Filtered by vendor Progress
Subscriptions
Total
201 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-3892 | 1 Progress | 1 Telerik Ui For Winforms | 2025-07-03 | 7.2 High |
| A local code execution vulnerability is possible in Telerik UI for WinForms beginning in v2021.1.122 but prior to v2024.2.514. This vulnerability could allow an untrusted theme assembly to execute arbitrary code on the local Windows system. | ||||
| CVE-2024-10013 | 2 Progress, Progress Software | 2 Telerik Ui For Winforms, Progress Telerik Ui For Wpf Versions | 2025-07-03 | 7.8 High |
| In Progress Telerik UI for WinForms versions prior to 2024 Q4 (2024.4.1113), a code execution attack is possible through an insecure deserialization vulnerability. | ||||
| CVE-2025-0332 | 1 Progress | 1 Telerik Ui For Winforms | 2025-07-03 | 7.8 High |
| In Progress® Telerik® UI for WinForms, versions prior to 2025 Q1 (2025.1.211), using the improper limitation of a target path can lead to decompressing an archive's content into a restricted directory. | ||||
| CVE-2021-28141 | 1 Progress | 1 Telerik Ui For Asp.net Ajax | 2025-06-30 | 9.8 Critical |
| An issue was discovered in Progress Telerik UI for ASP.NET AJAX 2021.1.224. It allows unauthorized access to MicrosoftAjax.js through the Telerik.Web.UI.WebResource.axd file. This may allow the attacker to gain unauthorized access to the server and execute code. To exploit, one must use the parameter _TSM_HiddenField_ and inject a command at the end of the URI. NOTE: the vendor states that this is not a vulnerability. The request's output does not indicate that a "true" command was executed on the server, and the request's output does not leak any private source code or data from the server | ||||
| CVE-2019-19790 | 2 Progress, Telerik | 2 Telerik Ui For Asp.net Ajax, Radchart | 2025-06-30 | 9.8 Critical |
| Path traversal in RadChart in Telerik UI for ASP.NET AJAX allows a remote attacker to read and delete an image with extension .BMP, .EXIF, .GIF, .ICON, .JPEG, .PNG, .TIFF, or .WMF on the server through a specially crafted request. NOTE: RadChart was discontinued in 2014 in favor of RadHtmlChart. All RadChart versions were affected. To avoid this vulnerability, you must remove RadChart's HTTP handler from a web.config (its type is Telerik.Web.UI.ChartHttpHandler). | ||||
| CVE-2014-2217 | 1 Progress | 1 Telerik Ui For Asp.net Ajax | 2025-06-30 | N/A |
| Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and consequently execute arbitrary code, via a full pathname in the UploadID metadata value. | ||||
| CVE-2024-11628 | 1 Progress | 1 Kendo Ui For Vue | 2025-06-27 | 4.1 Medium |
| In Progress® Telerik® Kendo UI for Vue versions v2.4.0 through v6.0.1, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection. | ||||
| CVE-2024-12629 | 1 Progress | 1 Kendoreact | 2025-06-27 | 4.1 Medium |
| In Progress® Telerik® KendoReact versions v3.5.0 through v9.4.0, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection. | ||||
| CVE-2025-3600 | 1 Progress | 1 Telerik Ui For Asp.net Ajax | 2025-06-25 | 7.5 High |
| In Progress® Telerik® UI for AJAX, versions 2011.2.712 to 2025.1.218, an unsafe reflection vulnerability exists that may lead to an unhandled exception resulting in a crash of the hosting process and denial of service. | ||||
| CVE-2023-40051 | 1 Progress | 2 Openedge, Openedge Innovation | 2025-06-02 | 9.1 Critical |
| This issue affects Progress Application Server (PAS) for OpenEdge in versions 11.7 prior to 11.7.18, 12.2 prior to 12.2.13, and innovation releases prior to 12.8.0. An attacker can formulate a request for a WEB transport that allows unintended file uploads to a server directory path on the system running PASOE. If the upload contains a payload that can further exploit the server or its network, the launch of a larger scale attack may be possible. | ||||
| CVE-2024-0219 | 1 Progress | 1 Telerik Justdecompile | 2025-05-29 | 7.8 High |
| In Telerik JustDecompile versions prior to 2024 R1, a privilege elevation vulnerability has been identified in the applications installer component. In an environment where an existing Telerik JustDecompile install is present, a lower privileged user has the ability to manipulate the installation package to elevate their privileges on the underlying operating system. | ||||
| CVE-2023-6366 | 1 Progress | 1 Whatsup Gold | 2025-05-21 | 7.6 High |
| In WhatsUp Gold versions released before 2023.1, a stored cross-site scripting (XSS) vulnerability has been identified. It is possible for an attacker to craft a XSS payload and store that value within Alert Center. If a WhatsUp Gold user interacts with the crafted payload, the attacker would be able to execute malicious JavaScript within the context of the victims browser. | ||||
| CVE-2022-42711 | 1 Progress | 1 Whatsup Gold | 2025-05-15 | 9.6 Critical |
| In Progress WhatsUp Gold before 22.1.0, an SNMP MIB Walker application endpoint failed to adequately sanitize malicious input. This could allow an unauthenticated attacker to execute arbitrary code in a victim's browser. | ||||
| CVE-2024-6096 | 1 Progress | 1 Telerik Reporting | 2025-04-25 | 8.8 High |
| In Progress® Telerik® Reporting versions prior to 18.1.24.709, a code execution attack is possible through object injection via an insecure type resolution vulnerability. | ||||
| CVE-2017-9140 | 1 Progress | 2 Sitefinity Cms, Telerik Reporting | 2025-04-20 | N/A |
| Cross-site scripting (XSS) vulnerability in Telerik.ReportViewer.WebForms.dll in Telerik Reporting for ASP.NET WebForms Report Viewer control before R1 2017 SP2 (11.0.17.406) allows remote attackers to inject arbitrary web script or HTML via the bgColor parameter to Telerik.ReportViewer.axd. | ||||
| CVE-2015-9245 | 1 Progress | 1 Openedge | 2025-04-20 | N/A |
| Insecure default configuration in Progress Software OpenEdge 10.2x and 11.x allows unauthenticated remote attackers to specify arbitrary URLs from which to load and execute malicious Java classes via port 20931. | ||||
| CVE-2017-1000026 | 1 Progress | 1 Mixlib-archive | 2025-04-20 | 7.5 High |
| Chef Software's mixlib-archive versions 0.3.0 and older are vulnerable to a directory traversal attack allowing attackers to overwrite arbitrary files by using ".." in tar archive entries | ||||
| CVE-2017-9248 | 2 Progress, Telerik | 2 Sitefinity, Ui For Asp.net Ajax | 2025-04-20 | 9.8 Critical |
| Telerik.Web.UI.dll in Progress Telerik UI for ASP.NET AJAX before R2 2017 SP1 and Sitefinity before 10.0.6412.0 does not properly protect Telerik.Web.UI.DialogParametersEncryptionKey or the MachineKey, which makes it easier for remote attackers to defeat cryptographic protection mechanisms, leading to a MachineKey leak, arbitrary file uploads or downloads, XSS, or ASP.NET ViewState compromise. | ||||
| CVE-2016-1000000 | 1 Progress | 1 Whatsup Gold | 2025-04-12 | N/A |
| Ipswitch WhatsUp Gold 16.4.1 WrFreeFormText.asp sUniqueID Parameter Blind SQL Injection | ||||
| CVE-2015-6005 | 1 Progress | 1 Whatsup Gold | 2025-04-12 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in IPSwitch WhatsUp Gold before 16.4 allow remote attackers to inject arbitrary web script or HTML via (1) an SNMP OID object, (2) an SNMP trap message, (3) the View Names field, (4) the Group Names field, (5) the Flow Monitor Credentials field, (6) the Flow Monitor Threshold Name field, (7) the Task Library Name field, (8) the Task Library Description field, (9) the Policy Library Name field, (10) the Policy Library Description field, (11) the Template Library Name field, (12) the Template Library Description field, (13) the System Script Library Name field, (14) the System Script Library Description field, or (15) the CLI Settings Library Description field. | ||||