489 matches found
CVE-2026-29092
Kiteworks is a private data network PDN. Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management allows blocked users to maintain active sessions after their account is disabled. This could allow unauthorized access to continue until the session naturally...
CVE-2026-29092
Kiteworks is a private data network PDN. Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management allows blocked users to maintain active sessions after their account is disabled. This could allow unauthorized access to continue until the session naturally...
EUVD-2026-15807
Kiteworks is a private data network PDN. Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management allows blocked users to maintain active sessions after their account is disabled. This could allow unauthorized access to continue until the session naturally...
CVE-2026-29092 Kiteworks Email Protection Gateway has an Insufficient Session Expiration
Kiteworks is a private data network PDN. Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management allows blocked users to maintain active sessions after their account is disabled. This could allow unauthorized access to continue until the session naturally...
CVE-2026-29092
Kiteworks is a private data network PDN. Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management allows blocked users to maintain active sessions after their account is disabled. This could allow unauthorized access to continue until the session naturally...
PT-2026-28070
Kiteworks is a private data network PDN. Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management allows blocked users to maintain active sessions after their account is disabled. This could allow unauthorized access to continue until the session naturally...
GHSA-H29G-Q5C2-9H4F Parse Server email verification resend page leaks user existence
Impact The Pages route and legacy PublicAPI route for resending email verification links return distinguishable responses depending on whether the provided username exists and has an unverified email. This allows an unauthenticated attacker to enumerate valid usernames by observing different...
CVE-2026-28272
Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks Email Protection Gateway allows authenticated administrators to inject malicious scripts through a configuration interface. The stored script executes when users interact with the affected user interface...
CVE-2026-28272
Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks Email Protection Gateway allows authenticated administrators to inject malicious scripts through a configuration interface. The stored script executes when users interact with the affected user interface...
CVE-2026-28272 Kiteworks Email Protection Gateway has a Cross-site Scripting vulnerability
Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks Email Protection Gateway allows authenticated administrators to inject malicious scripts through a configuration interface. The stored script executes when users interact with the affected user interface...
EUVD-2026-9067
Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks Email Protection Gateway allows authenticated administrators to inject malicious scripts through a configuration interface. The stored script executes when users interact with the affected user interface...
CVE-2026-28272 Kiteworks Email Protection Gateway has a Cross-site Scripting vulnerability
Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks Email Protection Gateway allows authenticated administrators to inject malicious scripts through a configuration interface. The stored script executes when users interact with the affected user interface...
CVE-2026-28272
Kiteworks is a private data network PDN. Prior to version 9.2.0, a vulnerability in Kiteworks Email Protection Gateway allows authenticated administrators to inject malicious scripts through a configuration interface. The stored script executes when users interact with the affected user interface...
CVE-2026-28272
Kiteworks Email Protection Gateway (pre-9.2.0) has a stored XSS vulnerability exploitable by authenticated administrators via a configuration interface. The stored script can execute when users interact with the affected UI, potentially impacting confidentiality and integrity (C=HIGH, I=HIGH) wit...
Kiteworks 跨站脚本漏洞
Kiteworks is a security private network data software developed by Kiteworks Corporation in the United States. Versions of Kiteworks prior to 9.2.0 contained a cross-site scripting vulnerability. This vulnerability stemmed from defects in the configuration interface of Email Protection Gateway,...
PT-2026-22396
Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.2.0 Description Kiteworks Email Protection Gateway contains a flaw that allows authenticated administrators to inject malicious scripts through a configuration interface. These scripts execute when users interact...
Filling the Most Common Gaps in Google Workspace Security
Security teams at agile, fast-growing companies often have the same mandate: secure the business without slowing it down. Most teams inherit a tech stack optimized for breakneck growth, not resilience. In these environments, the security team is the helpdesk, the compliance expert, and the incide...
CVE-2025-48464
Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim’s Sync account data such as account credentials and email protection information...
CVE-2025-48464 Exposure of Sensitive Information
Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim’s Sync account data such as account credentials and email protection information...
CVE-2025-48464 Exposure of Sensitive Information
Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victim’s Sync account data such as account credentials and email protection information...