Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

107 matches found

ATTACKERKB
ATTACKERKBadded 2026/04/07 2:11 p.m.2 views

CVE-2026-5376

An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an instance of CWE-613: Insufficient Control of Resources After Expiration or Release, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N...

5.9CVSS5.8AI score0.00212EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/04/07 2:11 p.m.0 views

CVE-2026-5376 runZero Platform session timeout failure

An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an instance of CWE-613: Insufficient Control of Resources After Expiration or Release, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N...

5.9CVSS5.8AI score0.00212EPSS
Exploits0References2
CVE
CVEadded 2026/04/07 2:11 p.m.5 views

CVE-2026-5376

The CVE-2026-5376 issue affects the runZero Platform where session inactivity timeouts could fail to trigger due to automatic page reloading. Root cause is CWE-613 (Insufficient Control of Resources After Expiration or Release). CVSS v3.1 vector: AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N, base score 5....

5.9CVSS5.8AI score0.00212EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/04/07 2:11 p.m.18 views

CVE-2026-5375 runZero Platform API credential information leak

An issue that could allow a user with access to a credential to view sensitive fields through an API response has been resolved. This is an instance of CWE-200: Exposure of Sensitive Information to an Unauthorized Actor, and has an estimated CVSS score of...

2.7CVSS0.002EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/04/07 2:11 p.m.1 views

CVE-2026-5375 runZero Platform API credential information leak

An issue that could allow a user with access to a credential to view sensitive fields through an API response has been resolved. This is an instance of CWE-200: Exposure of Sensitive Information to an Unauthorized Actor, and has an estimated CVSS score of...

2.7CVSS5.8AI score0.002EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/04/07 2:11 p.m.2 views

CVE-2026-5375

An issue that could allow a user with access to a credential to view sensitive fields through an API response has been resolved. This is an instance of CWE-200: Exposure of Sensitive Information to an Unauthorized Actor, and has an estimated CVSS score of...

2.7CVSS5.8AI score0.002EPSS
Exploits0References3
CVE
CVEadded 2026/04/07 2:11 p.m.6 views

CVE-2026-5375

The CVE describes an API credential information leak in runZero Platform. Affected component: Platform API responses exposing sensitive fields to users with credential access. Root cause: improper exposure of credential data (CWE-200). Impact is described as Low (CVSS 3.1: AV:N/AC:L/PR:H/UI:N/S:U...

2.7CVSS5.8AI score0.002EPSS
Exploits0References2Affected Software1
CVE
CVEadded 2026/04/07 2:10 p.m.7 views

CVE-2026-5374

CVE-2026-5374 affects the runZero Platform MCP component. The issue is due to Incorrect Authorization that allowed MCP agents to access remediation and asset information outside the authorized scope, exposing confidentiality. The CVSS v3.1 vector is AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N with a base...

5.8CVSS5.8AI score0.00208EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/04/07 2:10 p.m.20 views

CVE-2026-5374 runZero Platform MCP information leak

An issue that allowed MCP agents to access remediation and asset information from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. Th...

5.8CVSS0.00208EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/04/07 2:10 p.m.2 views

CVE-2026-5374

An issue that allowed MCP agents to access remediation and asset information from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. Th...

5.8CVSS5.8AI score0.00208EPSS
Exploits0References3
Vulnrichment
Vulnrichmentadded 2026/04/07 2:10 p.m.2 views

CVE-2026-5373 runZero Platform superuser privilege escalation

An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N 8.1 High. This issue was fixed in version...

8.1CVSS5.8AI score0.00221EPSS
Exploits0References2
ATTACKERKB
ATTACKERKBadded 2026/04/07 2:10 p.m.2 views

CVE-2026-5373

An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N 8.1 High. This issue was fixed in version...

8.1CVSS5.8AI score0.00221EPSS
Exploits0References3
CVE
CVEadded 2026/04/07 2:10 p.m.7 views

CVE-2026-5373

The issue affects the runZero Platform and is a privilege-escalation vulnerability (CWE-269) where all-organization administrators could promote accounts to superuser status. Root cause is improper privilege management leading to elevated access. Impact aligns with CVSS v3.1: High (8.1) with no a...

8.4CVSS5.8AI score0.00221EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 2026/04/07 2:10 p.m.17 views

CVE-2026-5373 runZero Platform superuser privilege escalation

An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N 8.1 High. This issue was fixed in version...

8.1CVSS0.00221EPSS
Exploits0References2
Cvelist
Cvelistadded 2026/04/07 2:10 p.m.17 views

CVE-2026-5372 runZero Platform SQL injection in saved queries

An issue that allowed a SQL injection attack vector related to saved queries introduced in version 4.0.260123.0. This is an instance of CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', and has an estimated CVSS score of...

6.4CVSS0.00203EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2026/04/07 2:10 p.m.0 views

CVE-2026-5372 runZero Platform SQL injection in saved queries

An issue that allowed a SQL injection attack vector related to saved queries introduced in version 4.0.260123.0. This is an instance of CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', and has an estimated CVSS score of...

6.4CVSS5.9AI score0.00203EPSS
Exploits0References2
CVE
CVEadded 2026/04/07 2:10 p.m.8 views

CVE-2026-5372

CVE-2026-5372 describes a SQL injection in saved queries affecting the runZero Platform introduced in version 4.0.260123.0 and fixed in 4.0.260123.1. The issue is categorized as CWE-89 with CVSSv3.1 parameters: AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H, indicating network access required, high attack c...

6.4CVSS5.9AI score0.00203EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKBadded 2026/04/07 2:10 p.m.1 views

CVE-2026-5372

An issue that allowed a SQL injection attack vector related to saved queries introduced in version 4.0.260123.0. This is an instance of CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', and has an estimated CVSS score of...

6.4CVSS5.9AI score0.00203EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologiesadded 2026/04/07 12:0 a.m.2 views

PT-2026-30838

An issue that could allow a user with access to a credential to view sensitive fields through an API response has been resolved. This is an instance of CWE-200: Exposure of Sensitive Information to an Unauthorized Actor, and has an estimated CVSS score of...

2.7CVSS5.8AI score0.002EPSS
Exploits0References5
Positive Technologies
Positive Technologiesadded 2026/04/07 12:0 a.m.2 views

PT-2026-30835

An issue that allowed a SQL injection attack vector related to saved queries introduced in version 4.0.260123.0. This is an instance of CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', and has an estimated CVSS score of...

6.4CVSS5.9AI score0.00203EPSS
Exploits0References5
Rows per page
Query Builder