Search
Search Results (12 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-0898 | 1 Pegasystems | 1 Pega Robot Studio | 2026-03-24 | N/A |
| An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robot Studio developers who are automating Google Chrome and Microsoft Edge using either version 22.1 or R25. This vulnerability does not affect Robot Runtime users. A bad actor could create a website that includes malicious code. The vulnerability may be exploited if a Pega Robot Studio developer is deceived into visiting this website during interrogation mode in Robot Studio. | ||||
| CVE-2025-62183 | 1 Pegasystems | 1 Pega Infinity | 2026-02-18 | N/A |
| Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality and Integrity are low. | ||||
| CVE-2025-62182 | 1 Pegasystems | 1 Pega Infinity | 2026-01-14 | N/A |
| Pega Customer Service Framework versions 8.7.0 through 25.1.0 are affected by a Unrestricted file upload vulnerability, where a privileged user could potentially upload a malicious file. | ||||
| CVE-2025-62181 | 1 Pegasystems | 1 Pega Infinity | 2025-12-12 | 5.3 Medium |
| Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. This only applies to deprecated basic-authentication feature and other more secure authentication mechanisms are recommended. A fix is being provided in the 24.1.4, 24.2.4, and 25.1.1 patch releases. Please note: Basic credentials authentication service type is deprecated started in 24.2 version: https://docs.pega.com/bundle/platform/page/platform/release-notes/security/whats-new-security-242.html. | ||||
| CVE-2025-2161 | 2 Pega, Pegasystems | 2 Pega Platform, Pega Infinity | 2025-10-30 | 7.1 High |
| Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup | ||||
| CVE-2025-2160 | 2 Pega, Pegasystems | 2 Pega Platform, Pega Infinity | 2025-10-30 | 8.1 High |
| Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup | ||||
| CVE-2025-9559 | 2 Pega, Pegasystems | 2 Pega Platform, Pega Infinity | 2025-10-30 | 6.5 Medium |
| Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object Reference issue in a user interface component that can only be used to read data. | ||||
| CVE-2025-8681 | 2 Pega, Pegasystems | 2 Pega Platform, Pega Infinity | 2025-10-29 | 5.5 Medium |
| Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component. Â Requires a high privileged user with a developer role. | ||||
| CVE-2024-12211 | 2 Pega, Pegasystems | 2 Pega Platform, Pega Platform | 2025-10-29 | 5.4 Medium |
| Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an Stored XSS issue with profile. | ||||
| CVE-2024-10716 | 1 Pegasystems | 1 Pega Platform | 2025-07-13 | 5.9 Medium |
| Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search. | ||||
| CVE-2024-10094 | 1 Pegasystems | 1 Pega Infinity | 2024-11-21 | 9.1 Critical |
| Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of Generation of Code | ||||
| CVE-2023-32090 | 2 Pega, Pegasystems | 2 Pega Platform, Pega Platform | 2024-11-21 | 9.8 Critical |
| Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials | ||||
Page 1 of 1.