CVE-2026-2737

A vulnerability exists in Progress Flowmon versions prior to 12.5.8 and 13.0.6, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated web session...

CVE-2026-2737

A vulnerability exists in Progress Flowmon versions prior to 12.5.8 and 13.0.6, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated web session...

CVE-2026-2513 Possibility of unintended actions when an administrator clicks a malicious link in the Progress Flowmon ADS web application

A vulnerability exists in Progress Flowmon ADS versions prior to 12.5.5 and 13.0.3, whereby an administrator who clicks a malicious link provided by an attacker may inadvertently trigger unintended actions within their authenticated web session...

CVE-2024-2389

In Flowmon versions prior to 11.1.14 and 12.3.5, an operating system command injection vulnerability has been identified. An unauthenticated user can gain entry to the system via the Flowmon management interface, allowing for the execution of arbitrary system commands...

CVE-2025-11906

A vulnerability exists in Progress Flowmon versions prior 12.5.6 where certain system configuration files have incorrect file permissions, allowing a user with access to the default flowmon system user account used for SSH access to potentially escalate privileges to root during service...

Progress Flowmon 安全漏洞

Progress Flowmon is a real-time network traffic monitoring tool from Progress. A security vulnerability exists in versions of Progress Flowmon prior to 12.5.6, which stems from improperly set permissions in the system configuration file, which could result in elevated privileges...

CVE-2025-10240

Progress Flowmon web application prior to version 12.5.5 is vulnerable to an issue where a user who clicks a crafted or malicious link can trigger unintended actions within their existing authenticated session. The CVE entry (CVE-2025-10240) lists a high impact with CVSS 3.1 score 8.8 (AV:N/AC:L/...

PT-2025-41378

Name of the Vulnerable Software and Affected Versions Flowmon versions prior to 12.5.5 Description Flowmon network monitoring solutions are affected by an issue that allows an authenticated administrator to execute additional unintended commands within scripts designed for troubleshooting. This...

EUVD-2023-29973

Malicious code in bioql PyPI...

CVE-2023-26100

In Progress Flowmon before 12.2.0, an application endpoint failed to sanitize user-supplied input. A threat actor could leverage a reflected XSS vulnerability to execute arbitrary code within the context of a Flowmon user's web browser...

PT-2024-2667

Name of the Vulnerable Software and Affected Versions Flowmon versions prior to 11.1.14 and 12.3.5 Description A command injection vulnerability has been identified in Flowmon, allowing an unauthenticated user to gain entry to the system via the management interface and execute arbitrary system...

Progress Flowmon 操作系统命令注入漏洞

Progress Flowmon is a real-time network traffic monitoring tool from Progress. A security vulnerability in Progress Flowmon version 11.x prior to 11.1.14 and version 12.x prior to 12.3.5 stems from an operating system command injection vulnerability that could allow an unauthenticated user to...