ProgressSoftware
CVE Numbering Authority
Latest CVE published
Overview
ProgressSoftware is a CVE Numbering Authority that has published 150 CVE records since 2023. It is currently classified as active, with 122 CVEs published in the last two years. Its CVE data quality is graded A (99.7% overall completeness).
Among the 370 CNAs tracked here, ProgressSoftware ranks #104 by CVE volume and reports more complete records than 57% of all CNAs.
Data quality report card
How complete and consistent ProgressSoftware's CVE records are, scored across vendor, product, CVSS, and CWE coverage.
A CVE record only requires a description to be published. “Completeness” measures how often ProgressSoftware also fills in the optional — but extremely useful — fields that make a vulnerability actually actionable: the affected vendor and product, a CVSS severity score, and a CWE weakness type. A higher score means more of this CNA’s CVEs include those details, so defenders spend less time enriching records by hand.
Report card grade
99.7%
Overall score
What these scores mean
- Vendor completeness
- The share of this CNA's CVEs that name an affected vendor.
- Product completeness
- The share that name a specific affected product.
- CVSS completeness
- The share that include a CVSS severity score.
- CWE completeness
- The share mapped to a CWE weakness type.
- Update rate
- How often this CNA revises CVE records after first publishing them.
- Vendor diversity
- How many distinct vendors this CNA publishes CVEs for.
Severity and exploitation
How the CVSS severity of ProgressSoftware's published CVEs breaks down, and how many are known to be exploited in the wild.
In CISA’s Known Exploited Vulnerabilities catalog
5
5 of ProgressSoftware's CVEs are confirmed exploited in the wild and carry a CISA remediation deadline.
Common weakness types
The CWE weakness categories ProgressSoftware most often assigns to its CVEs. Follow any weakness to its full explanation.
- CWE-79Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')18 CVEs
- CWE-89Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')13 CVEs
- CWE-502Deserialization of Untrusted Data13 CVEs
- CWE-20Improper Input Validation11 CVEs
- CWE-77Improper Neutralization of Special Elements used in a Command ('Command Injection')10 CVEs
- CWE-78Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')9 CVEs
- CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')8 CVEs
- CWE-287Improper Authentication7 CVEs
Publishing activity by year
How many CVEs ProgressSoftware has published each year.
Top vendors
The vendors ProgressSoftware publishes the most CVEs for.
- Progress187 CVEs
- kemptechnologies8 CVEs
- telerik7 CVEs
- chef4 CVEs
- linux4 CVEs
- Progress Chef2 CVEs
- inspec2 CVEs
- microsoft1 CVEs
Top products
The products ProgressSoftware publishes the most CVEs for.
- WhatsUp Gold37 CVEs
- LoadMaster21 CVEs
- MOVEit Transfer21 CVEs
- Telerik Reporting16 CVEs
- Sitefinity13 CVEs
- WS_FTP Server12 CVEs
- Telerik Report Server11 CVEs
- OpenEdge9 CVEs
Latest CVEs
The most recent CVEs assigned by ProgressSoftware.
- CVE-2026-8801CWE-46
File Extension Restriction Bypass in MOVEit Transfer
Critical · CVSS 9.8EPSS 0.3%2026-07-08 - CVE-2026-8800CWE-863
Cross-Org External Token Metadata accessible to AuditUser role
High · CVSS 8.8EPSS 0.2%2026-07-08 - CVE-2026-8651CWE-290
IPv6 Loopback Spoof via Trusted Host Header Bypasses Origin Check in MOVEit Transfer
High · CVSS 7.5EPSS 0.2%2026-07-08 - CVE-2026-8650CWE-23
Authenticated Path Traversal allows MOVEit admins to view arbitrary system files
High · CVSS 7.5EPSS 0.4%2026-07-08 - CVE-2026-8649CWE-943
Institution scope bypass vulnerability in custom reports
Critical · CVSS 9.8EPSS 0.2%2026-07-08 - CVE-2026-11903CWE-79
Stored XSS in MOVEit Transfer Ad Hoc module
High · CVSS 8.0EPSS 0.2%2026-07-08 - CVE-2026-10699CWE-401
Memory leak in SFTP service can result in a denial of service in MOVEit Transfer
High · CVSS 7.5EPSS 0.3%2026-07-08 - CVE-2026-10698CWE-943
Table scope bypass vulnerability in custom reports
High · CVSS 7.2EPSS 0.4%2026-07-08 - CVE-2026-8079CWE-863
Unintended limited set of actions with elevated privileges may be performed during PDF generation in Progress Flowmon
High · CVSS 8.7EPSS 0.2%2026-07-02 - CVE-2026-9272CWE-89
Possibility of unintended database operations when querying data related to detected anomalies in Progress Flowmon ADS
High · CVSS 8.7EPSS 0.2%2026-07-02 - CVE-2026-8668CWE-523
Hardcoded credentials in embedded content
Low · CVSS 2.3EPSS 0.2%2026-06-18 - CVE-2026-8100CWE-23High · CVSS 8.6EPSS 0.4%2026-06-18
Track new ProgressSoftware CVEs as they are published and get AI-written analysis and remediation guidance.
Monitor ProgressSoftware CVEsOther CNAs
Compare data quality across other CVE Numbering Authorities.
Frequently asked questions
Common questions about the ProgressSoftware CNA.
- What is the ProgressSoftware CNA?
- ProgressSoftware is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 150 CVE records since 2023.
- How many CVEs has ProgressSoftware published?
- ProgressSoftware has published 150 CVE records, including 122 in the last two years.
- What is ProgressSoftware's CVE data quality grade?
- RadicalNotion.AI grades ProgressSoftware's CVE data quality as A, with an overall completeness score of 99.7%. This reflects how consistently its CVE records include vendor (100%), product (100%), CVSS (100%), and CWE (98.7%) information.
- What products does ProgressSoftware publish CVEs for?
- ProgressSoftware most frequently publishes CVEs for WhatsUp Gold, LoadMaster, MOVEit Transfer, Telerik Reporting, Sitefinity.
- Which vendors does ProgressSoftware cover?
- ProgressSoftware publishes CVEs across 7 distinct vendors, most often Progress, kemptechnologies, telerik, chef, linux.
- Is ProgressSoftware actively publishing CVEs?
- ProgressSoftware is currently active, based on 122 CVEs in the last two years.
- What is the average severity of ProgressSoftware's CVEs?
- The average CVSS base score across ProgressSoftware's scored CVEs is 7.8.
- How many critical CVEs has ProgressSoftware published?
- ProgressSoftware has published 44 critical-severity CVEs and 120 high-severity CVEs.
- Are any of ProgressSoftware's CVEs in CISA's Known Exploited Vulnerabilities catalog?
- Yes. 5 of ProgressSoftware's CVEs are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog, meaning they are confirmed to be exploited in the wild.
- What are the most common weakness types in ProgressSoftware's CVEs?
- ProgressSoftware's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')), CWE-502 (Deserialization of Untrusted Data), CWE-20 (Improper Input Validation).
- How does ProgressSoftware rank among CNAs?
- By total CVE volume, ProgressSoftware ranks #104 of 370 CNAs, and it reports more complete CVE records than 57% of all CNAs.
References
- Official CVE.org list of CNA partners (opens in a new tab)
- Learn: What is a CNA?
- CWE directory: the weakness types this CNA maps its CVEs to
CNA report-card grades are computed by RadicalNotion.AI from published CVE records. CVE data is sourced from the CVE Program.
Track ProgressSoftware CVEs
Monitor new vulnerabilities as this CNA publishes them, with AI-written analysis and remediation guidance.