CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/04/07 2:10 p.m.•0 views

CVE-2026-5372 runZero Platform SQL injection in saved queries

An issue that allowed a SQL injection attack vector related to saved queries introduced in version 4.0.260123.0. This is an instance of CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', and has an estimated CVSS score of...

Cvelist•added 2026/04/07 2:10 p.m.•15 views

CVE-2026-5372 runZero Platform SQL injection in saved queries

6.4CVSS0.00038EPSS

ATTACKERKB•added 2026/04/07 2:10 p.m.•1 views

CVE-2026-5372

Exploits0References3Affected Software1

CVE•added 2026/04/07 2:10 p.m.•4 views

CVE-2026-5372

CVE-2026-5372 describes a SQL injection in saved queries affecting the runZero Platform introduced in version 4.0.260123.0 and fixed in 4.0.260123.1. The issue is categorized as CWE-89 with CVSSv3.1 parameters: AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H, indicating network access required, high attack c...

Exploits0References2Affected Software1

Positive Technologies•added 2026/04/07 12:0 a.m.•1 views

PT-2026-30875

An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved. This is an instance of CWE-522: Insufficiently Protected Credentials, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N 5.3...

5.3CVSS5.8AI score0.00039EPSS

runZero Platform 安全漏洞

runZero Platform is an asset discovery and attack surface management platform developed by the US company runZero. Versions of runZero Platform prior to 4.0.26021.0 contain security vulnerabilities. These vulnerabilities stem from improper authorization, which may lead to unauthorized updates of...

6.4CVSS5.8AI score0.00038EPSS

runZero Platform 安全漏洞

runZero Platform is an asset discovery and attack surface management platform developed by the US company runZero. There is a security vulnerability in the version 4.0.260123.0 of runZero Platform, which stems from improper handling of special elements related to query storage. This vulnerability...

4.4CVSS5.8AI score0.00061EPSS

runZero Platform 安全漏洞

RunZero Platform is an asset discovery and attack surface management platform developed by the US company RunZero. Versions of RunZero Platform prior to 4.0.260208.0 contained security vulnerabilities. These vulnerabilities were due to improper authorization, which could lead to unauthorized acce...

Positive Technologies•added 2026/04/07 12:0 a.m.•0 views

PT-2026-30876

An issue that could expose task information outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N 2.2 Low. This issue was fixed in version 4.0.260205....

2.2CVSS5.8AI score0.00043EPSS

Positive Technologies•added 2026/04/07 12:0 a.m.•0 views

PT-2026-30835

Positive Technologies•added 2026/04/07 12:0 a.m.•0 views

Exploits0References5

PT-2026-30837

An issue that allowed MCP agents to access remediation and asset information from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. Th...

Positive Technologies•added 2026/04/07 12:0 a.m.•0 views

Exploits0References5

PT-2026-30879

An issue that could allow a credential to be updated and used for a task from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. This...

2.2CVSS5.8AI score0.00043EPSS

runZero Platform 安全漏洞

RunZero Platform is an asset discovery and attack surface management platform developed by the US company RunZero. Versions of RunZero Platform prior to 4.0.260205.0 contained security vulnerabilities. These vulnerabilities were due to improper authorization, which could lead to unauthorized...

5.9CVSS5.8AI score0.00048EPSS

runZero Platform 安全漏洞

RunZero Platform is an asset discovery and attack surface management platform developed by the US company RunZero. Versions of RunZero Platform prior to 4.0.260203.0 contained security vulnerabilities. These vulnerabilities were caused by resource expiration or insufficient control after resource...

CNNVD•added 2026/04/07 12:0 a.m.•3 views

runZero Platform 安全漏洞

runZero Platform is an asset discovery and attack surface management platform developed by the US company runZero. Versions of runZero Platform prior to 4.0.260206.0 contained security vulnerabilities. These vulnerabilities were due to improper authorization, which could lead to unauthorized...

3CVSS5.8AI score0.00043EPSS

5.3CVSS5.8AI score0.00039EPSS

runZero Platform 安全漏洞

runZero Platform is an asset discovery and attack surface management platform developed by the US company runZero. Versions of runZero Platform prior to 4.0.260204.2 contained security vulnerabilities. These vulnerabilities were due to insufficient credential protection, which could allow...

Positive Technologies•added 2026/04/07 12:0 a.m.•1 views

PT-2026-30877

An issue that could expose records outside of the authorized organization scope through the MCP endpoints has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N 3.0 Low. This issue was fixed in...

3CVSS5.8AI score0.00043EPSS

CNNVD•added 2026/04/07 12:0 a.m.•3 views

runZero Platform 安全漏洞

RunZero Platform is an asset discovery and attack surface management platform developed by the US company RunZero. Versions of RunZero Platform prior to 4.0.260202.0 contained security vulnerabilities. These vulnerabilities were due to improper authorization, which could lead to unauthorized acce...