CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2026/04/07 3:17 p.m.•2 views

CVE-2026-5378

An issue that allowed administrators to create and update users outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N 5.8 Medium. This issue was fix...

6.8CVSS0.00045EPSS

NVD•added 2026/04/07 3:17 p.m.•1 views

CVE-2026-5376

An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an instance of CWE-613: Insufficient Control of Resources After Expiration or Release, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N...

5.9CVSS0.00048EPSS

NVD•added 2026/04/07 3:17 p.m.•0 views

CVE-2026-5374

An issue that allowed MCP agents to access remediation and asset information from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. Th...

5.8CVSS0.00048EPSS

NVD•added 2026/04/07 3:17 p.m.•1 views

CVE-2026-5372

An issue that allowed a SQL injection attack vector related to saved queries introduced in version 4.0.260123.0. This is an instance of CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', and has an estimated CVSS score of...

6.4CVSS0.00038EPSS

Cvelist•added 2026/04/07 2:12 p.m.•15 views

CVE-2026-5384 runZero Platform incorrect credential scope

An issue that could allow a credential to be updated and used for a task from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. This...

5.8CVSS0.00048EPSS

ATTACKERKB•added 2026/04/07 2:12 p.m.•0 views

CVE-2026-5384

5.8CVSS5.8AI score0.00048EPSS

Vulnrichment•added 2026/04/07 2:12 p.m.•1 views

CVE-2026-5384 runZero Platform incorrect credential scope

5.8CVSS5.8AI score0.00048EPSS

CVE•added 2026/04/07 2:12 p.m.•2 views

CVE-2026-5384

The CVE-2026-5384 issue affects the runZero Platform, where a credential could be updated and subsequently used for a task outside the authorized organization scope. This is categorized as CWE-863: Incorrect Authorization. The vulnerability is tied to credential handling that allows scope to be b...

5.8CVSS5.8AI score0.00048EPSS

ATTACKERKB•added 2026/04/07 2:12 p.m.•2 views

CVE-2026-5382

An issue that could expose records outside of the authorized organization scope through the MCP endpoints has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N 3.0 Low. This issue was fixed in...

3CVSS5.8AI score0.00043EPSS

Cvelist•added 2026/04/07 2:12 p.m.•16 views

CVE-2026-5382 runZero Platform MCP endpoint information leak

3CVSS0.00043EPSS

CVE•added 2026/04/07 2:12 p.m.•4 views

CVE-2026-5382

The CVE-2026-5382 entry concerns the runZero Platform, specifically the MCP endpoint information leak. The underlying issue is CWE-863 (Incorrect Authorization), allowing records to be exposed outside the authorized organization scope via MCP endpoints. The CVSS v3.1 impact is low (3.0) with vect...

3CVSS5.8AI score0.00043EPSS

ATTACKERKB•added 2026/04/07 2:12 p.m.•0 views

CVE-2026-5381

An issue that could expose task information outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N 2.2 Low. This issue was fixed in version 4.0.260205....

2.2CVSS5.8AI score0.00043EPSS

Vulnrichment•added 2026/04/07 2:12 p.m.•0 views

CVE-2026-5381 runZero Platform task information leak

2.2CVSS5.8AI score0.00043EPSS

Cvelist•added 2026/04/07 2:12 p.m.•20 views

CVE-2026-5381 runZero Platform task information leak

2.2CVSS0.00043EPSS

CVE•added 2026/04/07 2:12 p.m.•5 views

CVE-2026-5381

CVE-2026-5381 concerns the runZero Platform where task information could be exposed outside the authorized organization scope due to an incorrect authorization (CWE-863). The issue carries a CVSS v3.1 base score of 2.2 (LOW), with vector AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N. The vulnerability is m...

2.2CVSS5.8AI score0.00043EPSS

Vulnrichment•added 2026/04/07 2:12 p.m.•0 views

CVE-2026-5380 runZero Platform cleartext secret exposure

An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved. This is an instance of CWE-522: Insufficiently Protected Credentials, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N 5.3...

5.3CVSS5.8AI score0.00039EPSS

CVE•added 2026/04/07 2:12 p.m.•1 views

CVE-2026-5380

CVE-2026-5380 affects the runZero Platform and describes an issue where an authorized user could view clear-text secrets for a subset of credential types and fields (CWE-522: Insufficiently Protected Credentials). The vulnerability is attributed to improper protection of credentials and is rated ...

5.3CVSS5.8AI score0.00039EPSS

Cvelist•added 2026/04/07 2:12 p.m.•19 views

CVE-2026-5380 runZero Platform cleartext secret exposure

5.3CVSS0.00039EPSS

ATTACKERKB•added 2026/04/07 2:11 p.m.•0 views

CVE-2026-5379

3CVSS5.8AI score0.00025EPSS