Lucene search
K

70967 matches found

EUVD
EUVD
added 2026/04/20 3:31 p.m.5 views

EUVD-2026-23858

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'aclcontrol' command...

9.3CVSS6.2AI score0.18238EPSS
Exploits4References2
EUVD
EUVD
added 2026/04/20 3:31 p.m.6 views

EUVD-2026-23857

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'killsession' command...

9.3CVSS6.2AI score0.18238EPSS
Exploits4References2
EUVD
EUVD
added 2026/04/20 3:31 p.m.6 views

EUVD-2026-23856

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'addcountry' command...

9.3CVSS6.2AI score0.18238EPSS
Exploits4References2
NVD
NVD
added 2026/04/20 2:16 p.m.5 views

CVE-2026-4048

OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in a custom WAF rule file during the file upload process...

8.4CVSS0.02132EPSS
Exploits0References1
NVD
NVD
added 2026/04/20 2:16 p.m.8 views

CVE-2026-3519

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'aclcontrol' command...

8.4CVSS0.02134EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/20 1:36 p.m.5 views

CVE-2026-4048 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF

OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in a custom WAF rule file during the file upload process...

8.4CVSS6.4AI score0.02132EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/20 1:36 p.m.5 views

CVE-2026-4048

OS Command Injection Remote Code Execution Vulnerability in UI in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in a custom WAF rule file during the file upload process...

9.3CVSS6.1AI score0.18238EPSS
Exploits4References2Affected Software4
CVE
CVE
added 2026/04/20 1:36 p.m.13 views

CVE-2026-4048

CVE-2026-4048 : OS Command Injection RCE in Progress LoadMaster family (LoadMaster, ECS Connection Manager, Object Scale Connection Manager, MOVEit WAF UI). An authenticated attacker with high-level permissions (e.g., “All”) can execute arbitrary commands by exploiting unsanitized input in a cust...

8.4CVSS6.4AI score0.02132EPSS
Exploits0References1Affected Software3
ATTACKERKB
ATTACKERKB
added 2026/04/20 1:32 p.m.6 views

CVE-2026-3519

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'aclcontrol' command...

9.3CVSS6.2AI score0.18238EPSS
Exploits4References2Affected Software4
CVE
CVE
added 2026/04/20 1:32 p.m.18 views

CVE-2026-3519

Summary: The provided connected CVEs describe OS Command Injection/Remote Code Execution vulnerabilities in Progress ADC products (LoadMaster, ECS Connection Manager, Object Scale Connection Manager, MOVEit WAF). Affected vectors involve unsanitized input in various commands or files (e.g., aclco...

8.4CVSS6.4AI score0.02134EPSS
Exploits0References1Affected Software3
Vulnrichment
Vulnrichment
added 2026/04/20 1:32 p.m.4 views

CVE-2026-3519 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “VS Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'aclcontrol' command...

8.4CVSS6.4AI score0.02134EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/20 1:29 p.m.32 views

CVE-2026-3518 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'killsession' command...

8.4CVSS0.0252EPSS
Exploits0References1
CVE
CVE
added 2026/04/20 1:29 p.m.24 views

CVE-2026-3518

CVE-2026-4048, CVE-2026-3518, and CVE-2026-3519 are Progress LoadMaster family command-injection/RCE vulnerabilities. Each allows an authenticated attacker with specific permissions to execute arbitrary commands on LoadMaster appliances by supplying unsanitized input via different entry points: C...

8.4CVSS6.4AI score0.18238EPSS
Exploits0References1Affected Software3
Vulnrichment
Vulnrichment
added 2026/04/20 1:29 p.m.3 views

CVE-2026-3518 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'killsession' command...

8.4CVSS6.4AI score0.18238EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/04/20 1:22 p.m.60 views

CVE-2026-3517 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'addcountry' command...

8.4CVSS0.18238EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/04/20 1:22 p.m.5 views

CVE-2026-3517 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'addcountry' command...

8.4CVSS6.4AI score0.18238EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/04/20 1:22 p.m.7 views

CVE-2026-3517

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “Geo Administration” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'addcountry' command...

9.3CVSS6.2AI score0.18238EPSS
Exploits4References2Affected Software4
CVE
CVE
added 2026/04/20 1:22 p.m.51 views

CVE-2026-3517

CVE-2026-4048: OS Command Injection / Remote Code Execution in Progress LoadMaster UI (and related components: ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF). An authenticated attacker with All permissions can execute arbitrary commands on the LoadMaster appliance by exploi...

8.4CVSS6.4AI score0.18238EPSS
Exploits0References1Affected Software3
IBM Security Bulletins
IBM Security Bulletins
added 2026/04/20 9:57 a.m.18 views

Security Bulletin: ELM on Hybrid Cloud vulnerabilities addressed in 2.0.0

Summary This release addresses security vulnerabilities in application and operator images of ELM on Hybrid cloud offering. Identified vulnerabilities identified below relate to the underlying OS packages and language dependencies which impacts the product within the deployed environment. One of...

9.1CVSS7.2AI score0.01557EPSS
Exploits3Affected Software1
EUVD
EUVD
added 2026/04/20 9:30 a.m.6 views

EUVD-2026-23784

A command injection vulnerability was found in the PPTP VPN Clients on the ADM. The vulnerability allows an administrative user to break out of the restricted web environment and execute arbitrary code on the underlying operating system. This occurs due to insufficient validation of user-supplied...

9.4CVSS6.2AI score0.01451EPSS
Exploits1References2
Rows per page
Query Builder