Cisco, Hitachi, Microsoft, and Progress Flaws Actively Exploited—CISA Sounds Alarm

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Monday added five security flaws impacting software from Cisco, Hitachi Vantara, Microsoft Windows, and Progress WhatsUp Gold to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The list of...

CISA Adds Five Known Exploited Vulnerabilities to Catalog

CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-20118link is external Cisco Small Business RV Series Routers Command Injection Vulnerability CVE-2022-43939link is external Hitachi Vantara Pentaho BA Server...

CVE-2025-27416

Scratch-Coding-Hut.github.io is the website for Coding Hut. The website as of 28 February 2025 contained a sign in with scratch username and password form. Any user who used the sign in page would be susceptible to any other user signing into their account. As of time of publication, a fix is not...

CVE-2025-27416 Asking For Scratch Username And Password

Scratch-Coding-Hut.github.io is the website for Coding Hut. The website as of 28 February 2025 contained a sign in with scratch username and password form. Any user who used the sign in page would be susceptible to any other user signing into their account. As of time of publication, a fix is not...

Progress Telerik Reporting < 2025 Q1 (19.0.25.211) Information Disclosure

The version of Progress Telerik Reporting installed on the remote Windows host is prior or equal to 2025 QA 19.0.25.211. It is, therefore, affected by an information disclosure vulnerability. Information disclosure is possible by a local threat actor through an absolute path vulnerability. Note...

CVE-2025-0332 Progress UI for WinForms decompression path traversal vulnerability

In Progress® Telerik® UI for WinForms, versions prior to 2025 Q1 2025.1.211, using the improper limitation of a target path can lead to decompressing an archive's content into a restricted directory...

CVE-2025-0332 Progress UI for WinForms decompression path traversal vulnerability

In Progress® Telerik® UI for WinForms, versions prior to 2025 Q1 2025.1.211, using the improper limitation of a target path can lead to decompressing an archive's content into a restricted directory...

Progress Telerik UI 路径遍历漏洞

Progress Telerik UI is a suite of UI user interface controls for application development from Progress, Inc. A path traversal vulnerability exists in Progress Telerik UI prior to version 2025 Q1, which stems from the fact that the use of improper destination path restrictions could result in the...

Progress Telerik UI 命令注入漏洞

Progress Telerik UI is a suite of UI user interface controls for application development from Progress, Inc. A command injection vulnerability exists in Progress Telerik UI prior to version 2025 Q1, which stems from a command injection attack that can be performed by incorrectly neutralizing...

Progress Telerik UI 安全漏洞

Progress Telerik UI is a suite of UI user interface controls for application development from Progress, Inc. A security vulnerability exists in Progress Telerik UI that stems from an attacker being able to introduce or modify properties in the global prototype chain, which could result in a denia...

Progress Telerik Document Processing Libraries 安全漏洞

Progress Telerik Document Processing Libraries is a document processing library from Progress USA. A security vulnerability exists in Progress Telerik Document Processing Libraries prior to version 2025 Q1, which originates from the ability to export the contents of a file in an arbitrary path to...

PT-2025-6792 · Progress · Progress Telerik Report Server

Name of the Vulnerable Software and Affected Versions: In Progress Telerik Report Server versions prior to 2025 Q1 11.0.25.211 Description: The issue concerns the communication of non-sensitive information between the service agent process and app host process in In Progress Telerik Report Server...

Progress Telerik Reporting 安全漏洞

Progress Telerik Reporting is a .NET report embedding tool from Progress, Inc. that enables the creation, design, export, and integration of reports in cloud-based, web and applications. A security vulnerability exists in Progress Telerik Reporting prior to version 2025 Q1, which stems from a loc...

Progress Software Patches High-Severity LoadMaster Flaws Affecting Multiple Versions

Progress Software has addressed multiple high-severity security flaws in its LoadMaster software that could be exploited by malicious actors to execute arbitrary system commands or download any file from the system. Kemp LoadMaster is a high-performance application delivery controller ADC and loa...

CVE-2024-56133

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 inclusive From 7.2.49.0 to 7.2.54.12 inclusive 7.2.48.12 and all prior versions ECS All prior...

CVE-2024-56135

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 inclusive From 7.2.49.0 to 7.2.54.12 inclusive 7.2.48.12 and all prior versions ECS All prior...

CVE-2024-56131

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 inclusive From 7.2.49.0 to 7.2.54.12 inclusive 7.2.48.12 and all prior versions Multi-Tenant...

CVE-2024-56135 Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 inclusive From 7.2.49.0 to 7.2.54.12 inclusive 7.2.48.12 and all prior versions ECS All prior...

CVE-2024-56135

Progress LoadMaster contains an Improper Input Validation vulnerability (CVE-2024-56135) affecting multiple LoadMaster versions from 7.2.48.12 and earlier, 7.2.49.0–7.2.54.12, and 7.2.55.0–7.2.60.1 (inclusive), with fixes in 7.2.54.13 (LTSF) and 7.2.61.0 (GA). The issue allows an authenticated us...

CVE-2024-56135 Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection.

Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows : OS Command Injection. This issue affects: Product Affected Versions LoadMaster From 7.2.55.0 to 7.2.60.1 inclusive From 7.2.49.0 to 7.2.54.12 inclusive 7.2.48.12 and all prior versions ECS All prior...