247 CVEs

9 in CISA KEV

progress Vulnerabilities

CVE security advisories and vulnerability history for progress.

247

Total CVEs

Published

9

In CISA KEV

Exploited in the wild

50

Public exploits

With known exploit

7.8

Avg CVSS

2000–2026

Overview

progress has 247 published CVE records since 2000, of which 9 are in CISA's Known Exploited Vulnerabilities catalog and 50 have a known public exploit. The average CVSS base score across scored CVEs is 7.8.

This page aggregates every publicly disclosed vulnerability (CVE) affecting progress products, with severity breakdowns, the most-affected products, the most common weakness types, and the latest disclosures.

Severity and exploitation

How the CVSS severity of progress's CVEs breaks down, plus how many are exploited in the wild or have public exploit code.

Critical35

High89

Medium36

Low1

86 additional CVEs have no CVSS severity score.

In CISA’s Known Exploited Vulnerabilities catalog

9

9 of progress's CVEs are confirmed exploited in the wild.

Public exploits

50

50 of progress's CVEs have a known public exploit available.

Most affected products

The progress products with the most published CVEs.

WhatsUp Gold56 CVEs
ws ftp server28 CVEs
MOVEit Transfer26 CVEs
whatsup_gold21 CVEs
LoadMaster20 CVEs
sitefinity19 CVEs
Telerik Reporting15 CVEs
openedge12 CVEs

Common weakness types

The CWE weakness categories most often found in progress CVEs. Follow any weakness for its full explanation.

CNAs that assign these CVEs

The CVE Numbering Authorities that publish progress CVE records.

Disclosure activity by year

How many progress CVEs were published each year.

2019

7

2020

4

2021

6

2022

8

2023

37

2024

80

2025

26

2026

21

Latest progress CVEs

The most recently disclosed vulnerabilities affecting progress.

Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation
CWE-770
Medium · CVSS 4.3
EPSS 0.2%2026-05-20
Incorrect default permissions vulnerability in Progress Software MOVEit Automation
CWE-276
Medium · CVSS 6.5
EPSS 0.1%2026-05-20
Allocation of resources without limits or throttling vulnerability in Progress Software MOVEit Automation
CWE-770
Medium · CVSS 5.3
EPSS 0.2%2026-05-20
Uncontrolled Memory Allocation vulnerability in Progress Software MOVEit Automation
CWE-789
Medium · CVSS 5.9
EPSS 0.0%2026-05-20
Improper Access Control Vulnerability in Progress MOVEit Automation
CWE-20
High · CVSS 7.7
EPSS 0.1%2026-04-30
Improper Authentication vulnerability in Progress MOVEit Automation
CWE-305
Critical · CVSS 9.8
EPSS 0.2%2026-04-30
Deserialization of Untrusted Data Vulnerability in Telerik UI for ASP.NET AJAX
CWE-502
High · CVSS 8.1
EPSS 0.0%2026-04-22
Uncontrolled Resource Consumption Vulnerability in Telerik UI for ASP.NET AJAX
CWE-400
High · CVSS 7.5
EPSS 0.1%2026-04-22
OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF
CWE-77
High · CVSS 8.4
EPSS 0.0%2026-04-20
OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF
CWE-77
High · CVSS 8.4
EPSS 0.0%2026-04-20
OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF
CWE-77
High · CVSS 8.4
EPSS 0.2%2026-04-20
OS Command Injection Remote Code Execution Vulnerability in Progress LoadMaster, ECS Connection Manager, Object Scale Connection Manager & MOVEit WAF
CWE-77
High · CVSS 8.4
EPSS 0.3%2026-04-20

Track new progress CVEs as they are disclosed and get AI-written analysis and remediation guidance.

Monitor progress CVEs

Other vendors

Browse vulnerabilities for other tracked vendors.

artifex259 CVEs org.jenkins-ci.main258 CVEs Elastic252 CVEs ABB250 CVEs samba248 CVEs SonicWall246 CVEs wikimedia245 CVEs vim236 CVEs

Browse all vendors

Frequently asked questions

Common questions about progress vulnerabilities.

How many CVEs does progress have?

progress has 247 published CVE records since 2000, including 47 in the last two years.

How many progress CVEs are in CISA KEV?

Yes — 9 of progress's CVEs are listed in CISA's Known Exploited Vulnerabilities catalog, confirmed exploited in the wild and carrying a CISA remediation deadline.

Which progress products have the most CVEs?

The progress products with the most published CVEs are WhatsUp Gold, ws ftp server, MOVEit Transfer, whatsup_gold, LoadMaster.

What are the most common weakness types in progress CVEs?

progress's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-89 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')), CWE-20 (Improper Input Validation), CWE-502 (Deserialization of Untrusted Data).

Are there public exploits for progress vulnerabilities?

Yes — 50 of progress's CVEs have a known public exploit.

How many critical progress vulnerabilities are there?

progress has 35 critical and 89 high-severity CVEs.

What is the average severity of progress CVEs?

The average CVSS base score across progress's scored CVEs is 7.8.

References

Vulnerability data is sourced from the CVE Program; severity, KEV, and exploit signals are aggregated by RadicalNotion.AI.

Track progress vulnerabilities

Monitor new progress vulnerabilities as they are disclosed, with AI-written analysis and remediation guidance.

Start free See pricing