Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

Progress — Vulnerabilities & Security Advisories 33

Browse all 33 CVE security advisories affecting Progress. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Progress Software provides enterprise middleware, database management, and application development tools, primarily serving large organizations requiring robust data integration and legacy system support. With twenty-five recorded Common Vulnerabilities and Exposures (CVEs), the vendor’s attack surface has historically been plagued by critical flaws, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These issues frequently stem from improper input validation and insufficient access controls within its middleware components, such as OpenEdge and DataDirect. Notable incidents involve authenticated attackers exploiting weak authentication mechanisms to gain unauthorized administrative access, potentially leading to complete system compromise. The recurring nature of these defects highlights persistent challenges in securing complex, long-standing software architectures. Consequently, organizations relying on Progress technologies must prioritize rigorous patch management and strict network segmentation to mitigate the risk of exploitation against these known weaknesses.

CVE IDTitleCVSSSeverityPublished
CVE-2026-8801 File Extension Restriction Bypass in MOVEit Transfer — MOVEit TransferCWE-46 3.5 Low2026-07-08
CVE-2026-8800 Cross-Org External Token Metadata accessible to AuditUser role — MOVEit TransferCWE-863 2.7 Low2026-07-08
CVE-2026-8651 IPv6 Loopback Spoof via Trusted Host Header Bypasses Origin Check in MOVEit Transfer — MOVEit TransferCWE-290 3.7 Low2026-07-08
CVE-2026-8650 Authenticated Path Traversal allows MOVEit admins to view arbitrary system files — MOVEit TransferCWE-23 4.5 Medium2026-07-08
CVE-2026-8649 Institution scope bypass vulnerability in custom reports — MOVEit TransferCWE-943 6.4 Medium2026-07-08
CVE-2026-11903 Stored XSS in MOVEit Transfer Ad Hoc module — MOVEit TransferCWE-79 8.0 High2026-07-08
CVE-2026-10699 Memory leak in SFTP service can result in a denial of service in MOVEit Transfer — MOVEit TransferCWE-401 7.5 High2026-07-08
CVE-2026-10698 Table scope bypass vulnerability in custom reports — MOVEit TransferCWE-943 7.2 High2026-07-08
CVE-2026-2701 RCE vulnerability in Progress ShareFile Storage Zones Controller (SZC) — ShareFile Storage Zones ControllerCWE-434 9.1 Critical2026-04-02
CVE-2026-2699 EAR vulnerability in Progress ShareFile Storage Zones Controller (SZC) — ShareFile Storage Zones ControllerCWE-698 9.8 Critical2026-04-02
CVE-2025-11235 MOVEit Transfer REST API does not require current password in order to initiate the password change process — MOVEit TransferCWE-620 3.7 Low2026-01-06
CVE-2025-13147 External Service Interaction (DNS) — MOVEit TransferCWE-918 5.3 Medium2025-11-19
CVE-2025-10703 Progress多款产品 代码注入漏洞 — DataDirect Connect for JDBC for Amazon RedshiftCWE-94 9.8AICriticalAI2025-11-19
CVE-2025-10702 Progress多款产品 代码注入漏洞 — DataDirect Connect for JDBC for Amazon RedshiftCWE-94 9.8AICriticalAI2025-11-19
CVE-2025-10932 AS2 module allows uncontrolled file uploads — MOVEit TransferCWE-400 8.2 High2025-10-29
CVE-2025-1758 Progress LoadMaster 安全漏洞 — LoadMasterCWE-121 4.3 Medium2025-03-19
CVE-2025-2324 A MOVEit Transfer user configured as a Shared Account can gain unintended List permissions on a folder — MOVEit TransferCWE-269 5.9 Medium2025-03-19
CVE-2024-56135 Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. — LoadMasterCWE-20 8.4 High2025-02-05
CVE-2024-56134 Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. — LoadMasterCWE-20 8.4 High2025-02-05
CVE-2024-56133 Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. — LoadMasterCWE-20 8.4 High2025-02-05
CVE-2024-56132 Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. — LoadMasterCWE-20 8.4 High2025-02-05
CVE-2024-56131 Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. — LoadMasterCWE-20 8.4 High2025-02-05
CVE-2024-11627 Progress Sitefinity 安全漏洞 — SitefinityCWE-613 6.8 Medium2025-01-07
CVE-2024-8755 Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. — LoadMasterCWE-20 8.4 High2024-10-11
CVE-2024-6658 Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection. — LoadMasterCWE-20 8.4 High2024-09-12
CVE-2024-7591 Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection — LoadMasterCWE-78 10.0 Critical2024-09-05
CVE-2024-7346 Client connections using default TLS certificates from OpenEdge may bypass TLS host name validation — OpenEdgeCWE-297 7.2 High2024-09-03
CVE-2024-7345 Direct local client connections to MS Agents can bypass authentication — OpenEdgeCWE-94 8.3 High2024-09-03
CVE-2024-7654 Unauthenticated Content Injection in OpenEdge Management web interface via ActiveMQ discovery service — OpenEdgeCWE-79 8.3 High2024-09-03
CVE-2024-6576 MOVEit Transfer Privilege Escalation Vulnerability — MOVEit TransferCWE-287 7.3 High2024-07-29

This page lists every published CVE security advisory associated with Progress. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.