CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56133 – Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
https://notcve.org/view.php?id=CVE-2024-56133
05 Feb 2025 — Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) • https://community.progress.com/s/article/LoadMaster-Security-Vulnerability-CVE-2024-56131-CVE-2024-56132-CVE-2024-56133-CVE-2024-56134-CVE-2024-56135 • CWE-20: Improper Input Validation •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56132 – Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
https://notcve.org/view.php?id=CVE-2024-56132
05 Feb 2025 — Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) • https://community.progress.com/s/article/LoadMaster-Security-Vulnerability-CVE-2024-56131-CVE-2024-56132-CVE-2024-56133-CVE-2024-56134-CVE-2024-56135 • CWE-20: Improper Input Validation •
CVSS: 8.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56131 – Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
https://notcve.org/view.php?id=CVE-2024-56131
05 Feb 2025 — Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) • https://community.progress.com/s/article/LoadMaster-Security-Vulnerability-CVE-2024-56131-CVE-2024-56132-CVE-2024-56133-CVE-2024-56134-CVE-2024-56135 • CWE-20: Improper Input Validation •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23892 – WordPress Progress Tracker plugin <= 0.9.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-23892
16 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Furr and Simon Ward Progress Tracker allows DOM-Based XSS.This issue affects Progress Tracker: from n/a through 0.9.3. The Progress Tracker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inj... • https://patchstack.com/database/wordpress/plugin/progress-tracker/vulnerability/wordpress-progress-tracker-plugin-0-9-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23936 – WordPress CC Circle Progress Bar plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-23936
16 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Harun R. Rayhan (Cr@zy Coder) CC Circle Progress Bar allows Stored XSS.This issue affects CC Circle Progress Bar: from n/a through 1.0.0. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en Harun R. Rayhan (Cr@zy Coder) CC Circle Progress Bar permite XSS almacenado. Este problema afecta a CC Circle Progress Bar: desde n/a hasta 1.0.0. • https://patchstack.com/database/wordpress/plugin/cc-circle-progress-bar/vulnerability/wordpress-cc-circle-progress-bar-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0CVE-2024-11627
https://notcve.org/view.php?id=CVE-2024-11627
07 Jan 2025 — : Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. La vulnerabilidad de expiración de sesión insuficiente en Progress Sitefinity permite: fijación de sesión. Este problema afecta a Sitefinity: desde la versión 4.0 hasta la 14.4.8142, desde la versión 15.0.8200 hasta la 15.0.8229, desde la versión 15.1.83... • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-11625-and-CVE-2024-11626-January-2025 • CWE-613: Insufficient Session Expiration •
CVSS: 8.4EPSS: 0%CPEs: 4EXPL: 0CVE-2024-11626
https://notcve.org/view.php?id=CVE-2024-11626
07 Jan 2025 — Improper Neutralization of Input During CMS Backend (adminstrative section) Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Progress Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web del backend de CMS (sección administrativa) (XSS o 'Cross-site Scripting') en Progress Site... • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-11625-and-CVE-2024-11626-January-2025 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.7EPSS: 0%CPEs: 4EXPL: 0CVE-2024-11625
https://notcve.org/view.php?id=CVE-2024-11625
07 Jan 2025 — Information Exposure Through an Error Message vulnerability in Progress Software Corporation Sitefinity.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. Vulnerabilidad de exposición de información a través de un mensaje de error en Sitefinity de Progress Software Corporation. Este problema afecta a Sitefinity: desde la versión 4.0 hasta la 14.4.8142, desde la versión 15.0.8200 hasta la 15.0.8229, ... • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-11625-and-CVE-2024-11626-January-2025 • CWE-209: Generation of Error Message Containing Sensitive Information •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12105 – WhatsUp Gold - SnmpExtendedActiveMonitor path traversal
https://notcve.org/view.php?id=CVE-2024-12105
31 Dec 2024 — In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure. In WhatsUp Gold versions released before 2024.0.2, an authenticated user can use a specially crafted HTTP request that can lead to information disclosure. • https://www.progress.com/network-monitoring • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.7EPSS: 4%CPEs: 1EXPL: 0CVE-2024-12106 – WhatsUp Gold - LDAP configuration interface leading to allowing attacker to configure LDAP settings without authentication
https://notcve.org/view.php?id=CVE-2024-12106
31 Dec 2024 — In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings. In WhatsUp Gold versions released before 2024.0.2, an unauthenticated attacker can configure LDAP settings. • https://www.progress.com/network-monitoring • CWE-306: Missing Authentication for Critical Function •