CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/05 1:44 p.m.•29 views

CVE-2026-7778 runZero Platform dashboard configuration exposure

5CVSS0.00028EPSS

Vulnrichment•added 2026/05/05 1:44 p.m.•5 views

CVE-2026-7778 runZero Platform dashboard configuration exposure

5CVSS5.7AI score0.00028EPSS

ATTACKERKB•added 2026/05/05 1:44 p.m.•3 views

CVE-2026-7778

5CVSS5.7AI score0.00028EPSS

CNNVD•added 2026/05/05 12:0 a.m.•3 views

runZero Platform 安全漏洞

runZero Platform is an asset discovery and attack surface management platform developed by the US company runZero. Versions of runZero Platform prior to v4.0.260416.0 contained security vulnerabilities. These vulnerabilities were due to improper permission management, which could allow dashboard...

5CVSS5.8AI score0.00028EPSS

Exploits0References1

3CVSS5.8AI score0.00025EPSS

EUVD-2026-19696

An issue that allowed MCP agents to access certificate information from outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N 3.0 Low. This issue wa...

5.9CVSS5.8AI score0.00048EPSS

EUVD-2026-19692

An issue that could prevent session inactivity timeouts from triggering due to automatic page reloading has been resolved. This is an instance of CWE-613: Insufficient Control of Resources After Expiration or Release, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N...

2.7CVSS5.8AI score0.00047EPSS

EUVD-2026-19636

An issue that could allow a user with access to a credential to view sensitive fields through an API response has been resolved. This is an instance of CWE-200: Exposure of Sensitive Information to an Unauthorized Actor, and has an estimated CVSS score of...

EUVD•added 2026/04/07 3:30 p.m.•2 views

EUVD-2026-19699

An issue that could expose records outside of the authorized organization scope through the MCP endpoints has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N 3.0 Low. This issue was fixed in...

3CVSS5.8AI score0.00043EPSS

6.4CVSS5.9AI score0.00038EPSS

EUVD-2026-19632

An issue that allowed a SQL injection attack vector related to saved queries introduced in version 4.0.260123.0. This is an instance of CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', and has an estimated CVSS score of...

2.2CVSS5.8AI score0.00043EPSS

EUVD-2026-19698

An issue that could expose task information outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N 2.2 Low. This issue was fixed in version 4.0.260205....

8.1CVSS5.8AI score0.00041EPSS

EUVD-2026-19634

An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N 8.1 High. This issue was fixed in version...

5.8CVSS5.8AI score0.00045EPSS

EUVD-2026-19694

An issue that allowed administrators to create and update users outside of their authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:N/I:H/A:N 5.8 Medium. This issue was fix...

EUVD•added 2026/04/07 3:30 p.m.•2 views

EUVD-2026-19635

An issue that allowed MCP agents to access remediation and asset information from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. Th...

5.8CVSS5.8AI score0.00048EPSS

EUVD•added 2026/04/07 3:30 p.m.•3 views

EUVD-2026-19703

An issue that could allow a credential to be updated and used for a task from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. This...

5.8CVSS5.8AI score0.00048EPSS

CVE-2026-5380

An issue that could allow an authorized user to view the clear-text secrets for a subset of credential types and fields has been resolved. This is an instance of CWE-522: Insufficiently Protected Credentials, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N 5.3...

5.3CVSS0.00039EPSS

CVE-2026-5382

3CVSS0.00043EPSS

CVE-2026-5381

2.2CVSS0.00043EPSS