Lucene search
K

88 matches found

CVE
CVE
added 2026/04/07 2:10 p.m.9 views

CVE-2026-5373

The issue affects the runZero Platform and is a privilege-escalation vulnerability (CWE-269) where all-organization administrators could promote accounts to superuser status. Root cause is improper privilege management leading to elevated access. Impact aligns with CVSS v3.1: High (8.1) with no a...

8.4CVSS5.8AI score0.00221EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/07 2:10 p.m.17 views

CVE-2026-5373 runZero Platform superuser privilege escalation

An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N 8.1 High. This issue was fixed in version...

8.1CVSS0.00221EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/07 2:10 p.m.2 views

CVE-2026-5373 runZero Platform superuser privilege escalation

An issue that allowed all-organization administrators to promote accounts to superuser status has been resolved. This is an instance of CWE-269: Improper Privilege Management, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N 8.1 High. This issue was fixed in version...

8.1CVSS5.8AI score0.00221EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/04/07 2:10 p.m.1 views

CVE-2026-5372 runZero Platform SQL injection in saved queries

An issue that allowed a SQL injection attack vector related to saved queries introduced in version 4.0.260123.0. This is an instance of CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', and has an estimated CVSS score of...

6.4CVSS5.9AI score0.00203EPSS
Exploits0References2
CVE
CVE
added 2026/04/07 2:10 p.m.10 views

CVE-2026-5372

CVE-2026-5372 describes a SQL injection in saved queries affecting the runZero Platform introduced in version 4.0.260123.0 and fixed in 4.0.260123.1. The issue is categorized as CWE-89 with CVSSv3.1 parameters: AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H, indicating network access required, high attack c...

6.4CVSS5.9AI score0.00203EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/04/07 2:10 p.m.19 views

CVE-2026-5372 runZero Platform SQL injection in saved queries

An issue that allowed a SQL injection attack vector related to saved queries introduced in version 4.0.260123.0. This is an instance of CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', and has an estimated CVSS score of...

6.4CVSS0.00203EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/07 2:10 p.m.2 views

CVE-2026-5372

An issue that allowed a SQL injection attack vector related to saved queries introduced in version 4.0.260123.0. This is an instance of CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', and has an estimated CVSS score of...

6.4CVSS5.9AI score0.00203EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.4 views

PT-2026-30835

An issue that allowed a SQL injection attack vector related to saved queries introduced in version 4.0.260123.0. This is an instance of CWE-89: Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', and has an estimated CVSS score of...

6.4CVSS5.9AI score0.00203EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.6 views

PT-2026-30876

An issue that could expose task information outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:N/A:N 2.2 Low. This issue was fixed in version 4.0.260205....

2.2CVSS5.8AI score0.00174EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.9 views

runZero Platform 安全漏洞

RunZero Platform is an asset discovery and attack surface management platform developed by the US company RunZero. Versions of RunZero Platform prior to 4.0.260203.0 contained security vulnerabilities. These vulnerabilities were caused by resource expiration or insufficient control after resource...

5.9CVSS5.8AI score0.00212EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.8 views

runZero Platform 安全漏洞

RunZero Platform is an asset discovery and attack surface management platform developed by the US company RunZero. Versions of RunZero Platform prior to 4.0.260203.0 contained security vulnerabilities. These vulnerabilities stemmed from API responses that might expose sensitive information,...

2.7CVSS5.8AI score0.002EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.4 views

PT-2026-30838

An issue that could allow a user with access to a credential to view sensitive fields through an API response has been resolved. This is an instance of CWE-200: Exposure of Sensitive Information to an Unauthorized Actor, and has an estimated CVSS score of...

2.7CVSS5.8AI score0.002EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.5 views

PT-2026-30879

An issue that could allow a credential to be updated and used for a task from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. This...

5.8CVSS5.8AI score0.00208EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.6 views

PT-2026-30877

An issue that could expose records outside of the authorized organization scope through the MCP endpoints has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:N/A:N 3.0 Low. This issue was fixed in...

3CVSS5.8AI score0.00174EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.7 views

runZero Platform 安全漏洞

runZero Platform is an asset discovery and attack surface management platform developed by the US company runZero. There is a security vulnerability in the version 4.0.260123.0 of runZero Platform, which stems from improper handling of special elements related to query storage. This vulnerability...

6.4CVSS5.8AI score0.00203EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.11 views

runZero Platform 安全漏洞

RunZero Platform is an asset discovery and attack surface management platform developed by the US company RunZero. Versions of RunZero Platform prior to 4.0.260205.0 contained security vulnerabilities. These vulnerabilities were due to improper authorization, which could lead to unauthorized...

2.2CVSS5.8AI score0.00174EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.10 views

runZero Platform 安全漏洞

runZero Platform is an asset discovery and attack surface management platform developed by the US company runZero. Versions of runZero Platform prior to 4.0.260206.0 contained security vulnerabilities. These vulnerabilities were due to improper authorization, which could lead to unauthorized...

3CVSS5.8AI score0.00174EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.9 views

runZero Platform 安全漏洞

runZero Platform is an asset discovery and attack surface management platform developed by the US company runZero. Versions of runZero Platform prior to 4.0.260203.0 contained security vulnerabilities. These vulnerabilities were due to improper authorization, which could allow the MCP proxy to...

3CVSS5.8AI score0.00118EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/07 12:0 a.m.7 views

PT-2026-30837

An issue that allowed MCP agents to access remediation and asset information from outside of the authorized organization scope has been resolved. This is an instance of CWE-863: Incorrect Authorization, and has an estimated CVSS score of CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N 5.8 Medium. Th...

5.8CVSS5.8AI score0.00208EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/04/07 12:0 a.m.8 views

runZero Platform 安全漏洞

RunZero Platform is an asset discovery and attack surface management platform developed by the US company RunZero. Versions of RunZero Platform prior to 4.0.260202.0 contained security vulnerabilities. These vulnerabilities were due to improper authorization, which could lead to unauthorized acce...

5.8CVSS5.8AI score0.00208EPSS
Exploits0References2
Rows per page
Query Builder