cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-8785,https://securityvulnerability.io/vulnerability/CVE-2024-8785,Remote Code Execution Vulnerability in WhatsUp Gold,"The vulnerability CVE-2024-8785 affects WhatsUp Gold versions released before 2024.0.1, allowing unauthenticated attackers to leverage NmAPI.exe to create or change registry values. This can lead to a remote code execution vulnerability, making it a critical issue. A PoC exploit for this vulnerability has been published, and it is important for users to upgrade to version 24.0.1 as soon as possible to mitigate the risk of exploitation. In the past, attackers have capitalized on publicly released PoC exploits for other WhatsUp Gold flaws, highlighting the urgency of addressing this vulnerability.",Progress Software,Whatsup Gold,5.3,MEDIUM,0.0005200000014156103,false,,true,false,true,2024-12-03T14:00:11.000Z,,false,false,,2024-12-02T14:49:36.748Z,0
CVE-2024-6670,https://securityvulnerability.io/vulnerability/CVE-2024-6670,Unauthenticated SQL Injection Vulnerability in Pre-2024.0.0 Versions of WhatsUp Gold Allows Access to Encrypted Passwords,"An unauthenticated SQL injection vulnerability in pre-2024.0.0 versions of WhatsUp Gold from Progress Software Corporation allows the retrieval of encrypted passwords without authentication. Hackers have been actively exploiting this vulnerability since August 30, using publicly available exploit code. They are able to execute remote code, deploy malicious payloads, and establish persistence on compromised systems. The use of multiple remote access tools suggests that ransomware actors may be involved in the attacks. Progress Software released security updates to address the issues, but many organizations have not yet updated their software, leaving them vulnerable to exploitation. This highlights the urgency of addressing the vulnerability to prevent unauthorized access and system compromise.",Progress Software,Whatsup Gold,9.8,CRITICAL,0.904229998588562,true,2024-09-16T00:00:00.000Z,true,true,true,2024-09-12T12:27:34.000Z,,false,false,,2024-08-29T22:15:00.000Z,0
CVE-2024-6327,https://securityvulnerability.io/vulnerability/CVE-2024-6327,Remote Code Execution Vulnerability in Telerik Report Server,"In Progress Telerik Report Server, a vulnerability exists due to insecure deserialization processes, allowing attackers to potentially execute arbitrary code remotely. This issue affects versions released prior to 2024 Q2 (10.1.24.709), which may enable malicious users to manipulate serialized data, leading to unauthorized actions and system compromise. Organizations utilizing this software are advised to update to the latest version to mitigate the risks associated with this vulnerability.",Progress Software,Telerik Report Server,9.8,CRITICAL,0.0007099999929778278,false,,true,false,true,2024-07-25T20:27:07.000Z,,true,false,,2024-07-24T13:57:07.165Z,6110
CVE-2024-4885,https://securityvulnerability.io/vulnerability/CVE-2024-4885,Unauthenticated Remote Code Execution Vulnerability in Progress WhatsUpGold,"An unauthenticated Remote Code Execution vulnerability exists in versions of Progress WhatsUp Gold released before 2023.1.3. This vulnerability allows an attacker to execute arbitrary commands with iisapppool\nmconsole privileges through the WhatsUp.ExportUtilities.Export.GetFileWithoutZip function, potentially compromising network security and monitoring capabilities.",Progress Software,Whatsup Gold,9.8,CRITICAL,0.047940000891685486,false,,true,false,true,2024-07-09T09:35:19.000Z,,true,false,,2024-06-25T19:48:15.268Z,4608
CVE-2024-5009,https://securityvulnerability.io/vulnerability/CVE-2024-5009,Local Attackers Can Modify Admin's Password in Pre-2023.1.3 Versions of WhatsUp Gold,"CVE-2024-5009 is a local privilege escalation vulnerability found in pre-2023.1.3 versions of WhatsUp Gold by Progress Software Corporation. The vulnerability allows local attackers to modify the admin's password, allowing them to escalate their privileges and take control of the system. The vulnerability can be exploited unauthenticated and has the potential to affect the entire network of users and machines managed by WhatsUp Gold. A proof of concept exploit for this vulnerability has been published, indicating the urgency of addressing this issue. The impact of the vulnerability is severe and requires immediate patching to prevent unauthorized access and control over affected systems.",Progress Software,Whatsup Gold,8.4,HIGH,0.000590000010561198,false,,true,false,true,2024-07-09T07:15:04.000Z,true,false,false,,2024-06-25T19:58:48.237Z,0
CVE-2024-4883,https://securityvulnerability.io/vulnerability/CVE-2024-4883,Remote Code Execution Vulnerability in WhatsUp Gold Before 2023.1.3,"A remote code execution vulnerability has been identified in Progress WhatsUp Gold, specifically in versions released before 2023.1.3. This security flaw permits an unauthenticated attacker to exploit the system using NmApi.exe, potentially leading to unauthorized code execution via service account privileges. Organizations utilizing affected versions are at risk of system compromise and should apply necessary patches or upgrades to mitigate the vulnerability.",Progress Software,Whatsup Gold,9.8,CRITICAL,0.00419999985024333,false,,false,false,true,2024-07-08T21:14:01.000Z,true,false,false,,2024-06-25T19:44:42.139Z,0
CVE-2024-1801,https://securityvulnerability.io/vulnerability/CVE-2024-1801,Telerik Reporting at Risk of Code Execution Attack Due to Insecure Deserialization Vulnerability,"The vulnerability identified in Progress Telerik Reporting prior to the 2024 Q1 release (version 18.0.24.130) poses a significant risk due to insecure deserialization. This weakness enables local attackers to exploit the system by potentially executing arbitrary code, leveraging the deserialize mechanism inappropriately. Organizations utilizing affected versions should be aware of the inherent risks and apply necessary security measures to mitigate the threat.",Progress Software,Telerik Reporting,7.8,HIGH,0.0004600000102072954,false,,true,false,true,2024-06-06T22:41:36.000Z,,false,false,,2024-03-20T13:12:34.826Z,0
CVE-2024-4358,https://securityvulnerability.io/vulnerability/CVE-2024-4358,Unauthenticated Attacker Can Gain Access to Restricted Functionality via Authentication Bypass Vulnerability in Telerik Report Server,"An authentication bypass vulnerability exists in Progress Telerik Report Server, specifically in versions prior to 2024 Q1 (10.0.24.305) deployed on IIS. This issue permits unauthenticated attackers to access restricted features of the Telerik Report Server, compromising the security and privacy of sensitive data. Attackers exploiting this vulnerability can perform unauthorized actions that should otherwise be restricted to authenticated users, significantly undermining the integrity of the server's operations.",Progress Software,Telerik Report Server,9.8,CRITICAL,0.9252700209617615,true,2024-06-13T00:00:00.000Z,true,true,true,2024-05-30T13:31:18.000Z,true,true,true,2024-06-08T19:52:02.296Z,2024-05-29T14:51:21.612Z,13759
CVE-2024-1212,https://securityvulnerability.io/vulnerability/CVE-2024-1212,Remote Attackers Can Execute Arbitrary System Commands via LoadMaster Management Interface,"The LoadMaster management interface in Kemp Technologies products has a vulnerability that allows unauthenticated remote attackers to gain access. This weakness can be exploited to execute arbitrary system commands, potentially compromising the integrity and security of the affected systems. Organizations using LoadMaster are advised to apply the necessary security updates to mitigate the risk associated with this vulnerability.",Progress Software,Loadmaster,9.8,CRITICAL,0.9371399879455566,true,2024-11-18T00:00:00.000Z,true,false,true,2024-03-20T07:23:18.000Z,true,true,true,2024-03-22T21:52:02.316Z,2024-02-21T17:39:12.599Z,6881