CVE-2022-24977

ImpressCMS before 1.4.2 allows unauthenticated remote code execution via ...../// directory traversal in origName or imageName, leading to unsafe interaction with the CKEditor processImage.php script. The payload may be placed in PHPSESSIONUPLOADPROGRESS when the PHP installation supports...

CVE-2021-38159

In certain Progress MOVEit Transfer versions before 2021.0.4 aka 13.0.4, SQL injection in the MOVEit Transfer web application could allow an unauthenticated remote attacker to gain access to the database. Depending on the database engine being used MySQL, Microsoft SQL Server, or Azure SQL, an...

CVE-2020-12677

An issue was discovered in Progress MOVEit Automation Web Admin. A Web Admin application endpoint failed to adequately sanitize malicious input, which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser, aka XSS. This affects 2018 - 2018.0 prior to 2018.0.3, 20...

CVE-2020-11157

u'Lack of handling unexpected control messages while encryption was in progress can terminate the connection and thus leading to a DoS' in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile,...

CVE-2020-11414

An issue was discovered in Progress Telerik UI for Silverlight before 2020.1.330. The RadUploadHandler class in RadUpload for Silverlight expects a web request that provides the file location of the uploading file along with a few other parameters. The uploading file location should be inside the...

CVE-2019-17392

Progress Sitefinity 12.1 has a Weak Password Recovery Mechanism for a Forgotten Password because the HTTP Host header is mishandled...

CVE-2019-7215

Progress Sitefinity 10.1.6536 does not invalidate session cookies upon logouts. It instead tries to overwrite the cookie in the browser, but it remains valid on the server side. This means the cookie can be reused to maintain access to the account, even if the account credentials and permissions...

CVE-2005-4841

The Outlook Progress Ctl control allows remote attackers to cause a denial of service Internet Explorer crash by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer...

CVE-2024-33939

Authentication Bypass Using an Alternate Path or Channel vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through = 1.7.3...

CVE-2024-33939

Authentication Bypass Using an Alternate Path or Channel vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through = 1.7.3...

CVE-2024-33939

Authentication Bypass Using an Alternate Path or Channel vulnerability in Masteriyo Masteriyo - LMS. Unauth access to course progress.This issue affects Masteriyo - LMS: from n/a through 1.7.3...

WordPress plugin Masteriyo - LMS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

PT-2025-21998

Name of the Vulnerable Software and Affected Versions: Masteriyo - LMS versions 1.7.3 and earlier Description: The issue is related to an Authentication Bypass Using an Alternate Path or Channel, allowing unauthorized access to course progress. Recommendations: For Masteriyo - LMS versions 1.7.3...

Nonmalleable Progress Leakage

Information-flow control systems often enforce progress-insensitive noninterference, as it is simple to understand and enforce. Unfortunately, real programs need to declassify results and endorse inputs, which noninterference disallows, while preventing attackers from controlling leakage, includi...

Progress Telerik UI 资源管理错误漏洞

Progress Telerik UI is a suite of UI user interface controls for application development from Progress, Inc. A security vulnerability exists in Progress Telerik UI versions 2011.2.712 through 2025.1.218, which stems from insecure reflection that could lead to unhandled exceptions, which in turn...

Kudzu: Fast and Simple High-Throughput BFT

We present Kudzu, a high-throughput atomic broadcast protocol with an integrated fast path. Our contribution is based on the combination of two lines of work. Firstly, our protocol achieves finality in just two rounds of communication if all but $p$ out of $n = 3f + 2p + 1$ participating replicas...

CVE-2025-47441

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Reynolds Progress Bar progress-bar allows Stored XSS.This issue affects Progress Bar: from n/a through = 2.2.3...

CVE-2025-47441

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Reynolds Progress Bar progress-bar allows Stored XSS.This issue affects Progress Bar: from n/a through = 2.2.3...

CVE-2025-47441

CVE-2025-47441 describes a stored XSS in WordPress Progress Bar (

CVE-2025-47441 WordPress Progress Bar plugin <= 2.2.3 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Chris Reynolds Progress Bar progress-bar allows Stored XSS.This issue affects Progress Bar: from n/a through = 2.2.3...