote Code Execution Vulnerability — WhatsUp GoldCWE-648 9.8 Critical2024-12-02
CVE-2024-46909 WhatsUp Gold WriteDataFile Directory Traversal Remote Code Execution Vulnerability — WhatsUp GoldCWE-22 9.8 Critical2024-12-02
CVE-2024-46905 WhatsUp Gold GetOrderByClause SQL Injection Privilege Escalation Vulnerability — WhatsUp GoldCWE-89 8.8 High2024-12-02
CVE-2024-46906 WhatsUp Gold GetSqlWhereClause SQL Injection Privilege Escalation Vulnerability — WhatsUp GoldCWE-89 8.8 High2024-12-02
CVE-2024-46907 WhatsUp Gold GetFilterCriteria SQL Injection Privilege Escalation Vulnerability — WhatsUp GoldCWE-89 8.8 High2024-12-02
CVE-2024-46908 WhatsUp Gold GetFilterCriteria SQL Injection Privilege Escalation Vulnerability — WhatsUp GoldCWE-89 8.8 High2024-12-02
CVE-2024-7295 Hard-coded credentials used for temporary and cache data encryption — Telerik Report ServerCWE-798 7.1 High2024-11-13
CVE-2024-9999 Multi-Factor Authentication Bypass in Progress WS_FTP Server — WS_FTP ServerCWE-303 6.5 Medium2024-11-12
CVE-2024-9825 The Chef Habitat builder is impacted by Indirect Object reference(IDOR) by deletion of personal access token — Chef Habitat BuilderCWE-863 5.4 Medium2024-10-28
CVE-2024-7763 WhatsUp Gold getReport Missing Authentication Authentication Bypass Vulnerability — WhatsUp GoldCWE-287 9.8 Critical2024-10-24
CVE-2024-7292 Account Controller allows high count of login attempts — Telerik Report ServerCWE-307 7.5 High2024-10-09
CVE-2024-7294 Uncontrolled resource consumption of anonymous endpoints — Telerik Report ServerCWE-400 7.5 High2024-10-09
CVE-2024-7293 Password policy for new users is not strong enough — Telerik Report ServerCWE-521 7.5 High2024-10-09
CVE-2024-6672 WhatsUp Gold getMonitorJoin SQL Injection Privilege Escalation Vulnerability — WhatsUp GoldCWE-89 8.8 High2024-08-29
CVE-2024-6671 WhatsUp Gold GetStatisticalMonitorList SQL Injection Authentication Bypass Vulnerability — WhatsUp GoldCWE-89 9.8 Critical2024-08-29
CVE-2024-6670 WhatsUp Gold HasErrors SQL Injection Authentication Bypass Vulnerability — WhatsUp GoldCWE-89 9.8 Critical2024-08-29
CVE-2024-7745 Multi-Factor Authentication Bypass in Progress WS_FTP Server — WS_FTP ServerCWE-304 6.5 Medium2024-08-28
CVE-2024-7744 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Progress WS_FTP Server — WS_FTP ServerCWE-22 6.5 Medium2024-08-28
CVE-2024-6096 Unsafe Deserialization Vulnerability — Telerik ReportingCWE-470 8.8 High2024-07-24

This page lists every published CVE security advisory associated with Progress Software Corporation. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.