255 matches found
Kemp LoadMaster Load Balancer - Unauthenticated Command Injection
Improper Input Validation vulnerability in Progress LoadMaster allows OS Command Injection.This issue affects: LoadMaster: 7.2.40.0 and above. ECS: All versions.Multi-Tenancy: 7.1.35.4 and above. id: CVE-2024-7591 info: name: Kemp LoadMaster Load Balancer - Unauthenticated Command Injection autho...
Progress ADC LoadMaster - Command Injection
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints id: CVE-2026-8037 info: name: Progress ADC LoadMaste...
Progress LoadMaster API command injection
Added: 07/02/2026 CVE: CVE-2026-8037 Background LoadMaster is delivery and security application with cloud-native, virtual and hardware load balancers. Problem A command injection vulnerability allows remote attackers to execute arbitrary code by sending a specially crafted API request. Resolutio...
Progress Kemp LoadMaster Flaw Could Let Attackers Run Root Commands Pre-Auth
A critical vulnerability in Progress Kemp LoadMaster can let an unauthenticated attacker execute arbitrary commands as root on the appliance by sending a crafted request to its API. The flaw, tracked as CVE-2026-8037 , carries a CVSS score of 9.8 according to ZDI. A patch is available. If you run...
Progress Kemp LoadMaster - Command Injection
Unauthenticated remote attackers can access the system through the LoadMaster management interface, enabling arbitrary system command execution. id: CVE-2024-1212 info: name: Progress Kemp LoadMaster - Command Injection author: DhiyaneshDK severity: critical description: | Unauthenticated remote...
Progress Software Kemp LoadMaster dolistapikeys Uninitialized Memory Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The specific flaw exists within the dolistapikeys method. The issue results from the lack of proper...
Progress Software Kemp LoadMaster dodelapikey Uninitialized Memory Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The specific flaw exists within the dodelapikey method. The issue results from the lack of proper...
Progress Software Kemp LoadMaster apiuser Uninitialized Memory Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the apiuser parameter provided to the accessv2 endpoin...
CVE-2026-8037
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints...
CVE-2026-8037
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints...
CVE-2026-8037
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints...
CVE-2026-8037 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints...
EUVD-2026-34260
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints...
CVE-2026-8037 OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an un-authenticated attacker to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in multiple command endpoints...
CVE-2026-8037
Progress ADC LoadMaster (Progress Kemp LoadMaster) is affected by an OS Command Injection vulnerability (CVE-2026-8037) that allows unauthenticated remote code execution via unsanitized input on multiple API endpoints. A detailed analysis in PT-2026-46231 attributes the root cause to a two-bug ch...
Progress Software多款产品 命令注入漏洞
Progress Software MOVEit is a product of the American company Progress Software. Progress Software MOVEit is a secure file transfer software. Progress Software LoadMaster is a series of application delivery controllers and load balancing products. Progress Software ECS Connections Manager is a...
PT-2026-46231
Name of the Vulnerable Software and Affected Versions Progress Kemp LoadMaster versions prior to 7.2.63.2 Progress Kemp LoadMaster LTSF versions prior to 7.2.54.17 Progress ECS Connection Manager affected versions not specified Progress Object Scale Connection Manager affected versions not...
Progress Software Kemp LoadMaster ssodomain_killsession Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the key parameter. The issue results from the lack of prop...
Progress Software Kemp LoadMaster addcountry Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software Kemp LoadMaster. Authentication is required to exploit this vulnerability. The specific flaw exists within handling of the customLocation parameter. The issue results from the lack ...
CVE-2026-3518
OS Command Injection Remote Code Execution Vulnerability in API in Progress ADC Products allows an authenticated attacker with “All” permissions to execute arbitrary commands on the LoadMaster appliance by exploiting unsanitized input in the 'killsession' command...