CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

RedhatCVE•added 2026/03/26 5:1 p.m.•5 views

CVE-2026-29092

Kiteworks is a private data network PDN. Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management allows blocked users to maintain active sessions after their account is disabled. This could allow unauthorized access to continue until the session naturally...

NVD•added 2026/03/25 5:16 p.m.•2 views

CVE-2026-29092

7.5CVSS0.00237EPSS

Cvelist•added 2026/03/25 4:59 p.m.•17 views

CVE-2026-29092 Kiteworks Email Protection Gateway has an Insufficient Session Expiration

4.9CVSS0.00237EPSS

Vulnrichment•added 2026/03/25 4:59 p.m.•1 views

CVE-2026-29092 Kiteworks Email Protection Gateway has an Insufficient Session Expiration

CVE•added 2026/03/25 4:59 p.m.•11 views

CVE-2026-29092

Kiteworks Email Protection Gateway has an insufficient session expiration vulnerability (CVE-2026-29092) affecting versions before 9.2.1. Prior to 9.2.1, blocked users could maintain active sessions after their account is disabled, potentially allowing unauthorized access until the session expire...

7.5CVSS5.8AI score0.00237EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 2026/03/25 4:59 p.m.•2 views

CVE-2026-29092

Exploits0References2Affected Software1

EUVD•added 2026/03/25 4:59 p.m.•3 views

EUVD-2026-15807

CNNVD•added 2026/03/25 12:0 a.m.•4 views

Kiteworks 代码问题漏洞

Kiteworks is a security private network data software developed by Kiteworks Corporation in the United States. Versions of Kiteworks prior to 9.2.1 contained code vulnerabilities. These vulnerabilities were due to issues with session management, which could allow users who have been blocked to...

7.5CVSS5.9AI score0.00237EPSS

Positive Technologies•added 2026/03/25 12:0 a.m.•4 views

PT-2026-28070

OSV•added 2026/03/03 1:29 p.m.•4 views

BIT-DISCOURSE-2026-27152 DIscourse has DM communication-preference bypass when adding members

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, DM communication-preference bypass when adding members via Chat::AddUsersToChannel — a user could add targets who have blocked/ignored/muted them to an existing DM channel, bypassing per-recipien...

5.3CVSS6AI score0.00158EPSS

RedhatCVE•added 2026/02/28 1:56 a.m.•4 views

CVE-2026-27152

5.3CVSS6AI score0.00158EPSS

NVD•added 2026/02/26 9:28 p.m.•5 views

CVE-2026-27152

5.3CVSS0.00158EPSS

EUVD•added 2026/02/26 8:0 p.m.•4 views

EUVD-2026-8891

5.3CVSS5.5AI score0.00158EPSS

ATTACKERKB•added 2026/02/26 8:0 p.m.•3 views

CVE-2026-27152

5.3CVSS5.8AI score0.00158EPSS

Exploits0References2Affected Software1

OSV•added 2026/02/26 8:0 p.m.•3 views

CVE-2026-27152 DIscourse has DM communication-preference bypass when adding members

5.3CVSS6AI score0.00158EPSS

Exploits0References3

Positive Technologies•added 2026/02/26 12:0 a.m.•6 views

PT-2026-22187

Name of the Vulnerable Software and Affected Versions Discourse versions prior to 2025.12.2 Discourse versions prior to 2026.1.1 Discourse versions prior to 2026.2.0 Description Discourse, an open source discussion platform, had a flaw where a user could add targets who had blocked, ignored, or...

5.3CVSS5.9AI score0.00158EPSS

Exploits0References9

NVD•added 2026/02/04 10:16 p.m.•6 views

CVE-2026-25540

Mastodon is a free, open-source social network server based on ActivityPub. Prior to versions 4.3.19, 4.4.13, 4.5.6, Mastodon is vulnerable to web cache poisoning via Rails.cache. When AUTHORIZEDFETCH is enabled, the ActivityPub endpoints for pinned posts and featured hashtags have contents that...

6.5CVSS0.00394EPSS

ATTACKERKB•added 2026/02/04 9:42 p.m.•3 views

CVE-2026-25540

6.5CVSS5.4AI score0.00394EPSS

Exploits0References2Affected Software1

Cvelist•added 2026/02/04 9:42 p.m.•25 views

CVE-2026-25540 Mastodon's signature-dependent ActivityPub collection responses cached under signature-independent keys (Web Cache Poisoning via `Rails.cache`)

6.5CVSS0.00394EPSS