cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-11629,https://securityvulnerability.io/vulnerability/CVE-2024-11629,File Export Vulnerability in Progress Telerik Document Processing Libraries,The Progress Telerik Document Processing Libraries before version 2025 Q1 (2025.1.205) contain a vulnerability that allows unauthorized file content export to RTF format from an arbitrary file path. This issue poses a significant risk as it can potentially expose sensitive data to unauthorized users. Organizations utilizing these libraries need to update to the latest version to mitigate these risks and secure their document processing capabilities.,Progress Software,Progress® Telerik® Document Processing Libraries,7.1,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-12T16:21:52.058Z,0
CVE-2024-11343,https://securityvulnerability.io/vulnerability/CVE-2024-11343,Arbitrary File System Access in Telerik Document Processing Libraries,"A security issue in Telerik Document Processing Libraries allows for arbitrary file system access when unzipping archives. This vulnerability can potentially allow unauthorized users to read or manipulate sensitive files within the system, creating serious security risks. It is essential for users of affected versions to update to the latest release to mitigate this risk.",Progress Software,Telerik Document Processing Libraries,8.3,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-12T15:46:49.360Z,0
CVE-2025-0332,https://securityvulnerability.io/vulnerability/CVE-2025-0332,Path Traversal Vulnerability in Progress Telerik UI for WinForms,"A vulnerability exists in Progress Telerik UI for WinForms that arises from improper limitations of target paths. This issue can allow an attacker to decompress an archive's content into a restricted directory, potentially exposing sensitive information and compromising system integrity. Users of affected versions should update to 2025 Q1 (2025.1.211) to mitigate this risk.",Progress Software,Progress® Telerik® Ui For Winforms,7.8,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-12T15:15:31.166Z,0
CVE-2025-0556,https://securityvulnerability.io/vulnerability/CVE-2025-0556,Unencrypted Data Transmission in Progress Telerik Report Server,"In Progress Telerik Report Server, versions released before 2025 Q1 (11.0.25.211) utilize an older .NET Framework implementation that allows for the transmission of non-sensitive information in an unencrypted format. This vulnerability permits potential attackers on a local network to capture and analyze the communication between the service agent and the application host, posing a risk to data confidentiality and integrity. Users are encouraged to upgrade to the latest version to mitigate this risk.",Progress Software,Telerik Report Server,8.8,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-12T15:11:03.067Z,0
CVE-2024-12251,https://securityvulnerability.io/vulnerability/CVE-2024-12251,Command Injection Vulnerability in In Progress Telerik UI for WinUI,"A command injection vulnerability exists in In Progress® Telerik® UI for WinUI prior to version 2025 Q1 (3.0.0). This issue arises from inadequate neutralization of hyperlink elements, allowing an attacker to execute arbitrary commands. Proper mitigation is essential to prevent exploitation and ensure application security.",Progress Software,Telerik Ui For Winui,7.8,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-12T15:09:46.306Z,0
CVE-2024-11626,https://securityvulnerability.io/vulnerability/CVE-2024-11626,Cross-site Scripting Vulnerability in Progress Sitefinity CMS,"A Cross-site Scripting (XSS) vulnerability has been identified in the administrative backend of Progress Sitefinity. This issue arises from improper neutralization of user input during web page generation, allowing attackers to inject malicious scripts into the web application. The vulnerability affects multiple versions of Sitefinity, fostering an opportunity for unauthorized access and data manipulation within the CMS environment. Awareness and timely patching are crucial to mitigate the associated risks.",Progress Software,Sitefinity,8.4,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-07T07:49:01.805Z,0
CVE-2024-11625,https://securityvulnerability.io/vulnerability/CVE-2024-11625,Information Exposure Vulnerability in Progress Software Sitefinity,"An information exposure vulnerability exists in Progress Software's Sitefinity platform that arises from improper handling of error messages. This flaw can potentially allow an attacker to gain sensitive information about the system, which could be exploited to further compromise the environment. Affected versions range from 4.0 to 15.2.8400, making it crucial for users to review their installations and implement appropriate security measures.",Progress Software,Sitefinity,7.7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-07T07:48:32.620Z,0
CVE-2024-12106,https://securityvulnerability.io/vulnerability/CVE-2024-12106,LDAP Configuration Vulnerability in WhatsUp Gold,"An unauthorized configuration vulnerability exists in WhatsUp Gold versions prior to 2024.0.2, enabling unauthenticated attackers to modify LDAP settings. This flaw may lead to unauthorized access and manipulation of system configurations, significantly compromising network security and management integrity.",Progress Software,Whatsup Gold,7.5,HIGH,0.0004799999878741801,false,,false,false,false,,false,false,false,,2024-12-31T10:32:02.035Z,267
CVE-2024-12108,https://securityvulnerability.io/vulnerability/CVE-2024-12108,Unauthorized Access via Public API in WhatsUp Gold,"Inversions of WhatsUp Gold released before version 2024.0.2, a security flaw allows unauthorized access to the WhatsUp Gold server through its public API. This vulnerability poses a risk as attackers can exploit this access method to potentially execute unauthorized actions within the application. It is essential for users of WhatsUp Gold to address this issue by updating to the latest version and implementing best practices for API security.",Progress Software,Whatsup Gold,9.6,CRITICAL,0.0006900000153109431,false,,false,false,false,,false,false,false,,2024-12-31T10:31:56.107Z,0
CVE-2024-10095,https://securityvulnerability.io/vulnerability/CVE-2024-10095,Insecure Deserialization Vulnerability in Telerik UI for WPF,"CVE-2024-10095 identifies a critical insecure deserialization flaw within Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213). This vulnerability can be exploited to execute arbitrary code within the affected application, posing significant risks to users' systems. It's crucial for organizations using the affected versions to upgrade promptly to safeguard against potential attacks.",Progress Software,Telerik Ui For WPf,9.8,CRITICAL,0.0007099999929778278,false,,false,false,false,,,false,false,,2024-12-16T16:59:25.572Z,0
CVE-2024-46909,https://securityvulnerability.io/vulnerability/CVE-2024-46909,Remote code execution vulnerability in WhatsUp Gold,"A vulnerability exists in WhatsUp Gold prior to version 2024.0.1 that allows remote unauthenticated attackers to execute arbitrary code in the context of the service account. This could lead to unauthorized access and control over critical network monitoring functions, emphasizing the need for users to update to the latest version to mitigate potential exploitation risks.",Progress Software,Whatsup Gold,9.8,CRITICAL,0.0006600000197067857,false,,false,false,false,,,false,false,,2024-12-02T14:46:49.513Z,0
CVE-2024-46905,https://securityvulnerability.io/vulnerability/CVE-2024-46905,Privilege Escalation Vulnerability Affects WhatsUp Gold Users,"A SQL Injection vulnerability exists in WhatsUp Gold versions released before 2024.0.1. This flaw enables an authenticated user with lower privileges, specifically those holding Network Manager permissions, to exploit the vulnerability and escalate their privileges to that of an admin account. This could lead to unauthorized access and control over the WhatsUp Gold system, posing significant security risks. Immediate updates to the latest version are essential to mitigate potential threats associated with this vulnerability.",Progress Software,Whatsup Gold,8.8,HIGH,0.0006000000284984708,false,,false,false,false,,,false,false,,2024-12-02T14:45:13.504Z,0
CVE-2024-46906,https://securityvulnerability.io/vulnerability/CVE-2024-46906,Privilege Escalation Vulnerability in WhatsUp Gold Allows Low-Privileged Users to Access Admin Account,A SQL Injection vulnerability exists in WhatsUp Gold that enables a low-privileged authenticated user with at least Report Viewer permissions to perform actions typically reserved for an admin account. This defect can be exploited by attackers to escalate their privileges and gain unauthorized access to sensitive features and data within the application. It is essential for users of WhatsUp Gold to be aware of this vulnerability and to update to versions released after 2024.0.1 to mitigate potential security risks.,Progress Software,Whatsup Gold,8.8,HIGH,0.0006000000284984708,false,,false,false,false,,,false,false,,2024-12-02T14:44:08.220Z,0
CVE-2024-46907,https://securityvulnerability.io/vulnerability/CVE-2024-46907,Privilege Escalation Vulnerability in WhatsUp Gold Prior to 2024.0.1,"A SQL Injection vulnerability exists in WhatsUp Gold versions released before 2024.0.1. This security flaw allows an authenticated low-privileged user, specifically one with Report Viewer permissions, to perform unauthorized actions and escalate privileges to that of an admin account. This vulnerability poses a significant risk as it can enable malicious users to gain elevated access and control over critical network monitoring functions.",Progress Software,Whatsup Gold,8.8,HIGH,0.0006000000284984708,false,,false,false,false,,,false,false,,2024-12-02T14:42:08.418Z,0
CVE-2024-46908,https://securityvulnerability.io/vulnerability/CVE-2024-46908,WhatsUp Gold SQL Injection Vulnerability Could Lead to Privilege Escalation,"A SQL Injection vulnerability in WhatsUp Gold versions released before 2024.0.1 can be exploited by authenticated low-privileged users, specifically those with Report Viewer permissions, to escalate their privileges to that of an admin account. This vulnerability poses a significant security risk, as it allows unauthorized users to potentially control sensitive functionalities and data within the WhatsUp Gold platform.",Progress Software,Whatsup Gold,8.8,HIGH,0.0006000000284984708,false,,false,false,false,,,false,false,,2024-12-02T14:40:08.735Z,0
CVE-2024-7763,https://securityvulnerability.io/vulnerability/CVE-2024-7763,Authentication Bypass Vulnerability in WhatsUp Gold (Before 2024.0.0),"An Authentication Bypass vulnerability in WhatsUp Gold allows attackers to exploit the issue in versions released before 2024.0.0. This flaw enables unauthorized individuals to gain access to encrypted user credentials, potentially compromising sensitive information. Organizations using affected versions should seek to apply the latest security updates and ensure proper security protocols are in place.",Progress Software,Whatsup Gold,7.5,HIGH,0.0012400000123307109,false,,false,false,false,,,false,false,,2024-10-24T21:15:00.000Z,0
CVE-2024-7840,https://securityvulnerability.io/vulnerability/CVE-2024-7840,Improper neutralization special element in hyperlinks,"In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a serious command injection vulnerability is introduced due to the improper neutralization of hyperlink elements. This flaw can allow an attacker to execute arbitrary commands on the server by exploiting vulnerable processing of link inputs. To mitigate potential risks, it is essential for users to update to the latest version of Telerik Reporting and follow security best practices to protect their applications.",Progress Software,Telerik Reporting,7.8,HIGH,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-10-09T15:15:00.000Z,0
CVE-2024-6672,https://securityvulnerability.io/vulnerability/CVE-2024-6672,Low-Privileged Authentication Bypass Vulnerability in WhatsUp Gold,"A SQL Injection vulnerability exists in WhatsUp Gold versions prior to 2024.0.0, allowing attackers with low privileges to modify the password of a privileged user. This security flaw can lead to unauthorized access, enabling the attacker to escalate their privileges and gain control over sensitive functionalities within the application. Organizations utilizing this software must evaluate their security posture and apply necessary patches to mitigate potential risks associated with this vulnerability.",Progress Software,Whatsup Gold,8.8,HIGH,0.0006500000017695129,false,,false,false,false,,,false,false,,2024-08-29T22:15:00.000Z,0
CVE-2024-6670,https://securityvulnerability.io/vulnerability/CVE-2024-6670,Unauthenticated SQL Injection Vulnerability in Pre-2024.0.0 Versions of WhatsUp Gold Allows Access to Encrypted Passwords,"An unauthenticated SQL injection vulnerability in pre-2024.0.0 versions of WhatsUp Gold from Progress Software Corporation allows the retrieval of encrypted passwords without authentication. Hackers have been actively exploiting this vulnerability since August 30, using publicly available exploit code. They are able to execute remote code, deploy malicious payloads, and establish persistence on compromised systems. The use of multiple remote access tools suggests that ransomware actors may be involved in the attacks. Progress Software released security updates to address the issues, but many organizations have not yet updated their software, leaving them vulnerable to exploitation. This highlights the urgency of addressing the vulnerability to prevent unauthorized access and system compromise.",Progress Software,Whatsup Gold,9.8,CRITICAL,0.904229998588562,true,2024-09-16T00:00:00.000Z,true,true,true,2024-09-12T12:27:34.000Z,,false,false,,2024-08-29T22:15:00.000Z,0
CVE-2024-6671,https://securityvulnerability.io/vulnerability/CVE-2024-6671,Unauthenticated SQL Injection Vulnerability in WhatsUp Gold Users' Encrypted Passwords,"A SQL Injection vulnerability exists in WhatsUp Gold versions released before 2024.0.0 that can be exploited by attackers. If the application is configured to allow access for a single user, an unauthenticated attacker can retrieve the encrypted password of that user, potentially compromising account security. This vulnerability highlights the importance of secure application configuration and adherence to best security practices.",Progress Software,Whatsup Gold,9.8,CRITICAL,0.0012400000123307109,false,,true,false,false,,,false,false,,2024-08-29T22:15:00.000Z,0
CVE-2024-6096,https://securityvulnerability.io/vulnerability/CVE-2024-6096,Insecure Type Resolution Vulnerability Affects Telerik Reporting,"A code execution vulnerability exists in Progress Telerik Reporting versions prior to 18.1.24.709 due to an insecure type resolution mechanism. This flaw allows attackers to exploit object injection vulnerabilities, potentially leading to unauthorized code execution within the affected system. Organizations utilizing earlier versions of Telerik Reporting are at risk and should prioritize updating to mitigate this threat.",Progress Software,Telerik Reporting,9.8,CRITICAL,0.000910000002477318,false,,false,false,false,,,false,false,,2024-07-24T14:00:19.107Z,0
CVE-2024-6327,https://securityvulnerability.io/vulnerability/CVE-2024-6327,Remote Code Execution Vulnerability in Telerik Report Server,"In Progress Telerik Report Server, a vulnerability exists due to insecure deserialization processes, allowing attackers to potentially execute arbitrary code remotely. This issue affects versions released prior to 2024 Q2 (10.1.24.709), which may enable malicious users to manipulate serialized data, leading to unauthorized actions and system compromise. Organizations utilizing this software are advised to update to the latest version to mitigate the risks associated with this vulnerability.",Progress Software,Telerik Report Server,9.8,CRITICAL,0.0007099999929778278,false,,true,false,true,2024-07-25T20:27:07.000Z,,true,false,,2024-07-24T13:57:07.165Z,6110
CVE-2024-5019,https://securityvulnerability.io/vulnerability/CVE-2024-5019,Unauthenticated Arbitrary File Read Vulnerability in WhatsUp Gold,"An unauthenticated Arbitrary File Read vulnerability exists in WhatsUp Gold, specifically in the Wug.UI.Areas.Wug.Controllers.SessionController.CachedCSS component. This flaw affects versions released before 2023.1.3, permitting unauthorized access to read any file within the context of the iisapppool\NmConsole privileges. The potential exploitation of this vulnerability could lead to significant data exposure, making it critical for users to apply patches and updates to safeguard their systems.",Progress Software,Whatsup Gold,7.5,HIGH,0.0014199999859556556,false,,false,false,false,,,false,false,,2024-06-25T20:29:00.522Z,0
CVE-2024-5018,https://securityvulnerability.io/vulnerability/CVE-2024-5018,Unauthenticated Path Traversal Vulnerability in WhatsUp Gold Web-Root Directory,"The vulnerability in WhatsUp Gold allows an attacker to exploit an unauthenticated Path Traversal flaw within the SessionController.LoadNMScript functionality. This security issue enables unauthorized users to read any file stored in the application's web-root directory, posing a significant risk to the integrity and confidentiality of sensitive information. Users of WhatsUp Gold should ensure they are running versions 2023.1.3 or later to mitigate this vulnerability and safeguard their network operations.",Progress Software,Whatsup Gold,7.5,HIGH,0.0014199999859556556,false,,false,false,false,,,false,false,,2024-06-25T20:27:11.395Z,0
CVE-2024-5016,https://securityvulnerability.io/vulnerability/CVE-2024-5016,Remote Code Execution Vulnerability in WhatsUp Gold Distributed Edition,"The security vulnerability affects WhatsUp Gold, particularly in its Distributed Edition installations released before version 2023.1.3. The flaw is rooted in the message processing routines, specifically within NmDistributed.DistributedServiceBehavior.OnMessage for servers and NmDistributed.DistributedClient.OnMessage for clients. This vulnerability can be exploited via a deserialization tool, enabling an attacker to achieve Remote Code Execution with SYSTEM-level privileges, potentially compromising the integrity and confidentiality of the affected systems.",Progress Software,Whatsup Gold,7.2,HIGH,0.0006799999973736703,false,,false,false,false,,,false,false,,2024-06-25T20:23:46.895Z,0