📦 Infinity

CVE-2024-10094 is a code injection vulnerability in Pega Platform that allows attackers to execute arbitrary code on affected systems. This affects all Pega Platform deployments from version 6.x throu...

CVE-2022-24083 is a critical authentication bypass vulnerability in Pega Platform that allows attackers to circumvent local password checks, potentially gaining unauthorized access to affected systems...

CVE-2022-24082 allows remote code execution on Pega Platform installations by exploiting insecure JMX interface exposure. Attackers can upload serialized payloads to execute arbitrary code on the unde...

CVE-2021-27651 is an authentication bypass vulnerability in Pega Infinity that allows attackers to reset passwords for local accounts without proper authentication. This affects Pega Infinity versions...

This vulnerability allows attackers to bypass local authentication by exploiting forgotten password reset functionality for local accounts. It affects Pega Platform systems with local authentication e...

This Cross-Site Scripting (XSS) vulnerability in Pega Platform's search functionality allows attackers to inject malicious scripts into web pages viewed by other users. Affected versions include Pega ...

Pega Platform versions 8.1 through Infinity 24.1.2 contain an HTML injection vulnerability in the Stage component that allows attackers to inject malicious HTML content. This affects organizations usi...

Pega Platform versions 8.1 through Infinity 24.1.2 contain a cross-site scripting (XSS) vulnerability in the application name field. This allows attackers to inject malicious scripts that execute in u...