Lucene search
K

138 matches found

NCSC
NCSC
added 5 days ago6 views

Vulnerabilities found in BeyondTrust Remote Support and Privileged Remote Access

BeyondTrust has identified vulnerabilities in the products Remote Support and Privileged Remote Access. These vulnerabilities involve multiple aspects of these products. There is a pre-authentication vulnerability that allows a network-based attacker to bypass authentication checks without prior...

9.9CVSS6.2AI score0.00653EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/07/08 12:0 a.m.9 views

BeyondTrust Privileged Remote Access (PRA) < 25.3.3 Multiple Vulnerabilities (BT26-03)

The version of BeyondTrust Privileged Remote Access PRA running on the remote host is prior to 25.3.3. It is, therefore, affected by multiple vulnerabilities: - A critical pre-authentication vulnerability in the authentication subsystem. Improper validation of authentication data may allow a...

9.9CVSS6.2AI score0.00561EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/07/06 4:13 p.m.5 views

CVE-2026-40141

A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to acces...

9.9CVSS6AI score0.00478EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/07/06 4:13 p.m.7 views

CVE-2026-40140 High-Severity Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access

BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem. Insufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting...

8.7CVSS6AI score0.00561EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/06 4:13 p.m.5 views

EUVD-2026-41888

BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem. Insufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting...

8.7CVSS6AI score0.00561EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/06 4:13 p.m.4 views

CVE-2026-40140

BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem. Insufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting...

8.7CVSS6AI score0.00561EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/07/06 4:13 p.m.42 views

CVE-2026-40140 High-Severity Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access

BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem. Insufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting...

8.7CVSS0.00561EPSS
Exploits0References1
CVE
CVE
added 2026/07/06 4:13 p.m.43 views

CVE-2026-40140

BeyondTrust Remote Support and Privileged Remote Access are affected by CVE-2026-40140, a pre-authentication vulnerability in the network communication subsystem. The issue stems from insufficient validation of client-supplied input, enabling an unauthenticated remote attacker to trigger a denial...

8.7CVSS6AI score0.00561EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 2026/07/06 4:12 p.m.39 views

CVE-2026-40138 Critical Pre-Authentication Vulnerability in BeyondTrust Remote Support and Privileged Remote Access

A critical pre-authentication vulnerability exists in the authentication subsystem of BeyondTrust Remote Support and Privileged Remote Access. Improper validation of authentication data may allow a network-positioned attacker to bypass access controls and gain unauthorized access to the appliance...

9.2CVSS0.00417EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.11 views

PT-2026-55950

Name of the Vulnerable Software and Affected Versions BeyondTrust Remote Support and Privileged Remote Access versions prior to 26.2.1 BeyondTrust Remote Support and Privileged Remote Access versions prior to 25.3.3 Description A critical pre-authentication flaw exists in the authentication...

9.2CVSS6.2AI score0.00417EPSS
Exploits0References23
Positive Technologies
Positive Technologies
added 2026/07/06 12:0 a.m.9 views

PT-2026-55952

BeyondTrust Remote Support and Privileged Remote Access contain a high-severity pre-authentication vulnerability in the network communication subsystem. Insufficient validation of client-supplied input may allow an unauthenticated remote attacker to trigger a denial-of-service condition affecting...

8.7CVSS6AI score0.00561EPSS
Exploits0References6
NVD
NVD
added 2026/06/12 10:16 a.m.15 views

CVE-2026-11844

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Arbitrary File Read vulnerability, allowing privileged remote attackers to access files outside the intended directory scope...

6.9CVSS0.00407EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 9:27 a.m.35 views

CVE-2026-11845 IEI Integration Corp|iVEC-IEI Virtualization Edge Computer - OS Command Injection

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a OS Command Injection vulnerability, allowing privileged remote attackers to inject arbitrary OS commands and execute them on the device...

8.6CVSS0.00951EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/12 9:12 a.m.39 views

CVE-2026-11844 IEI Integration Corp|iVEC-IEI Virtualization Edge Computer - Arbitrary File Read

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Arbitrary File Read vulnerability, allowing privileged remote attackers to access files outside the intended directory scope...

6.9CVSS0.00407EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/12 9:12 a.m.11 views

EUVD-2026-36404

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Arbitrary File Read vulnerability, allowing privileged remote attackers to access files outside the intended directory scope...

6.9CVSS5.4AI score0.00407EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.18 views

PT-2026-48839

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a Arbitrary File Read vulnerability, allowing privileged remote attackers to access files outside the intended directory scope...

6.9CVSS5.3AI score0.00407EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.20 views

PT-2026-48840

The iVEC-IEI Virtualization Edge Computer developed by IEI Integration Corp has a OS Command Injection vulnerability, allowing privileged remote attackers to inject arbitrary OS commands and execute them on the device...

8.6CVSS5.8AI score0.00951EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.10 views

CVE-2026-10057

ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...

4.8CVSS5.5AI score0.00176EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:34 p.m.10 views

CVE-2026-10058

ITS Intelligent SCADA System developed by ITP Technology has a Stored Cross-Site Scripting vulnerability, allowing privileged remote attackers to inject persistent JavaScript codes that are executed in users' browsers upon page load...

4.8CVSS5.5AI score0.00176EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:13 p.m.9 views

CVE-2026-40838

An low privileged remote attacker can exploit an unauthenticated SQL Injection vulnerability in the getDeviceScalings function due to improper neutralization of special elements in a SQL SELECT command. This can result in a total loss of confidentiality...

7.1CVSS5.8AI score0.00262EPSS
Exploits0References1
Rows per page
Query Builder