242 matches found
Security Bulletin: Security vulnerabilities have been identified in IBM DB2 shipped with IBM License Metric Tool v9.
Summary IBM DB2 is shipped with IBM License Metric Tool. Information about security vulnerabilities affecting IBM DB2 has been published in separate security bulletins. Vulnerability Details Refer to the security bulletins listed in the Remediation/Fixes section Affected Products and Versions...
Information Disclosure in Confluence Data Center
This High severity Information Disclosure vulnerability was introduced in versions 9.1.0, 9.2.0, 9.3.1, 9.4.0, 9.5.1, 10.0.2, 10.1.0, and 10.2.0 of Confluence Data Center. This Information Disclosure vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
EUVD-2026-15419
Kiteworks is a private data network PDN. Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerability that allows authenticated users to access unauthorized content. Upgrade Kiteworks Core to version 9.2.2 or later to receive a patch...
PT-2026-27781
Name of the Vulnerable Software and Affected Versions Kiteworks versions 9.2.0 through 9.2.1 Description Kiteworks Core has an access control issue that permits authenticated users to access content they are not authorized to view. The software is a private data network PDN. Recommendations Upgra...
Kiteworks Core 安全漏洞
Kiteworks Core is an enterprise data exchange platform provided by Kiteworks Corporation in the United States, offering capabilities for secure file transfer and content governance. There are security vulnerabilities in versions 9.2.0 and 9.2.1 of Kiteworks Core, which stem from improper access...
CVE-2026-28272
Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks Email Protection Gateway allows authenticated administrators to inject malicious scripts through a configuration interface. The stored script executes when users interact with the affected user interface...
Interpretation Conflict
Overview @fastify/middie is a Middleware engine for Fastify Affected versions of this package are vulnerable to Interpretation Conflict via the middleware matching engine when router options like ignoreDuplicateSlashes, useSemicolonDelimiter, or other trailing-slash normalization are enabled. An...
CVE-2026-28270
Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators could exploit this to upload unauthorized file types to the system. Version 9.2.0 contains a patch fo...
CVE-2026-28272
Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks Email Protection Gateway allows authenticated administrators to inject malicious scripts through a configuration interface. The stored script executes when users interact with the affected user interface...
CVE-2026-28272 Kiteworks Email Protection Gateway has a Cross-site Scripting vulnerability
Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks Email Protection Gateway allows authenticated administrators to inject malicious scripts through a configuration interface. The stored script executes when users interact with the affected user interface...
CVE-2026-28270 Kiteworks Core has an Unrestricted Upload of File with Dangerous Type
Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators could exploit this to upload unauthorized file types to the system. Version 9.2.0 contains a patch fo...
CVE-2026-28270
Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks configuration allows uploading of arbitrary files without proper validation. Malicious administrators could exploit this to upload unauthorized file types to the system. Version 9.2.0 contains a patch fo...
CVE-2026-28270
Kiteworks Core prior to version 9.2.0 contains a configuration vulnerability that allows uploading arbitrary files without proper validation. Malicious administrators could exploit the flaw to upload unauthorized file types. Version 9.2.0 includes a patch. No exploitation details are provided bey...
Kiteworks 代码问题漏洞
Kiteworks is a security private network data software developed by Kiteworks Corporation in the United States. Versions of Kiteworks prior to 9.2.0 contained code vulnerabilities. These vulnerabilities stemmed from defects in the configuration functionality, which could allow attacks via DNS...
PT-2026-22395
Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.2.0 Description A flaw exists in the configuration functionality of Kiteworks, a private data network PDN, that allows bypassing of Server-Side Request Forgery SSRF protections through DNS rebinding attacks. A...
PT-2026-22377
Name of the Vulnerable Software and Affected Versions @fastify/middie versions prior to 9.2.0 Description A flaw exists in @fastify/middie that can lead to authentication or authorization bypass when path-scoped middleware is used, such as with app.use'/secret', auth. This occurs when Fastify...
CVE-2026-28269 Kiteworks Core has an OS Command Injection
Kiteworks is a private data network PDN. Prior to version 9.2.0, avulnerability in Kiteworks command execution functionality allows authenticated users to redirect command output to arbitrary file locations. This could be exploited to overwrite critical system files and gain elevated access...
CVE-2026-28269 Kiteworks Core has an OS Command Injection
Kiteworks is a private data network PDN. Prior to version 9.2.0, avulnerability in Kiteworks command execution functionality allows authenticated users to redirect command output to arbitrary file locations. This could be exploited to overwrite critical system files and gain elevated access...
CVE-2026-28269 Kiteworks Core has an OS Command Injection
Kiteworks is a private data network PDN. Prior to version 9.2.0, avulnerability in Kiteworks command execution functionality allows authenticated users to redirect command output to arbitrary file locations. This could be exploited to overwrite critical system files and gain elevated access...
CVE-2026-28269
Kiteworks is a private data network PDN. Prior to version 9.2.0, avulnerability in Kiteworks command execution functionality allows authenticated users to redirect command output to arbitrary file locations. This could be exploited to overwrite critical system files and gain elevated access...