EUVD-2026-21660

The LifterLMS plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter in all versions up to, and including, 9.2.1. This is due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

CVE-2026-33771 CTP OS: Configuring password requirements does not work which permits the use of weak passwords

A Weak Password Requirements vulnerability in the password management function of Juniper Networks CTP OS might allow an unauthenticated, network-based attacker to exploit weak passwords of local accounts and potentially take full control of the device. The password management menu enables the...

CVE-2026-23635

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of the security attributes could potentially lead to Unprotected Transport of Credentials under certain circumstances. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

CVE-2026-24750

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attacker could exploit an Improper Neutralization of Input During Web Page Generation as Stored XSS when modifying forms. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

CVE-2026-23635

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of the security attributes could potentially lead to Unprotected Transport of Credentials under certain circumstances. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

CVE-2026-23635

Kiteworks Secure Data Forms (PDN) has a vulnerability affecting versions prior to 9.2.1 due to a misconfiguration of security attributes that could lead to Unprotected Transport of Credentials. The issue is documented across CVE-2026-23635 with a CVSSv3.1 base score of 6.5 (Network, High attack v...

CVE-2026-24750 Kiteworks Secure Data Forms vulnerable to Cross-site Scripting

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attacker could exploit an Improper Neutralization of Input During Web Page Generation as Stored XSS when modifying forms. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

CVE-2026-23514 Kiteworks Core before 9.2.2 is vulnerable to Improper Ownership Management

Kiteworks is a private data network PDN. Versions 9.2.0 and 9.2.1 of Kiteworks Core have an access control vulnerability that allows authenticated users to access unauthorized content. Upgrade Kiteworks Core to version 9.2.2 or later to receive a patch...

Kiteworks Secure Data Forms 跨站脚本漏洞

Kiteworks Secure Data Forms is a data interaction tool provided by the American company Kiteworks. It offers capabilities for secure data collection and form submission management. Versions of Kiteworks Secure Data Forms prior to 9.2.1 had a cross-site scripting vulnerability. This vulnerability...

CVE-2025-36173

Affected ProductsVersionsInfoSphere Data Architect9.2.1...

CVE-2025-36173 InfoSphere Data Architect (IDA) 9.2.1 Vulnerability Fixes.

Affected ProductsVersionsInfoSphere Data Architect9.2.1...

CVE-2025-36173

Affected ProductsVersionsInfoSphere Data Architect9.2.1...

UBUNTU-CVE-2026-26065

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers both 132-byte and 202-byte header variants that allow arbitrary file writes with arbitrary extension and arbitrary...

CVE-2026-26064 calibre: Path Traversal Vulnerability Enables Arbitrary File Write and Remote Code Execution

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below contain a Path Traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows, this leads to Remote Code Execution by writin...

Linux Distros Unpatched Vulnerability : CVE-2026-26064

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below contain a Path Traversal...

CVE-2025-58381 Directory transversal vulnerability in Brocade Fabric OS before 9.2.1c2 and 9.2.2 through 9.2.2a using various shell commands

A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an authenticated attacker with admin privileges using the shell commands “source, ping6, sleep, disown, wait to modify the path variables and move upwards in the directory structure or to traverse to different directories...

CVE-2025-9711

CVE-2025-9711 is a local privilege escalation flaw in Brocade Fabric OS prior to 9.2.1c3, enabling a local authenticated user to elevate privileges to root via the export option of the seccertmgmt and seccryptocfg commands. Connected sources confirm affected software versions and the root-cause i...

CVE-2025-58380

Brocade Fabric OS prior to 9.2.1 is affected by CVE-2025-58380, a local directory traversal issue exploitable by an authenticated admin using the shell grep command to modify PATH, enabling traversal to higher directories. Multiple connected sources (Red Hat, NVD, Broadcom advisories) corroborate...

CVE-2025-58383

A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level user to execute the bind command, to escalate privileges and bypass security controls allowing the execution of arbitrary commands...

CVE-2025-58379

Brocade Fabric OS before 9.2.1 has a vulnerability that could allow a local authenticated attacker to reveal command line passwords using commands that may expose higher privilege sensitive information by a lower privileged user...