cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-6097,https://securityvulnerability.io/vulnerability/CVE-2024-6097,Information Disclosure Vulnerability in Telerik Reporting by Progress,"In Telerik Reporting versions released before 2025 Q1, a local threat actor can exploit an absolute path vulnerability to disclose sensitive information. This occurs due to improper handling of file paths, allowing unauthorized access to potentially confidential data. Organizations using affected versions should review their security posture and update to the latest version to mitigate the risk.",Progress Software,Progress® Telerik® Reporting,5.3,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-12T17:37:10.917Z,0
CVE-2024-11629,https://securityvulnerability.io/vulnerability/CVE-2024-11629,File Export Vulnerability in Progress Telerik Document Processing Libraries,The Progress Telerik Document Processing Libraries before version 2025 Q1 (2025.1.205) contain a vulnerability that allows unauthorized file content export to RTF format from an arbitrary file path. This issue poses a significant risk as it can potentially expose sensitive data to unauthorized users. Organizations utilizing these libraries need to update to the latest version to mitigate these risks and secure their document processing capabilities.,Progress Software,Progress® Telerik® Document Processing Libraries,7.1,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-12T16:21:52.058Z,0
CVE-2024-11628,https://securityvulnerability.io/vulnerability/CVE-2024-11628,Prototype Pollution Vulnerability in Progress Telerik Kendo UI for Vue,"In certain versions of Telerik Kendo UI for Vue, a vulnerability exists that allows attackers to introduce or modify properties in the global prototype chain. This manipulation can lead to unauthorized access and potentially result in a denial of service or command injection, posing significant risks to applications utilizing affected versions.",Progress Software,Progress® Telerik® Kendo Ui For Vue,4.1,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-12T16:17:38.869Z,0
CVE-2024-11343,https://securityvulnerability.io/vulnerability/CVE-2024-11343,Arbitrary File System Access in Telerik Document Processing Libraries,"A security issue in Telerik Document Processing Libraries allows for arbitrary file system access when unzipping archives. This vulnerability can potentially allow unauthorized users to read or manipulate sensitive files within the system, creating serious security risks. It is essential for users of affected versions to update to the latest release to mitigate this risk.",Progress Software,Telerik Document Processing Libraries,8.3,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-12T15:46:49.360Z,0
CVE-2024-12629,https://securityvulnerability.io/vulnerability/CVE-2024-12629,Prototype Pollution Vulnerability in Progress Telerik KendoReact,"In Progress Telerik KendoReact, versions from v3.5.0 to v9.4.0, a vulnerability exists that allows an attacker to alter or introduce properties within the global prototype chain. This manipulation could lead to significant security issues, including denial of service or command injection attacks. It is crucial for users to be aware of this vulnerability and apply necessary patches and updates to mitigate potential risks.",Progress Software,Telerik Kendoreact,4.1,MEDIUM,0.01,false,,false,false,false,,false,false,false,,2025-02-12T15:37:51.840Z,0
CVE-2025-0332,https://securityvulnerability.io/vulnerability/CVE-2025-0332,Path Traversal Vulnerability in Progress Telerik UI for WinForms,"A vulnerability exists in Progress Telerik UI for WinForms that arises from improper limitations of target paths. This issue can allow an attacker to decompress an archive's content into a restricted directory, potentially exposing sensitive information and compromising system integrity. Users of affected versions should update to 2025 Q1 (2025.1.211) to mitigate this risk.",Progress Software,Progress® Telerik® Ui For Winforms,7.8,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-12T15:15:31.166Z,0
CVE-2025-0556,https://securityvulnerability.io/vulnerability/CVE-2025-0556,Unencrypted Data Transmission in Progress Telerik Report Server,"In Progress Telerik Report Server, versions released before 2025 Q1 (11.0.25.211) utilize an older .NET Framework implementation that allows for the transmission of non-sensitive information in an unencrypted format. This vulnerability permits potential attackers on a local network to capture and analyze the communication between the service agent and the application host, posing a risk to data confidentiality and integrity. Users are encouraged to upgrade to the latest version to mitigate this risk.",Progress Software,Telerik Report Server,8.8,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-12T15:11:03.067Z,0
CVE-2024-12251,https://securityvulnerability.io/vulnerability/CVE-2024-12251,Command Injection Vulnerability in In Progress Telerik UI for WinUI,"A command injection vulnerability exists in In Progress® Telerik® UI for WinUI prior to version 2025 Q1 (3.0.0). This issue arises from inadequate neutralization of hyperlink elements, allowing an attacker to execute arbitrary commands. Proper mitigation is essential to prevent exploitation and ensure application security.",Progress Software,Telerik Ui For Winui,7.8,HIGH,0.01,false,,false,false,false,,false,false,false,,2025-02-12T15:09:46.306Z,0
CVE-2024-11626,https://securityvulnerability.io/vulnerability/CVE-2024-11626,Cross-site Scripting Vulnerability in Progress Sitefinity CMS,"A Cross-site Scripting (XSS) vulnerability has been identified in the administrative backend of Progress Sitefinity. This issue arises from improper neutralization of user input during web page generation, allowing attackers to inject malicious scripts into the web application. The vulnerability affects multiple versions of Sitefinity, fostering an opportunity for unauthorized access and data manipulation within the CMS environment. Awareness and timely patching are crucial to mitigate the associated risks.",Progress Software,Sitefinity,8.4,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-07T07:49:01.805Z,0
CVE-2024-11625,https://securityvulnerability.io/vulnerability/CVE-2024-11625,Information Exposure Vulnerability in Progress Software Sitefinity,"An information exposure vulnerability exists in Progress Software's Sitefinity platform that arises from improper handling of error messages. This flaw can potentially allow an attacker to gain sensitive information about the system, which could be exploited to further compromise the environment. Affected versions range from 4.0 to 15.2.8400, making it crucial for users to review their installations and implement appropriate security measures.",Progress Software,Sitefinity,7.7,HIGH,0.0004299999854993075,false,,false,false,false,,false,false,false,,2025-01-07T07:48:32.620Z,0
CVE-2024-12105,https://securityvulnerability.io/vulnerability/CVE-2024-12105,Information Disclosure Vulnerability in Progress Software's WhatsUp Gold,"In specific versions of WhatsUp Gold managed by Progress Software, an issue exists where authenticated users can exploit specially crafted HTTP requests. This can potentially lead to unauthorized information disclosure, compromising sensitive data. It is crucial for users and administrators of WhatsUp Gold to be aware of these vulnerabilities and apply the necessary updates to maintain system integrity.",Progress Software,Whatsup Gold,6.5,MEDIUM,0.0005000000237487257,false,,false,false,false,,false,false,false,,2024-12-31T10:32:08.238Z,0
CVE-2024-12106,https://securityvulnerability.io/vulnerability/CVE-2024-12106,LDAP Configuration Vulnerability in WhatsUp Gold,"An unauthorized configuration vulnerability exists in WhatsUp Gold versions prior to 2024.0.2, enabling unauthenticated attackers to modify LDAP settings. This flaw may lead to unauthorized access and manipulation of system configurations, significantly compromising network security and management integrity.",Progress Software,Whatsup Gold,7.5,HIGH,0.0004799999878741801,false,,false,false,false,,false,false,false,,2024-12-31T10:32:02.035Z,267
CVE-2024-12108,https://securityvulnerability.io/vulnerability/CVE-2024-12108,Unauthorized Access via Public API in WhatsUp Gold,"Inversions of WhatsUp Gold released before version 2024.0.2, a security flaw allows unauthorized access to the WhatsUp Gold server through its public API. This vulnerability poses a risk as attackers can exploit this access method to potentially execute unauthorized actions within the application. It is essential for users of WhatsUp Gold to address this issue by updating to the latest version and implementing best practices for API security.",Progress Software,Whatsup Gold,9.6,CRITICAL,0.0006900000153109431,false,,false,false,false,,false,false,false,,2024-12-31T10:31:56.107Z,0
CVE-2024-10095,https://securityvulnerability.io/vulnerability/CVE-2024-10095,Insecure Deserialization Vulnerability in Telerik UI for WPF,"CVE-2024-10095 identifies a critical insecure deserialization flaw within Progress Telerik UI for WPF versions prior to 2024 Q4 (2024.4.1213). This vulnerability can be exploited to execute arbitrary code within the affected application, posing significant risks to users' systems. It's crucial for organizations using the affected versions to upgrade promptly to safeguard against potential attacks.",Progress Software,Telerik Ui For WPf,9.8,CRITICAL,0.0007099999929778278,false,,false,false,false,,,false,false,,2024-12-16T16:59:25.572Z,0
CVE-2024-8785,https://securityvulnerability.io/vulnerability/CVE-2024-8785,Remote Code Execution Vulnerability in WhatsUp Gold,"The vulnerability CVE-2024-8785 affects WhatsUp Gold versions released before 2024.0.1, allowing unauthenticated attackers to leverage NmAPI.exe to create or change registry values. This can lead to a remote code execution vulnerability, making it a critical issue. A PoC exploit for this vulnerability has been published, and it is important for users to upgrade to version 24.0.1 as soon as possible to mitigate the risk of exploitation. In the past, attackers have capitalized on publicly released PoC exploits for other WhatsUp Gold flaws, highlighting the urgency of addressing this vulnerability.",Progress Software,Whatsup Gold,5.3,MEDIUM,0.0005200000014156103,false,,true,false,true,2024-12-03T14:00:11.000Z,,false,false,,2024-12-02T14:49:36.748Z,0
CVE-2024-46909,https://securityvulnerability.io/vulnerability/CVE-2024-46909,Remote code execution vulnerability in WhatsUp Gold,"A vulnerability exists in WhatsUp Gold prior to version 2024.0.1 that allows remote unauthenticated attackers to execute arbitrary code in the context of the service account. This could lead to unauthorized access and control over critical network monitoring functions, emphasizing the need for users to update to the latest version to mitigate potential exploitation risks.",Progress Software,Whatsup Gold,9.8,CRITICAL,0.0006600000197067857,false,,false,false,false,,,false,false,,2024-12-02T14:46:49.513Z,0
CVE-2024-46905,https://securityvulnerability.io/vulnerability/CVE-2024-46905,Privilege Escalation Vulnerability Affects WhatsUp Gold Users,"A SQL Injection vulnerability exists in WhatsUp Gold versions released before 2024.0.1. This flaw enables an authenticated user with lower privileges, specifically those holding Network Manager permissions, to exploit the vulnerability and escalate their privileges to that of an admin account. This could lead to unauthorized access and control over the WhatsUp Gold system, posing significant security risks. Immediate updates to the latest version are essential to mitigate potential threats associated with this vulnerability.",Progress Software,Whatsup Gold,8.8,HIGH,0.0006000000284984708,false,,false,false,false,,,false,false,,2024-12-02T14:45:13.504Z,0
CVE-2024-46906,https://securityvulnerability.io/vulnerability/CVE-2024-46906,Privilege Escalation Vulnerability in WhatsUp Gold Allows Low-Privileged Users to Access Admin Account,A SQL Injection vulnerability exists in WhatsUp Gold that enables a low-privileged authenticated user with at least Report Viewer permissions to perform actions typically reserved for an admin account. This defect can be exploited by attackers to escalate their privileges and gain unauthorized access to sensitive features and data within the application. It is essential for users of WhatsUp Gold to be aware of this vulnerability and to update to versions released after 2024.0.1 to mitigate potential security risks.,Progress Software,Whatsup Gold,8.8,HIGH,0.0006000000284984708,false,,false,false,false,,,false,false,,2024-12-02T14:44:08.220Z,0
CVE-2024-46907,https://securityvulnerability.io/vulnerability/CVE-2024-46907,Privilege Escalation Vulnerability in WhatsUp Gold Prior to 2024.0.1,"A SQL Injection vulnerability exists in WhatsUp Gold versions released before 2024.0.1. This security flaw allows an authenticated low-privileged user, specifically one with Report Viewer permissions, to perform unauthorized actions and escalate privileges to that of an admin account. This vulnerability poses a significant risk as it can enable malicious users to gain elevated access and control over critical network monitoring functions.",Progress Software,Whatsup Gold,8.8,HIGH,0.0006000000284984708,false,,false,false,false,,,false,false,,2024-12-02T14:42:08.418Z,0
CVE-2024-46908,https://securityvulnerability.io/vulnerability/CVE-2024-46908,WhatsUp Gold SQL Injection Vulnerability Could Lead to Privilege Escalation,"A SQL Injection vulnerability in WhatsUp Gold versions released before 2024.0.1 can be exploited by authenticated low-privileged users, specifically those with Report Viewer permissions, to escalate their privileges to that of an admin account. This vulnerability poses a significant security risk, as it allows unauthorized users to potentially control sensitive functionalities and data within the WhatsUp Gold platform.",Progress Software,Whatsup Gold,8.8,HIGH,0.0006000000284984708,false,,false,false,false,,,false,false,,2024-12-02T14:40:08.735Z,0
CVE-2024-9999,https://securityvulnerability.io/vulnerability/CVE-2024-9999,Authentication Bypass Vulnerability in WS_FTP Server by Progress Software,"An authentication bypass vulnerability exists in WS_FTP Server prior to version 8.8.9 (2022.0.9) due to improper implementation of the authentication algorithm in the Web Transfer Module. This flaw permits unauthorized users to log in by circumventing the second-factor verification process, potentially compromising sensitive data and system integrity.",Progress Software,WS_FTP Server,,,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-11-12T17:15:00.000Z,0
CVE-2024-7763,https://securityvulnerability.io/vulnerability/CVE-2024-7763,Authentication Bypass Vulnerability in WhatsUp Gold (Before 2024.0.0),"An Authentication Bypass vulnerability in WhatsUp Gold allows attackers to exploit the issue in versions released before 2024.0.0. This flaw enables unauthorized individuals to gain access to encrypted user credentials, potentially compromising sensitive information. Organizations using affected versions should seek to apply the latest security updates and ensure proper security protocols are in place.",Progress Software,Whatsup Gold,7.5,HIGH,0.0012400000123307109,false,,false,false,false,,,false,false,,2024-10-24T21:15:00.000Z,0
CVE-2024-7840,https://securityvulnerability.io/vulnerability/CVE-2024-7840,Improper neutralization special element in hyperlinks,"In Progress Telerik Reporting versions prior to 2024 Q3 (18.2.24.924), a serious command injection vulnerability is introduced due to the improper neutralization of hyperlink elements. This flaw can allow an attacker to execute arbitrary commands on the server by exploiting vulnerable processing of link inputs. To mitigate potential risks, it is essential for users to update to the latest version of Telerik Reporting and follow security best practices to protect their applications.",Progress Software,Telerik Reporting,7.8,HIGH,0.0005300000193528831,false,,false,false,false,,,false,false,,2024-10-09T15:15:00.000Z,0
CVE-2024-6671,https://securityvulnerability.io/vulnerability/CVE-2024-6671,Unauthenticated SQL Injection Vulnerability in WhatsUp Gold Users' Encrypted Passwords,"A SQL Injection vulnerability exists in WhatsUp Gold versions released before 2024.0.0 that can be exploited by attackers. If the application is configured to allow access for a single user, an unauthenticated attacker can retrieve the encrypted password of that user, potentially compromising account security. This vulnerability highlights the importance of secure application configuration and adherence to best security practices.",Progress Software,Whatsup Gold,9.8,CRITICAL,0.0012400000123307109,false,,true,false,false,,,false,false,,2024-08-29T22:15:00.000Z,0
CVE-2024-6670,https://securityvulnerability.io/vulnerability/CVE-2024-6670,Unauthenticated SQL Injection Vulnerability in Pre-2024.0.0 Versions of WhatsUp Gold Allows Access to Encrypted Passwords,"An unauthenticated SQL injection vulnerability in pre-2024.0.0 versions of WhatsUp Gold from Progress Software Corporation allows the retrieval of encrypted passwords without authentication. Hackers have been actively exploiting this vulnerability since August 30, using publicly available exploit code. They are able to execute remote code, deploy malicious payloads, and establish persistence on compromised systems. The use of multiple remote access tools suggests that ransomware actors may be involved in the attacks. Progress Software released security updates to address the issues, but many organizations have not yet updated their software, leaving them vulnerable to exploitation. This highlights the urgency of addressing the vulnerability to prevent unauthorized access and system compromise.",Progress Software,Whatsup Gold,9.8,CRITICAL,0.904229998588562,true,2024-09-16T00:00:00.000Z,true,true,true,2024-09-12T12:27:34.000Z,,false,false,,2024-08-29T22:15:00.000Z,0