Lucene search
K

14 matches found

NVD
NVD
added 2026/04/07 3:17 p.m.9 views

CVE-2026-5378

An issue that allowed administrators to create and update users outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N 5.8 Medium. This issue was fix...

6.8CVSS0.00191EPSS
Exploits0References2
NVD
NVD
added 2026/04/07 3:17 p.m.4 views

CVE-2026-5379

An issue that allowed MCP agents to access certificate information from outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N 3.0 Low. This issue wa...

3CVSS0.00118EPSS
Exploits0References2
NVD
NVD
added 2026/04/07 3:17 p.m.5 views

CVE-2026-5376

An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an instance of CWE-613: Insufficient Control of Resources After Expiration or Release, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N...

5.9CVSS0.00212EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/04/07 2:11 p.m.19 views

CVE-2026-5379 runZero Platform MCP certification information leak

An issue that allowed MCP agents to access certificate information from outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N 3.0 Low. This issue wa...

3CVSS0.00118EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/07 2:11 p.m.1 views

CVE-2026-5379

An issue that allowed MCP agents to access certificate information from outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N 3.0 Low. This issue wa...

3CVSS5.8AI score0.00118EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/04/07 2:11 p.m.19 views

CVE-2026-5378 runZero Platform user creation leak

An issue that allowed administrators to create and update users outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N 5.8 Medium. This issue was fix...

5.8CVSS0.00191EPSS
Exploits0References2
CVE
CVE
added 2026/04/07 2:11 p.m.16 views

CVE-2026-5378

The CVE-2026-5378 issue affects the runZero Platform. Affected component: user management functionality in the RunZero platform. Description indicates an Incorrect Authorization flaw that allowed administrators to create and update users outside of their authorized organization scope. Root cause ...

6.8CVSS5.8AI score0.00191EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/07 2:11 p.m.19 views

CVE-2026-5376 runZero Platform session timeout failure

An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an instance of CWE-613: Insufficient Control of Resources After Expiration or Release, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N...

5.9CVSS0.00212EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.9 views

runZero Platform 安全漏洞

RunZero Platform is an asset discovery and attack surface management platform developed by the US company RunZero. Versions of RunZero Platform prior to 4.0.260203.0 contained security vulnerabilities. These vulnerabilities were caused by resource expiration or insufficient control after resource...

5.9CVSS5.8AI score0.00212EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.4 views

PT-2026-30838

An issue that could allow a user with access to a credential to view sensitive fields through an API response has been resolved. This is an instance of CWE-200: Exposure of Sensitive Information to an Unauthorized Actor, and has an estimated CVSS score of...

2.7CVSS5.8AI score0.002EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.5 views

PT-2026-30872

An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an instance of CWE-613: Insufficient Control of Resources After Expiration or Release, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N...

5.9CVSS5.8AI score0.00212EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.13 views

PT-2026-30873

An issue that allowed administrators to create and update users outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N 5.8 Medium. This issue was fix...

5.8CVSS5.8AI score0.00191EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.13 views

runZero Platform 安全漏洞

RunZero Platform is an asset discovery and attack surface management platform developed by the US company RunZero. Versions of RunZero Platform prior to 4.0.260203.0 contained security vulnerabilities. These vulnerabilities were due to improper authorization, which could allow administrators to...

6.8CVSS5.8AI score0.00191EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.7 views

PT-2026-30874

Name of the Vulnerable Software and Affected Versions runZero Platform versions prior to 4.0.260203.0 Description A flaw allowed MCP agents to access certificate information beyond their authorized organizational boundaries. This is categorized as CWE-863: Incorrect Authorization. Recommendations...

3CVSS5.8AI score0.00118EPSS
Exploits0References6
Rows per page
Query Builder