Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

13 matches found

RedhatCVE
RedhatCVEadded yesterday3 views

CVE-2026-24761

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metadata of resources belonging to other users due to insufficient authorization checks on resource...

4.3CVSS5.5AI score0.00029EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded yesterday4 views

CVE-2026-24752

Kiteworks is a private data network PDN. Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

8.2CVSS5.6AI score0.00034EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded yesterday3 views

CVE-2026-24782

Kiteworks is a private data network PDN. Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBuilder role to retrieve information on or modify other users' form definitions and some global...

8.8CVSS5.7AI score0.00027EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 4 days ago7 views

CVE-2026-24754

Kiteworks is a private data network PDN. Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code in other users' sessions. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

5.4CVSS6.1AI score0.0003EPSS
Exploits0References1
NVD
NVDadded 5 days ago7 views

CVE-2026-24782

Kiteworks is a private data network PDN. Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBuilder role to retrieve information on or modify other users' form definitions and some global...

8.8CVSS0.00027EPSS
Exploits0References1
NVD
NVDadded 5 days ago8 views

CVE-2026-24761

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metadata of resources belonging to other users due to insufficient authorization checks on resource...

4.3CVSS0.00029EPSS
Exploits0References1
NVD
NVDadded 5 days ago8 views

CVE-2026-24752

Kiteworks is a private data network PDN. Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

8.2CVSS0.00034EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 5 days ago8 views

CVE-2026-24782

Kiteworks is a private data network PDN. Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBuilder role to retrieve information on or modify other users' form definitions and some global...

7.6CVSS5.9AI score0.00027EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichmentadded 5 days ago5 views

CVE-2026-24761 Kiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled Key

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metadata of resources belonging to other users due to insufficient authorization checks on resource...

3.7CVSS5.8AI score0.00029EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 5 days ago5 views

CVE-2026-24756

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resources belonging to other users due to insufficient authorization checks on resource ownership. Upgrade...

4.3CVSS5.8AI score0.00028EPSS
Exploits0References2Affected Software1
Cvelist
Cvelistadded 5 days ago24 views

CVE-2026-24755 Kiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled Key

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify permissions on resources belonging to other users due to insufficient authorization checks on resource...

5.4CVSS0.00022EPSS
Exploits0References1
Cvelist
Cvelistadded 5 days ago24 views

CVE-2026-24754 Kiteworks Secure Data Forms Vulnerable to Cross-site Scripting

Kiteworks is a private data network PDN. Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code in other users' sessions. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

5.4CVSS0.0003EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/01/10 12:0 a.m.4 views

PT-2026-2029

Name of the Vulnerable Software and Affected Versions questdb ui versions up to 1.11.9 Description A security flaw exists in the Web Console component of questdb ui, potentially leading to cross-site scripting. The issue is remotely exploitable, and an exploit has been publicly released. The...

5.1CVSS3.7AI score0.00079EPSS
Exploits0References13
Rows per page
Query Builder