Shodan
Vulnerabilities
Vulnerable Software
Progress:  Security Vulnerabilities
CVE-2024-5805
Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows Authentication Bypass.This issue affects MOVEit Gateway: 2024.0.0.
CVSS Score
9.1
EPSS Score
0.006
Published
2024-06-25
CVE-2024-5806
Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.This issue affects MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.
CVSS Score
9.1
EPSS Score
0.899
Published
2024-06-25
CVE-2023-27636
Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF Editor.
CVSS Score
5.4
EPSS Score
0.004
Published
2024-06-16
CVE-2024-4563
The Progress MOVEit Automation configuration export function prior to 2024.0.0 uses a cryptographic method with insufficient bit length.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-05-22
CVE-2024-4837
In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via a trust boundary violation vulnerability.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-05-15
CVE-2024-4200
In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.2.514), a code execution attack is possible by a local threat actor through an insecure deserialization vulnerability.
CVSS Score
7.7
EPSS Score
0.0
Published
2024-05-15
CVE-2024-4202
In Progress® Telerik® Reporting versions prior to 2024 Q2 (18.1.24.514), a code execution attack is possible through an insecure instantiation vulnerability.
CVSS Score
7.7
EPSS Score
0.001
Published
2024-05-15
CVE-2024-4357
An information disclosure vulnerability exists in Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, allows low-privilege attacker to read systems file via XML External Entity Processing.
CVSS Score
6.5
EPSS Score
0.019
Published
2024-05-15
CVE-2024-3892
A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute arbitrary code on the local Windows system.
CVSS Score
7.2
EPSS Score
0.0
Published
2024-05-15
CVE-2024-4561
In WhatsUp Gold versions released before 2023.1.2 , a blind SSRF vulnerability exists in Whatsup Gold's FaviconController that allows an attacker to send arbitrary HTTP requests on behalf of the vulnerable server.
CVSS Score
4.2
EPSS Score
0.003
Published
2024-05-14


Products
Pricing
Contact Us

Shodan ® - All rights reserved