CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47441 – WordPress Progress Bar <= 2.2.3 - Cross Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2025-47441
07 May 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Chris Reynolds Progress Bar allows Stored XSS. This issue affects Progress Bar: from n/a through 2.2.3. The Progress Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web script... • https://patchstack.com/database/wordpress/plugin/progress-bar/vulnerability/wordpress-progress-bar-2-2-3-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2025-39516 – WordPress Author WIP Progress Bar <= 1.0 - Cross Site Scripting (XSS) Vulnerability
https://notcve.org/view.php?id=CVE-2025-39516
16 Apr 2025 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alan Petersen Author WIP Progress Bar allows DOM-Based XSS. This issue affects Author WIP Progress Bar: from n/a through 1.0. The Author WIP Progress Bar plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above,... • https://patchstack.com/database/wordpress/plugin/author-work-in-progress-bar/vulnerability/wordpress-author-wip-progress-bar-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.6EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2572 – WhatsUp Gold NmConfigurationManager.exe database manipulation vulnerability
https://notcve.org/view.php?id=CVE-2025-2572
14 Apr 2025 — In WhatsUp Gold versions released before 2024.0.3, a database manipulation vulnerability allows an unauthenticated attacker to modify the contents of WhatsUp.dbo.WrlsMacAddressGroup. In WhatsUp Gold versions released before 2024.0.3, a database manipulation vulnerability allows an unauthenticated attacker to modify the contents of WhatsUp.dbo.WrlsMacAddressGroup. • https://docs.progress.com/bundle/whatsupgold-release-notes-24-0/page/WhatsUp-Gold-2024.0-Release-Notes.html • CWE-287: Improper Authentication •
CVSS: 7.7EPSS: 0%CPEs: 5EXPL: 0CVE-2025-1968
https://notcve.org/view.php?id=CVE-2025-1968
09 Apr 2025 — Insufficient Session Expiration vulnerability in Progress Software Corporation Sitefinity under some specific and uncommon circumstances allows reusing Session IDs (Session Replay Attacks).This issue affects Sitefinity: from 14.0 through 14.3, from 14.4 before 14.4.8145, from 15.0 before 15.0.8231, from 15.1 before 15.1.8332, from 15.2 before 15.2.8429. • https://community.progress.com/s/article/Sitefinity-Security-Advisory-for-Addressing-Security-Vulnerability-CVE-2025-1968-April-2025 • CWE-613: Insufficient Session Expiration •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2025-2324 – A MOVEit Transfer user configured as a Shared Account can gain unintended List permissions on a folder
https://notcve.org/view.php?id=CVE-2025-2324
19 Mar 2025 — Improper Privilege Management vulnerability for users configured as Shared Accounts in Progress MOVEit Transfer (SFTP module) allows Privilege Escalation.This issue affects MOVEit Transfer: from 2023.1.0 before 2023.1.12, from 2024.0.0 before 2024.0.8, from 2024.1.0 before 2024.1.2. • https://community.progress.com/s/article/MOVEit-Transfer-Vulnerability-CVE-2025-2324-March-18-2025 • CWE-269: Improper Privilege Management •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2025-1758 – Progress Software Kemp LoadMaster mangle Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2025-1758
18 Mar 2025 — Improper Input Validation vulnerability in Progress LoadMaster allows : Buffer OverflowThis issue affects: * LoadMaster: 7.2.40.0 and above * ECS: All versions * Multi-Tenancy: 7.1.35.4 and above This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the mangle executable. The issue results from the lack of proper validation of the length... • https://docs.progress.com/bundle/release-notes_loadmaster-7-2-61-1/page/Security-Updates.html • CWE-121: Stack-based Buffer Overflow •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-6097 – Absolute Path Traversal Vulnerability
https://notcve.org/view.php?id=CVE-2024-6097
12 Feb 2025 — In Progress® Telerik® Reporting versions prior to 2025 Q1 (19.0.25.211), information disclosure is possible by a local threat actor through an absolute path vulnerability. • https://docs.telerik.com/reporting/knowledge-base/kb-security-absolute-path-traversal-CVE-2024-6097 • CWE-36: Absolute Path Traversal •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11629 – Telerik Document Processing RTF Export of Arbitrary File Path
https://notcve.org/view.php?id=CVE-2024-11629
12 Feb 2025 — In Progress® Telerik® Document Processing Libraries, versions prior to 2025 Q1 (2025.1.205), using .NET Standard 2.0, the contents of a file at an arbitrary path can be exported to RTF. • https://docs.telerik.com/devtools/document-processing/knowledge-base/kb-security-rtf-filecontent-export-cve-2024-11629 • CWE-552: Files or Directories Accessible to External Parties •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11628 – Prototype Pollution in Progress® Telerik® Kendo UI for Vue
https://notcve.org/view.php?id=CVE-2024-11628
12 Feb 2025 — In Progress® Telerik® Kendo UI for Vue versions v2.4.0 through v6.0.1, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection. • https://www.telerik.com/kendo-vue-ui/components/knowledge-base/kb-security-protoype-pollution-2024-11628 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 4.1EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12629 – Prototype Pollution in Progress® Telerik® KendoReact
https://notcve.org/view.php?id=CVE-2024-12629
12 Feb 2025 — In Progress® Telerik® KendoReact versions v3.5.0 through v9.4.0, an attacker can introduce or modify properties within the global prototype chain which can result in denial of service or command injection. • https://www.telerik.com/kendo-react-ui/components/knowledge-base/kb-security-protoype-pollution-2024-12629 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •