
CVE-2025-0556 – Telerik Report Server Clear Text Transmission of Agent Commands
https://notcve.org/view.php?id=CVE-2025-0556
12 Feb 2025 — In Progress® Telerik® Report Server, versions prior to 2025 Q1 (11.0.25.211) when using the older .NET Framework implementation, communication of non-sensitive information between the service agent process and app host process occurs over an unencrypted tunnel, which can be subjected to local network traffic sniffing. • https://docs.telerik.com/report-server/knowledge-base/kb-security-cleartext-transmission-cve-2025-0556 • CWE-319: Cleartext Transmission of Sensitive Information •

CVE-2024-12251 – Improper neutralization special element in hyperlinks
https://notcve.org/view.php?id=CVE-2024-12251
12 Feb 2025 — In Progress® Telerik® UI for WinUI versions prior to 2025 Q1 (3.0.0), a command injection attack is possible through improper neutralization of hyperlink elements. • https://docs.telerik.com/devtools/winui/security/kb-security-command-injection-cve-2024-12251 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVE-2024-56135 – Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
https://notcve.org/view.php?id=CVE-2024-56135
05 Feb 2025 — Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) • https://community.progress.com/s/article/LoadMaster-Security-Vulnerability-CVE-2024-56131-CVE-2024-56132-CVE-2024-56133-CVE-2024-56134-CVE-2024-56135 • CWE-20: Improper Input Validation •

CVE-2024-56134 – Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
https://notcve.org/view.php?id=CVE-2024-56134
05 Feb 2025 — Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) • https://community.progress.com/s/article/LoadMaster-Security-Vulnerability-CVE-2024-56131-CVE-2024-56132-CVE-2024-56133-CVE-2024-56134-CVE-2024-56135 • CWE-20: Improper Input Validation •

CVE-2024-56133 – Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
https://notcve.org/view.php?id=CVE-2024-56133
05 Feb 2025 — Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) • https://community.progress.com/s/article/LoadMaster-Security-Vulnerability-CVE-2024-56131-CVE-2024-56132-CVE-2024-56133-CVE-2024-56134-CVE-2024-56135 • CWE-20: Improper Input Validation •

CVE-2024-56132 – Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
https://notcve.org/view.php?id=CVE-2024-56132
05 Feb 2025 — Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) • https://community.progress.com/s/article/LoadMaster-Security-Vulnerability-CVE-2024-56131-CVE-2024-56132-CVE-2024-56133-CVE-2024-56134-CVE-2024-56135 • CWE-20: Improper Input Validation •

CVE-2024-56131 – Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.
https://notcve.org/view.php?id=CVE-2024-56131
05 Feb 2025 — Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 (inclusive) From 7.2.49.0 to 7.2.54.12 (inclusive) 7.2.48.12 and all prior versions Multi-Tenant Hypervisor 7.1.35.12 and all prior versions ECS All prior versions to 7.2.60.1 (inclusive) • https://community.progress.com/s/article/LoadMaster-Security-Vulnerability-CVE-2024-56131-CVE-2024-56132-CVE-2024-56133-CVE-2024-56134-CVE-2024-56135 • CWE-20: Improper Input Validation •

CVE-2025-23936 – WordPress CC Circle Progress Bar plugin <= 1.0.0 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-23936
16 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Harun R. Rayhan (Cr@zy Coder) CC Circle Progress Bar allows Stored XSS.This issue affects CC Circle Progress Bar: from n/a through 1.0.0. Vulnerabilidad de neutralización incorrecta de la entrada durante la generación de páginas web ('Cross-site Scripting') en Harun R. Rayhan (Cr@zy Coder) CC Circle Progress Bar permite XSS almacenado. Este problema afecta a CC Circle Progress Bar: desde n/a hasta 1.0.0. • https://patchstack.com/database/wordpress/plugin/cc-circle-progress-bar/vulnerability/wordpress-cc-circle-progress-bar-plugin-1-0-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2025-23892 – WordPress Progress Tracker plugin <= 0.9.3 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2025-23892
16 Jan 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Furr and Simon Ward Progress Tracker allows DOM-Based XSS.This issue affects Progress Tracker: from n/a through 0.9.3. The Progress Tracker plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 0.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inj... • https://patchstack.com/database/wordpress/plugin/progress-tracker/vulnerability/wordpress-progress-tracker-plugin-0-9-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVE-2024-11627
https://notcve.org/view.php?id=CVE-2024-11627
07 Jan 2025 — : Insufficient Session Expiration vulnerability in Progress Sitefinity allows : Session Fixation.This issue affects Sitefinity: from 4.0 through 14.4.8142, from 15.0.8200 through 15.0.8229, from 15.1.8300 through 15.1.8327, from 15.2.8400 through 15.2.8421. La vulnerabilidad de expiración de sesión insuficiente en Progress Sitefinity permite: fijación de sesión. Este problema afecta a Sitefinity: desde la versión 4.0 hasta la 14.4.8142, desde la versión 15.0.8200 hasta la 15.0.8229, desde la versión 15.1.83... • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerabilities-CVE-2024-11625-and-CVE-2024-11626-January-2025 • CWE-613: Insufficient Session Expiration •