Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Progress Software — Vulnerabilities & Security Advisories 55

Browse all 55 CVE security advisories affecting Progress Software. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Progress Software develops enterprise software solutions, primarily focusing on application development platforms, database management, and integration tools for large-scale organizations. Its portfolio includes widely used technologies like OpenEdge and Telerik, which serve as critical infrastructure for business operations. Historically, security audits have identified recurring vulnerability classes within its products, including remote code execution (RCE), cross-site scripting (XSS), and privilege escalation flaws. These issues often stem from input validation errors or improper access controls in legacy components. While no single catastrophic breach has defined the company’s public security history, the accumulation of 55 recorded CVEs highlights persistent challenges in maintaining secure codebases across complex, long-standing software architectures. The company generally responds to disclosures through standard patch cycles, though the volume of findings suggests ongoing efforts to modernize security practices across its diverse product line.

Top products by Progress Software: LoadMaster Flowmon Telerik Reporting Telerik UI for WPF Telerik UI for ASP.NET AJAX Flowmon ADS Telerik Report Server MOVEit Automation Chef Automate Hybrid Data Pipeline Telerik Document Processing Libraries Telerik UI for WinForms Telerik UI for WinUI Progress® Telerik® UI for WinForms Telerik KendoReact Progress® Telerik® Document Processing Libraries Progress® Telerik® Kendo UI for Vue Kendo UI for jQuery MOVEit Transfer Telerik Test Studio Chef Inspec Telerik JustDecompile
CVE IDTitleCVSSSeverityPublished
CVE-2026-5174 Improper Access Control Vulnerability in Progress MOVEit Automation — MOVEit AutomationCWE-20 7.7 High2026-04-30
CVE-2026-4670 Improper Authentication vulnerability in Progress MOVEit Automation — MOVEit AutomationCWE-305 9.8 Critical2026-04-30
CVE-2026-6023 Deserialization of Untrusted Data Vulnerability in Telerik UI for ASP.NET AJAX — Telerik UI for ASP.NET AJAXCWE-502 8.1 High2026-04-22
CVE-2026-6022 Uncontrolled Resource Consumption Vulnerability in Telerik UI for ASP.NET AJAX — Telerik UI for ASP.NET AJAXCWE-400 7.5 High2026-04-22
CVE-2026-4048 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF — LoadMasterCWE-77 8.4 High2026-04-20
CVE-2026-3519 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF — LoadMasterCWE-77 8.4 High2026-04-20
CVE-2026-3518 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF — LoadMasterCWE-77 8.4 High2026-04-20
CVE-2026-3517 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF — LoadMasterCWE-77 8.4 High2026-04-20
CVE-2026-2737 Possibility of unintended actions when an administrator clicks a malicious link in the Progress Flowmon web application — FlowmonCWE-79 8.3AIHighAI2026-04-02
CVE-2026-3692 Unintended command execution during report generation in Progress Flowmon — FlowmonCWE-78 8.8AIHighAI2026-04-02
CVE-2026-2514 Possibility of unintended actions when viewing maliciously crafted network data in Progress Flowmon ADS web application — Flowmon ADSCWE-79 6.1AIMediumAI2026-03-12
CVE-2026-2513 Possibility of unintended actions when an administrator clicks a malicious link in the Progress Flowmon ADS web application — Flowmon ADSCWE-79 8.4AIHighAI2026-03-12
CVE-2026-2878 Insufficient Entropy Vulnerability in Telerik UI for ASP.NET AJAX — Telerik UI for ASP.NET AJAXCWE-331 5.3 Medium2026-02-25
CVE-2025-6723 Untrusted user data can lead to privilege escalation — Chef InspecCWE-269 7.8AIHighAI2026-01-30
CVE-2025-13447 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster — LoadMaster 8.4 High2026-01-13
CVE-2025-13444 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster — LoadMaster 8.4 High2026-01-13
CVE-2025-13774 SQL injection leading to privilege escalation in Progress Flowmon ADS — Flowmon ADSCWE-89 8.8 High2026-01-13
CVE-2025-11906 Privilege escalation via writable configuration files in Progress Flowmon — FlowmonCWE-732 6.7 Medium2025-10-30
CVE-2025-10240 Possibility of unintended actions when a user clicks a malicious link in the Progress Flowmon web application — FlowmonCWE-79 8.8 High2025-10-09
CVE-2025-10239 Unintended command execution via troubleshooting scripts in Progress Flowmon — FlowmonCWE-78 7.2 High2025-10-09
CVE-2025-8868 Chef Automate compliance service SQL Injection Vulnerability — Chef AutomateCWE-200 9.8 Critical2025-09-29
CVE-2025-6724 Chef Automate SQL Injection Vulnerability — Chef AutomateCWE-89 8.8 High2025-09-29
CVE-2025-6505 Progress Hybrid Data Pipeline Server 安全漏洞 — Hybrid Data Pipeline 8.1 High2025-07-29
CVE-2025-6504 Possibilities of IP Spoofing via X-Forwarded-For (XFF) Header — Hybrid Data Pipeline 8.4 High2025-07-29
CVE-2025-6725 Cross-Site Scripting (XSS) in PdfViewer — Kendo UI for jQueryCWE-79 5.4 Medium2025-07-02
CVE-2025-3600 Unsafe Reflection Vulnerability in Telerik UI for ASP.NET AJAX — Telerik UI for ASP.NET AJAX 7.5 High2025-05-14
CVE-2024-11629 Telerik Document Processing RTF Export of Arbitrary File Path — Progress® Telerik® Document Processing LibrariesCWE-552 7.1 High2025-02-12
CVE-2024-11628 Prototype Pollution in Progress® Telerik® Kendo UI for Vue — Progress® Telerik® Kendo UI for VueCWE-1321 4.1 Medium2025-02-12
CVE-2024-11343 Telerik Document Processing Path Traversal — Telerik Document Processing LibrariesCWE-22 8.3 High2025-02-12
CVE-2024-12629 Prototype Pollution in Progress® Telerik® KendoReact — Telerik KendoReactCWE-1321 4.1 Medium2025-02-12

This page lists every published CVE security advisory associated with Progress Software. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.