cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-1212,https://securityvulnerability.io/vulnerability/CVE-2024-1212,Remote Attackers Can Execute Arbitrary System Commands via LoadMaster Management Interface,"The LoadMaster management interface in Kemp Technologies products has a vulnerability that allows unauthenticated remote attackers to gain access. This weakness can be exploited to execute arbitrary system commands, potentially compromising the integrity and security of the affected systems. Organizations using LoadMaster are advised to apply the necessary security updates to mitigate the risk associated with this vulnerability.",Progress Software,Loadmaster,9.8,CRITICAL,0.9371399879455566,true,2024-11-18T00:00:00.000Z,true,false,true,2024-03-20T07:23:18.000Z,true,true,true,2024-03-22T21:52:02.316Z,2024-02-21T17:39:12.599Z,6881
CVE-2024-6670,https://securityvulnerability.io/vulnerability/CVE-2024-6670,Unauthenticated SQL Injection Vulnerability in Pre-2024.0.0 Versions of WhatsUp Gold Allows Access to Encrypted Passwords,"An unauthenticated SQL injection vulnerability in pre-2024.0.0 versions of WhatsUp Gold from Progress Software Corporation allows the retrieval of encrypted passwords without authentication. Hackers have been actively exploiting this vulnerability since August 30, using publicly available exploit code. They are able to execute remote code, deploy malicious payloads, and establish persistence on compromised systems. The use of multiple remote access tools suggests that ransomware actors may be involved in the attacks. Progress Software released security updates to address the issues, but many organizations have not yet updated their software, leaving them vulnerable to exploitation. This highlights the urgency of addressing the vulnerability to prevent unauthorized access and system compromise.",Progress Software,Whatsup Gold,9.8,CRITICAL,0.904229998588562,true,2024-09-16T00:00:00.000Z,true,true,true,2024-09-12T12:27:34.000Z,,false,false,,2024-08-29T22:15:00.000Z,0
CVE-2024-4358,https://securityvulnerability.io/vulnerability/CVE-2024-4358,Unauthenticated Attacker Can Gain Access to Restricted Functionality via Authentication Bypass Vulnerability in Telerik Report Server,"An authentication bypass vulnerability exists in Progress Telerik Report Server, specifically in versions prior to 2024 Q1 (10.0.24.305) deployed on IIS. This issue permits unauthenticated attackers to access restricted features of the Telerik Report Server, compromising the security and privacy of sensitive data. Attackers exploiting this vulnerability can perform unauthorized actions that should otherwise be restricted to authenticated users, significantly undermining the integrity of the server's operations.",Progress Software,Telerik Report Server,9.8,CRITICAL,0.9252700209617615,true,2024-06-13T00:00:00.000Z,true,true,true,2024-05-30T13:31:18.000Z,true,true,true,2024-06-08T19:52:02.296Z,2024-05-29T14:51:21.612Z,13759