VYPR
Vendor

Pega

Products
4
CVEs
49
Across products
49
Status
Private

Products

4

Recent CVEs

49
View all 49 CVEs →
  • CVE-2026-1078HigApr 7, 2026
    risk 0.47cvss epss 0.00

    An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robotic Automation version 22.1 or R25 users who are running automations that work with Google Chrome or Microsoft Edge. A bad actor could create a website that includes malicious code. The…

  • CVE-2017-11356MedAug 2, 2017
    risk 0.46cvss 6.5epss 0.04

    The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain privileges to obtain sensitive configuration information by leveraging a missing access control.

  • CVE-2017-11355MedAug 2, 2017
    risk 0.43cvss 6.1epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2) beanReference parameter to the JavaBean viewer page; or the (3) pyTableName to…

  • CVE-2026-1079MedApr 7, 2026
    risk 0.39cvss epss 0.00

    A native messaging host vulnerability in Pega Browser Extension (PBE) affects users of all versions of Pega Robotic Automation who have installed Pega Browser Extension. A bad actor could create a website that contains malicious code that targets PBE. The vulnerability could…

  • CVE-2025-62182MedJan 13, 2026
    risk 0.34cvss epss 0.00

    Pega Customer Service Framework versions 8.7.0 through 25.1.0 are affected by a Unrestricted file upload vulnerability, where a privileged user could potentially upload a malicious file.

  • CVE-2025-62181MedDec 10, 2025
    risk 0.34cvss 5.3epss 0.00

    Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. This only…

  • CVE-2026-1711MedApr 15, 2026
    risk 0.31cvss 4.8epss 0.00

    Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-Site Scripting vulnerability in a user interface component. Requires a high privileged user with a developer role.

  • CVE-2026-1564MedApr 15, 2026
    risk 0.31cvss 4.8epss 0.00

    Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a user interface component. Requires a high privileged user with a developer role.

  • CVE-2025-62183MedFeb 17, 2026
    risk 0.31cvss epss 0.00

    Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality and Integrity are low.

  • CVE-2025-62184LowMar 31, 2026
    risk 0.22cvss 3.4epss 0.00

    Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality is low and Integrity is none.

  • CVE-2022-24082Jul 19, 2022
    risk 0.07cvss epss 0.09

    If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect…

  • CVE-2025-62180Jun 23, 2026
    risk 0.00cvss epss 0.00

    Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs.

  • CVE-2026-0898Mar 23, 2026
    risk 0.00cvss epss 0.00

    An arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robot Studio developers who are automating Google Chrome and Microsoft Edge using either version 22.1 or R25. This vulnerability does not affect Robot Runtime users. A bad actor could create a…

  • CVE-2025-9559Oct 16, 2025
    risk 0.00cvss epss 0.00

    Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object Reference issue in a user interface component that can only be used to read data.

  • CVE-2025-8681Sep 10, 2025
    risk 0.00cvss epss 0.00

    Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component.  Requires a high privileged user with a developer role.

  • CVE-2025-2161Apr 14, 2025
    risk 0.00cvss epss 0.00

    Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup

  • CVE-2025-2160Apr 14, 2025
    risk 0.00cvss epss 0.00

    Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup

  • CVE-2024-12211Jan 13, 2025
    risk 0.00cvss epss 0.00

    Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an Stored XSS issue with profile.

  • CVE-2024-10716Dec 5, 2024
    risk 0.00cvss epss 0.00

    Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search.

  • CVE-2024-10094Nov 20, 2024
    risk 0.00cvss epss 0.00

    Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of Generation of Code