CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 3 days ago•5 views

CVE-2026-24782 Kiteworks Secure Data Forms has a SQL Injection vulnerability

Kiteworks is a private data network PDN. Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBuilder role to retrieve information on or modify other users' form definitions and some global...

7.6CVSS5.9AI score0.00026EPSS

Vulnrichment•added 3 days ago•4 views

CVE-2026-24755 Kiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled Key

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify permissions on resources belonging to other users due to insufficient authorization checks on resource...

5.4CVSS5.8AI score0.00021EPSS

Vulnrichment•added 3 days ago•4 views

CVE-2026-24752 Kiteworks Secure Data Forms Vulnerable to Cross-site Scripting

Kiteworks is a private data network PDN. Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

ATTACKERKB•added 3 days ago•6 views

CVE-2026-24751

Exploits0References2Affected Software1

EUVD•added 3 days ago•7 views

EUVD-2026-33749

Cvelist•added 3 days ago•24 views

CVE-2026-23638 Kiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled Key

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated attacker to tamper with the internal approval flow configurations of forms belonging to other users due to insufficient...

6.5CVSS0.00026EPSS

Positive Technologies•added 3 days ago•6 views

PT-2026-45653

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metadata of resources belonging to other users due to insufficient authorization checks on resource...

3.7CVSS5.8AI score0.00028EPSS

Positive Technologies•added 3 days ago•9 views

PT-2026-45650

5.4CVSS6.1AI score0.00029EPSS

Positive Technologies•added 3 days ago•8 views

PT-2026-45555

UbuntuCve•added 2026/02/20 2:16 a.m.•2 views

CVE-2026-26065

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers both 132-byte and 202-byte header variants that allow arbitrary file writes with arbitrary extension and arbitrary...

9.3CVSS6.3AI score0.00047EPSS

Exploits1References3

OSV•added 2026/02/20 2:16 a.m.•0 views

UBUNTU-CVE-2026-26065

9.3CVSS6.3AI score0.00047EPSS

Exploits1References4

Cvelist•added 2026/02/20 1:54 a.m.•22 views

CVE-2026-26065 calibre: Path Traversal can Lead to Arbitrary File Write and Potential Code Execution

9.3CVSS0.00047EPSS

Exploits1References2

Vulnrichment•added 2026/02/20 1:54 a.m.•1 views

CVE-2026-26065 calibre: Path Traversal can Lead to Arbitrary File Write and Potential Code Execution

9.3CVSS6.3AI score0.00047EPSS

Exploits1References2

CVE•added 2026/02/20 1:44 a.m.•15 views

CVE-2026-26064

CVE-2026-26064 affects calibre

9.3CVSS5.9AI score0.00083EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/02/20 1:44 a.m.•2 views

CVE-2026-26064 calibre: Path Traversal Vulnerability Enables Arbitrary File Write and Remote Code Execution

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below contain a Path Traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows, this leads to Remote Code Execution by writin...

9.3CVSS5.9AI score0.00083EPSS

Exploits1References2

Cvelist•added 2026/01/29 9:47 p.m.•29 views

CVE-2026-25063 gradle-completion has a Bash command injection issue

gradle-completion provides Bash and Zsh completion support for Gradle. A command injection vulnerability was found in gradle-completion up to and including 9.3.0 that allows arbitrary code execution when a user triggers Bash tab completion in a project containing a malicious Gradle build file. Th...

8.3CVSS0.00033EPSS

Cvelist•added 2026/01/23 4:47 p.m.•24 views

CVE-2021-47892 PEEL Shopping 9.3.0 - 'Comments/Special Instructions' Stored Cross-Site Scripting

PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the 'Comments / Special Instructions' parameter of the purchase page. Attackers can inject malicious JavaScript payloads that will execute when the page is refreshed, potentially allowing client-side script execution...

7.2CVSS0.00072EPSS

Exploits0References3

Positive Technologies•added 2026/01/16 12:0 a.m.•3 views

PT-2026-3331

Name of the Vulnerable Software and Affected Versions Gradle versions prior to 9.3.0 Description Gradle, a build automation tool, has an issue where dependency resolution in versions before 9.3.0 does not treat certain exceptions as fatal errors. This allows Gradle to continue to subsequent...

8.6CVSS5.3AI score0.0003EPSS

Exploits0References6

CNNVD•added 2026/01/16 12:0 a.m.•1 views

Gradle security vulnerabilities

Gradle is a project build tool based on the JVM, developed by the American company Gradle Inc. It supports Maven, Ivy repositories, etc. Versions of Gradle prior to 9.3.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that certain exceptions were not treated as...

8.6CVSS5.8AI score0.0003EPSS