Lucene search
K

255 matches found

Nuclei
Nuclei
added 2 days ago82 views

Kemp LoadMaster Load Balancer - Unauthenticated Command Injection

Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: LoadMaster: 7.2.40.0 and above. ECS: All versions.Multi-Tenancy: 7.1.35.4 and above. id: CVE-2024-7591 info: name: Kemp LoadMaster Load Balancer - Unauthenticated Command Injection autho...

10CVSS7.1AI score0.44069EPSS
Exploits1References4
Nuclei
Nuclei
added 2026/07/02 9:36 a.m.11 views

Progress ADC LoadMaster - Command Injection

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints id: CVE-2026-8037 info: name: Progress ADC LoadMaste...

9.8CVSS7.9AI score0.4343EPSS
Exploits3References2
Saint
Saint
added 2026/07/02 12:0 a.m.11 views

Progress LoadMaster API command injection

Added: 07/02/2026 CVE: CVE-2026-8037 Background LoadMaster is delivery and security application with cloud-native, virtual and hardware load balancers. Problem A command injection vulnerability allows remote attackers to execute arbitrary code by sending a specially crafted API request. Resolutio...

9.8CVSS7.7AI score0.4343EPSS
Exploits3
The Hacker News
The Hacker News
added 2026/06/30 7:38 a.m.17 views

Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth

A critical vulnerability in Progress Kemp LoadMaster can let an unauthenticated attacker execute arbitrary commands as root on the appliance by sending a crafted request to its API. The flaw, tracked as CVE-2026-8037 , carries a CVSS score of 9.8 according to ZDI. A patch is available. If you run...

9.6CVSS7.8AI score0.4343EPSS
Exploits3
Nuclei
Nuclei
added 2026/06/30 4:56 a.m.218 views

Progress Kemp LoadMaster - Command Injection

Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution. id: CVE-2024-1212 info: name: Progress Kemp LoadMaster - Command Injection author: DhiyaneshDK severity: critical description: | Unauthenticated remote...

10CVSS7.7AI score0.95388EPSS
Exploits9References5
Zero Day Initiative
Zero Day Initiative
added 2026/06/09 12:0 a.m.14 views

Progress Software Kemp LoadMaster dolistapikeys Uninitialized Memory Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The specific flaw exists within the dolistapikeys method. The issue results from the lack of proper...

7.2CVSS8.2AI score0.4343EPSS
Exploits3References1
Zero Day Initiative
Zero Day Initiative
added 2026/06/09 12:0 a.m.16 views

Progress Software Kemp LoadMaster dodelapikey Uninitialized Memory Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The specific flaw exists within the dodelapikey method. The issue results from the lack of proper...

8.8CVSS7.8AI score0.4343EPSS
Exploits3References1
Zero Day Initiative
Zero Day Initiative
added 2026/06/09 12:0 a.m.15 views

Progress Software Kemp LoadMaster apiuser Uninitialized Memory Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the apiuser parameter provided to the accessv2 endpoin...

9.8CVSS7.8AI score0.4343EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:10 p.m.22 views

CVE-2026-8037

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints...

9.8CVSS6.1AI score0.4343EPSS
Exploits3References1
NVD
NVD
added 2026/06/04 2:16 p.m.48 views

CVE-2026-8037

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints...

9.8CVSS0.4343EPSS
Exploits3References2
ATTACKERKB
ATTACKERKB
added 2026/06/04 1:13 p.m.15 views

CVE-2026-8037

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints...

9.6CVSS6.1AI score0.4343EPSS
Exploits3References2Affected Software4
Vulnrichment
Vulnrichment
added 2026/06/04 1:13 p.m.22 views

CVE-2026-8037 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints...

9.6CVSS8AI score0.4343EPSS
Exploits3References1
EUVD
EUVD
added 2026/06/04 1:13 p.m.15 views

EUVD-2026-34260

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints...

9.6CVSS6.1AI score0.4343EPSS
Exploits3References1
Cvelist
Cvelist
added 2026/06/04 1:13 p.m.45 views

CVE-2026-8037 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints...

9.6CVSS0.4343EPSS
Exploits3References1
CVE
CVE
added 2026/06/04 1:13 p.m.168 views

CVE-2026-8037

Progress ADC LoadMaster (Progress Kemp LoadMaster) is affected by an OS Command Injection vulnerability (CVE-2026-8037) that allows unauthenticated remote code execution via unsanitized input on multiple API endpoints. A detailed analysis in PT-2026-46231 attributes the root cause to a two-bug ch...

9.8CVSS6.1AI score0.4343EPSS
In wildExploits3References2Affected Software3
CNNVD
CNNVD
added 2026/06/04 12:0 a.m.11 views

Progress Software多款产品 命令注入漏洞

Progress Software MOVEit is a product of the American company Progress Software. Progress Software MOVEit is a secure file transfer software. Progress Software LoadMaster is a series of application delivery controllers and load balancing products. Progress Software ECS Connections Manager is a...

9.8CVSS8.1AI score0.4343EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.31 views

PT-2026-46231

Name of the Vulnerable Software and Affected Versions Progress Kemp LoadMaster versions prior to 7.2.63.2 Progress Kemp LoadMaster LTSF versions prior to 7.2.54.17 Progress ECS Connection Manager affected versions not specified Progress Object Scale Connection Manager affected versions not...

9.8CVSS8.2AI score0.4343EPSS
Exploits3References50
Zero Day Initiative
Zero Day Initiative
added 2026/05/21 12:0 a.m.26 views

Progress Software Kemp LoadMaster ssodomain_killsession Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the key parameter. The issue results from the lack of prop...

8.8CVSS6.2AI score0.0252EPSS
Exploits0References1
Zero Day Initiative
Zero Day Initiative
added 2026/05/21 12:0 a.m.13 views

Progress Software Kemp LoadMaster addcountry Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The specific flaw exists within handling of the customLocation parameter. The issue results from the lack ...

8.8CVSS6.2AI score0.18238EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/22 7:23 a.m.9 views

CVE-2026-3518

OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'killsession' command...

8.4CVSS6.2AI score0.0252EPSS
Exploits0References1
Rows per page
Query Builder