Lucene search
K

27014 matches found

CVE
CVE
added 2026/03/25 3:22 p.m.11 views

CVE-2026-24750

Kiteworks Secure Data Forms (before v9.2.1) is affected by an Stored XSS in the web-page generation step when modifying forms, caused by improper input neutralization. An authenticated attacker can exploit this with access to form modification flows. A patch is available in version 9.2.1 and late...

7.6CVSS5.8AI score0.00236EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/25 3:22 p.m.1 views

CVE-2026-24750 Kiteworks Secure Data Forms vulnerable to Cross-site Scripting

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attacker could exploit an Improper Neutralization of Input During Web Page Generation as Stored XSS when modifying forms. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

7.6CVSS5.8AI score0.00236EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 3:22 p.m.20 views

CVE-2026-24750 Kiteworks Secure Data Forms vulnerable to Cross-site Scripting

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attacker could exploit an Improper Neutralization of Input During Web Page Generation as Stored XSS when modifying forms. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

7.6CVSS0.00236EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 3:22 p.m.3 views

EUVD-2026-15455

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attacker could exploit an Improper Neutralization of Input During Web Page Generation as Stored XSS when modifying forms. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

7.6CVSS5.8AI score0.00236EPSS
Exploits0References1
NVD
NVD
added 2026/03/25 2:16 p.m.3 views

CVE-2026-3591

A use-after-return vulnerability exists in the named server when handling DNS queries signed with SIG0. Using a specially-crafted DNS request, an attacker may be able to cause an ACL to improperly mismatch an IP address. In a default-allow ACL denying only specific IP addresses, this may lead to...

5.4CVSS0.0036EPSS
Exploits0References3
EUVD
EUVD
added 2026/03/25 12:30 p.m.3 views

EUVD-2026-15401

In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: restrict usage in unprivileged domU The Xen privcmd driver allows to issue arbitrary hypercalls from user space processes. This is normally no problem, as access is usually limited to root and the hypervisor will den...

5.8AI score0.00154EPSS
Exploits0References11
RedhatCVE
RedhatCVE
added 2026/03/25 12:17 p.m.3 views

CVE-2026-31788

A flaw was found in the Linux kernel's Xen privcmd driver. This vulnerability allows a root user process within an unprivileged guest domU to issue arbitrary hypercalls. Such an action could enable the process to modify the kernel's memory, thereby undermining the secure boot feature designed to...

6.7CVSS5.8AI score0.00154EPSS
Exploits0References4
NVD
NVD
added 2026/03/25 11:16 a.m.5 views

CVE-2026-31788

In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: restrict usage in unprivileged domU The Xen privcmd driver allows to issue arbitrary hypercalls from user space processes. This is normally no problem, as access is usually limited to root and the hypervisor will den...

8.2CVSS0.00154EPSS
Exploits0References14
UbuntuCve
UbuntuCve
added 2026/03/25 11:16 a.m.4 views

CVE-2026-31788

In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: restrict usage in unprivileged domU The Xen privcmd driver allows to issue arbitrary hypercalls from user space processes. This is normally no problem, as access is usually limited to root and the hypervisor will den...

8.2CVSS5.8AI score0.00154EPSS
Exploits0References9
OSV
OSV
added 2026/03/25 11:16 a.m.4 views

UBUNTU-CVE-2026-31788

In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: restrict usage in unprivileged domU The Xen privcmd driver allows to issue arbitrary hypercalls from user space processes. This is normally no problem, as access is usually limited to root and the hypervisor will den...

8.2CVSS5.8AI score0.00154EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/03/25 10:25 a.m.3 views

CVE-2026-31788

In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: restrict usage in unprivileged domU The Xen privcmd driver allows to issue arbitrary hypercalls from user space processes. This is normally no problem, as access is usually limited to root and the hypervisor will den...

8.2CVSS5.8AI score0.00154EPSS
Exploits0References9Affected Software1
CVE
CVE
added 2026/03/25 10:25 a.m.19 views

CVE-2026-31788

The CVE-2026-31788 entry describes a vulnerability in the Linux kernel related to the Xen privcmd driver. The privcmd interface could allow a user-space process to issue hypercalls that affect other domains, which is normally restricted to root. In secure-boot scenarios, an unprivileged domU coul...

8.2CVSS5.8AI score0.00154EPSS
Exploits0References14Affected Software1
Debian CVE
Debian CVE
added 2026/03/25 10:25 a.m.3 views

CVE-2026-31788

In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: restrict usage in unprivileged domU The Xen privcmd driver allows to issue arbitrary hypercalls from user space processes. This is normally no problem, as access is usually limited to root and the hypervisor will den...

8.2CVSS5.5AI score0.00154EPSS
Exploits0
Cvelist
Cvelist
added 2026/03/25 10:25 a.m.22 views

CVE-2026-31788 xen/privcmd: restrict usage in unprivileged domU

In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: restrict usage in unprivileged domU The Xen privcmd driver allows to issue arbitrary hypercalls from user space processes. This is normally no problem, as access is usually limited to root and the hypervisor will den...

8.2CVSS0.00154EPSS
Exploits0References8
OSV
OSV
added 2026/03/25 10:25 a.m.9 views

CVE-2026-31788 xen/privcmd: restrict usage in unprivileged domU

In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: restrict usage in unprivileged domU The Xen privcmd driver allows to issue arbitrary hypercalls from user space processes. This is normally no problem, as access is usually limited to root and the hypervisor will den...

8.2CVSS5.9AI score0.00154EPSS
Exploits0References15
OSV
OSV
added 2026/03/25 9:51 a.m.7 views

CLSA-2026-1774432284 vim: Fix of 2 CVEs

CVE-2026-28417: fix OS command injection in netrw plugin when handling specially crafted URLs such as scp:// - CVE-2026-28421: fix heap-buffer-overflow and crash when recovering from a maliciously crafted Vim swap file...

7.8CVSS7.1AI score0.01162EPSS
Exploits0References1
SUSE CVE
SUSE CVE
added 2026/03/25 12:25 a.m.9 views

SUSE CVE-2026-31788

In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: restrict usage in unprivileged domU The Xen privcmd driver allows to issue arbitrary hypercalls from user space processes. This is normally no problem, as access is usually limited to root and the hypervisor will den...

8.2CVSS5.8AI score0.00154EPSS
Exploits0References16
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.5 views

n8n 安全漏洞

n8n is an open-source, scalable workflow automation tool developed by n8n. Versions of n8n prior to 2.5.0 contained security vulnerabilities. These vulnerabilities stemmed from the disabling of host key verification during SSH operations related to source control, which could lead to...

7.4CVSS5.8AI score0.00288EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.9 views

PT-2026-28187

Name of the Vulnerable Software and Affected Versions Database Backup for WordPress versions prior to 2.5.3 Description An authorization bypass exists because the plugin fails to restrict access to the wp db temp dir parameter, which determines the storage location for database backups...

7.5CVSS5.8AI score0.00488EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.7 views

PT-2026-27785

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.2.1 Description Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms, an authenticated attacker could exploit an Improper Neutralization of Input During Web Page Generation, resulting in Stored...

7.6CVSS5.9AI score0.00236EPSS
Exploits0References4
Rows per page
Query Builder