CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

151 matches found

CVE-2026-9863 Core Privileged Access Manager (BoKS) upgrade tooling command injection vulnerability

Fortra BoKS Manager contains an OS command injection vulnerability in the client upgrade and patch tooling for legacy tar-based client installations. A malicious or compromised legacy tar-installed client selected for upgrade or patching may be able to cause commands to be executed on the BoKS...

7.5CVSS5.3AI score0.00572EPSS

Exploits0References1

EUVD•added 6 days ago•7 views

EUVD-2026-36730

Fortra's Core Privileged Access Manager BoKS contains an OS command injection vulnerability in the boksautoregisterd service. A remote attacker with network access to the service may be able to cause commands to be executed with the privileges of the service during the autoregistration processing...

9.8CVSS5.3AI score0.00845EPSS

Exploits0References1

Positive Technologies•added 6 days ago•9 views

PT-2026-49245

Name of the Vulnerable Software and Affected Versions Fortra Core Privileged Access Manager affected versions not specified Description An OS command injection issue exists in the boks autoregisterd service. A remote attacker with network access to this service can execute commands with the...

9.8CVSS5.8AI score0.00845EPSS

Exploits0References7

NVD•added 2026/06/12 5:16 a.m.•8 views

CVE-2026-45169

Idira Privileged Access Manager PAM Self-Hosted Vault versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8 exhibit a validation vulnerability. Under specific circumstances and configuration scenarios, processing unexpected input could potentially lead to an unexpected service termination, resulti...

8.7CVSS0.00301EPSS

Exploits0References4

EUVD•added 2026/06/12 4:32 a.m.•9 views

EUVD-2026-36385

8.7CVSS5.5AI score0.00301EPSS

Exploits0References4

CVE•added 2026/06/12 4:32 a.m.•19 views

CVE-2026-45169

Idira Privileged Access Manager (PAM) Self-Hosted Vault is affected in versions prior to 15.0.3, 14.6.5, 14.2.7, and 14.0.8. The issue is a validation vulnerability where processing unexpected input under certain configurations can cause an unexpected service termination, leading to a localized D...

8.7CVSS5.5AI score0.00301EPSS

Exploits0References4

Vulnrichment•added 2026/06/12 4:32 a.m.•7 views

CVE-2026-45169 Idira Privileged Access Manager (PAM) Self-Hosted Vault: Denial of Service due to Unexpected Input Processing

8.7CVSS5.2AI score0.00301EPSS

Exploits0References4

Positive Technologies•added 2026/06/12 12:0 a.m.•8 views

PT-2026-48829

8.7CVSS5.2AI score0.00301EPSS

Exploits0References5

RedhatCVE•added 2025/12/17 8:4 p.m.•5 views

CVE-2025-13532

Insecure defaults in the Server Agent component of Fortra's Core Privileged Access Manager BoKS can result in the selection of weak password hash algorithms. This issue affects BoKS Server Agent 9.0 instances that support yescrypt and are running in a BoKS 8.1 domain...

6.2CVSS7AI score0.00085EPSS

Exploits0References1

EUVD•added 2025/12/16 9:30 p.m.•2 views

EUVD-2025-203842

6.2CVSS6.5AI score0.00085EPSS

Exploits0References2

CVE•added 2025/12/16 8:1 p.m.•10 views

CVE-2025-13532

This CVE concerns Fortra’s Core Privileged Access Manager (BoKS): BoKS Server Agent 9.0 with yescrypt support running in a BoKS 8.1 domain is affected by insecure defaults that can cause the use of weak password hash algorithms. The issue is described across multiple sources as an insecure defaul...

6.2CVSS6.7AI score0.00085EPSS

Exploits0References1

Positive Technologies•added 2025/12/16 12:0 a.m.•3 views

PT-2025-51782

6.2CVSS7.1AI score0.00085EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•3 views

EUVD-2018-20631

Malware in sbrugna...

6.1CVSS6.3AI score0.00899EPSS

Exploits0References3

EUVD•added 2025/10/07 12:30 a.m.•3 views