11 matches found
CVE-2026-23635
Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of the security attributes could potentially lead to Unprotected Transport of Credentials under certain circumstances. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...
CVE-2026-24750 Kiteworks Secure Data Forms vulnerable to Cross-site Scripting
Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, an authenticated attacker could exploit an Improper Neutralization of Input During Web Page Generation as Stored XSS when modifying forms. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...
CVE-2026-26064 calibre: Path Traversal Vulnerability Enables Arbitrary File Write and Remote Code Execution
calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below contain a Path Traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows, this leads to Remote Code Execution by writin...
Broadcom Brocade Fabric OS 安全漏洞
Broadcom Brocade Fabric OS FOS is an embedded operating system used in switches and routers by Broadcom Corporation. Versions of Broadcom Brocade Fabric OS prior to version 9.2.1 contained security vulnerabilities. These vulnerabilities stemmed from the possibility for low-privilege users to expo...
CVE-2025-68917
ONLYOFFICE Docs before 9.2.1 allows XSS in the textarea of the comment editing form. This is related to DocumentServer...
ONLYOFFICE Docs 跨站脚本漏洞
ONLYOFFICE Docs is an online office software from ONLYOFFICE, Inc. A cross-site scripting vulnerability exists in ONLYOFFICE Docs versions prior to 9.2.1, which stems from cross-site scripting in the textarea of the comment edit form...
CVE-2025-55703
An error-based SQL injection vulnerability exists in the Sunbird Power IQ 9.2.0 API. The vulnerability is due to an outdated API endpoint that applied arrays without proper input validation. This can allow attackers to manipulate SQL queries. This has been addressed in Power IQ version 9.2.1, whe...
SearchBlox Security Breach
SearchBlox is an application from US-based SearchBlox, Inc. provides a powerful enterprise search architecture for on-premise or cloud deployments. A security vulnerability exists in SearchBlox versions prior to 9.2.1. An attacker can exploit the vulnerability to perform a CSV macro injection...
McAfee Web Gateway Elevation of Privilege Vulnerability
McAfee Web Gateway is a high-performance secure Web gateway with best-in-class threat protection in a unified appliance software architecture. An elevation of privilege vulnerability exists in McAfee Web Gateway versions prior to 9.2.1. The vulnerability stems from improper user interface access...
IBM i2 Analysts Notebook and IBM i2 Analysts Notebook Premium Buffer Overflow Vulnerability (CNVD-2020-29556)
IBM i2 Analysts Notebook and IBM i2 Analysts Notebook Premium are both products of IBM Corporation, USA.IBM i2 Analysts Notebook is a data visualization and analysis tool. The product supports features such as data storage and data analysis.IBM i2 Analysts Notebook Premium is an advanced version ...
GLPI Remote Code Execution Vulnerability
GLPI is an open source IT resource management suite maintained by the Indepnet Association. The suite includes features such as device status management, asset inventory storage, management processes and work log management. A security vulnerability exists in GLPI 9.2.1 and earlier versions. A...