CVE-2026-24754

Kiteworks is a private data network PDN. Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code in other users' sessions. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

CVE-2026-24782 Kiteworks Secure Data Forms has a SQL Injection vulnerability

Kiteworks is a private data network PDN. Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBuilder role to retrieve information on or modify other users' form definitions and some global...

CVE-2026-24755 Kiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled Key

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify permissions on resources belonging to other users due to insufficient authorization checks on resource...

CVE-2026-24752 Kiteworks Secure Data Forms Vulnerable to Cross-site Scripting

Kiteworks is a private data network PDN. Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

CVE-2026-24751

Kiteworks is a private data network PDN. Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

EUVD-2026-33749

Kiteworks is a private data network PDN. Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

CVE-2026-23638 Kiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled Key

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated attacker to tamper with the internal approval flow configurations of forms belonging to other users due to insufficient...

PT-2026-45555

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.3.0 Description A reflected Cross-Site Scripting XSS issue in Kiteworks Secure Data Forms allows an external attacker to trick a user into executing arbitrary JavaScript code. Cross-Site Scripting is a flaw where...

PT-2026-45650

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.3.0 Description A stored Cross-Site Scripting XSS issue in Kiteworks Secure Data Forms allows an authenticated attacker to execute arbitrary JavaScript code within the sessions of other users. Recommendations Upda...

PT-2026-45653

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.3.0 Description An Insecure Direct Object Reference IDOR issue in Kiteworks Secure Data Forms allows an authenticated user to access metadata of resources belonging to other users. This occurs because of...

UBUNTU-CVE-2026-26065

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers both 132-byte and 202-byte header variants that allow arbitrary file writes with arbitrary extension and arbitrary...

CVE-2026-26065

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers both 132-byte and 202-byte header variants that allow arbitrary file writes with arbitrary extension and arbitrary...

CVE-2026-26065 calibre: Path Traversal can Lead to Arbitrary File Write and Potential Code Execution

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers both 132-byte and 202-byte header variants that allow arbitrary file writes with arbitrary extension and arbitrary...

CVE-2026-26065 calibre: Path Traversal can Lead to Arbitrary File Write and Potential Code Execution

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below are vulnerable to Path Traversal through PDB readers both 132-byte and 202-byte header variants that allow arbitrary file writes with arbitrary extension and arbitrary...

CVE-2026-26064

CVE-2026-26064 affects calibre

CVE-2026-26064 calibre: Path Traversal Vulnerability Enables Arbitrary File Write and Remote Code Execution

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below contain a Path Traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows, this leads to Remote Code Execution by writin...

CVE-2026-25063 gradle-completion has a Bash command injection issue

gradle-completion provides Bash and Zsh completion support for Gradle. A command injection vulnerability was found in gradle-completion up to and including 9.3.0 that allows arbitrary code execution when a user triggers Bash tab completion in a project containing a malicious Gradle build file. Th...

CVE-2021-47892 PEEL Shopping 9.3.0 - 'Comments/Special Instructions' Stored Cross-Site Scripting

PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the 'Comments / Special Instructions' parameter of the purchase page. Attackers can inject malicious JavaScript payloads that will execute when the page is refreshed, potentially allowing client-side script execution...

PT-2026-3331

Name of the Vulnerable Software and Affected Versions Gradle versions prior to 9.3.0 Description Gradle, a build automation tool, has an issue where dependency resolution in versions before 9.3.0 does not treat certain exceptions as fatal errors. This allows Gradle to continue to subsequent...

Gradle security vulnerabilities

Gradle is a project build tool based on the JVM, developed by the American company Gradle Inc. It supports Maven, Ivy repositories, etc. Versions of Gradle prior to 9.3.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that certain exceptions were not treated as...