These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
CVE-2024-4885 is a path traversal vulnerability in Progress WhatsUp Gold that CISA added to the Known Exploited Vulnerabilities catalog on 2025-03-03. Because it is already tracked as known exploited, organizations should treat it as an urgent remediation item and follow vendor guidance without delay.
CVE-2024-1212 is a Progress Kemp LoadMaster OS command injection vulnerability that CISA added to its Known Exploited Vulnerabilities catalog on 2024-11-18. Because it is KEV-listed, defenders should treat Kemp LoadMaster deployments as a priority and follow vendor mitigation guidance promptly.
CVE-2024-6670 is a SQL injection vulnerability in Progress WhatsUp Gold that CISA lists in the Known Exploited Vulnerabilities catalog. CISA also notes known ransomware campaign use, which makes this a time-sensitive issue for any organization running the product. Follow vendor mitigation guidance immediately, or discontinue use if mitigations are not available.
CVE-2024-4358 affects Progress Telerik Report Server and is described as an authentication bypass by spoofing issue. CISA added it to the Known Exploited Vulnerabilities catalog on 2024-06-13, which means it is considered actively exploited. The safest defensive response is to follow vendor mitigation guidance immediately; if mitigations are unavailable, CISA advises discontinuing use of the product.
CVE-2023-40044 is a Progress WS_FTP Server deserialization of untrusted data issue that CISA added to its Known Exploited Vulnerabilities catalog on 2023-10-05. Because it is listed as known exploited and marked for known ransomware campaign use, organizations should treat it as a high-priority remediation item and follow vendor guidance immediately.
CVE-2023-34362 is a SQL injection vulnerability in Progress MOVEit Transfer. CISA added it to the Known Exploited Vulnerabilities catalog on the same date it was published and marked it as known exploited, with known ransomware campaign use.
CVE-2019-18935 is a Progress Telerik UI for ASP.NET AJAX vulnerability involving deserialization of untrusted data. CISA has listed it in the Known Exploited Vulnerabilities catalog and marked it as having known ransomware campaign use, which makes it a priority issue for defenders running the affected product.
CVE-2017-9248 is a cryptographic weakness affecting Progress Telerik UI for ASP.NET AJAX and Sitefinity. CISA lists it in the Known Exploited Vulnerabilities catalog, which means it has been observed in active exploitation and should be treated as a priority remediation item. The source corpus directs organizations to apply updates per vendor instructions.