Lucene search
K

1099 matches found

NVD
NVD
added 2026/06/01 9:16 p.m.19 views

CVE-2026-24751

Kiteworks is a private data network PDN. Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

8.2CVSS0.00289EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 6:50 p.m.14 views

EUVD-2026-33749

Kiteworks is a private data network PDN. Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

8.2CVSS5.9AI score0.00289EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.13 views

PT-2026-45651

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.3.0 Description An Insecure Direct Object Reference IDOR issue in Kiteworks Secure Data Forms allows an authenticated user to modify permissions on resources belonging to other users. This occurs due to insufficie...

5.4CVSS5.5AI score0.00138EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.23 views

PT-2026-45555

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.3.0 Description A reflected Cross-Site Scripting XSS issue in Kiteworks Secure Data Forms allows an external attacker to trick a user into executing arbitrary JavaScript code. Cross-Site Scripting is a flaw where...

8.2CVSS5.6AI score0.00289EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.37 views

PT-2026-45648

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.3.0 Description Kiteworks is a private data network PDN. A reflected Cross-Site Scripting XSS issue in Kiteworks Secure Data Forms allows an external attacker to trick a user into executing arbitrary JavaScript...

8.2CVSS5.6AI score0.00283EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2026/05/29 9:48 a.m.107 views

Exploit for Deserialization of Untrusted Data in Google Android

Zygote Toolkit - CVE-2024-31317 This is a toolkit that uses C...

7.8CVSS5.6AI score0.00779EPSS
Exploits12
Cvelist
Cvelist
added 2026/05/28 8:29 p.m.32 views

CVE-2026-42071 MantisBT: Private Bugnote Attachment Content Leak via REST API

Mantis Bug Tracker MantisBT is an open source issue tracker. From 2.23.0 to 2.28.1, a missing authorization check in MantisBT's file visibility function allows any authenticated user REPORTER+ to download attachments on private bugnotes they should not be able to access, via the REST API endpoint...

7.2CVSS0.0026EPSS
Exploits0References5
Circl
Circl
added 2026/05/27 8:6 a.m.14 views

CVE-2026-27771

creationtimestamp| type| source ---|---|--- 2026-05-27 08:06:32+00:00| seen| https://thehackernews.com/2026/05/gitea-vulnerability-exposes-private.html 2026-05-27 10:09:05+00:00| seen| https://t.me/thehackernews/9089 2026-05-27 12:02:14+00:00| seen|...

8.2CVSS7.1AI score0.40738EPSS
Exploits1References21
NVD
NVD
added 2026/05/21 2:16 p.m.13 views

CVE-2025-13477

Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. This issue affects WifiBurada: through 21052026. NOTE: The vendor was contacted early about this...

7.1CVSS0.00224EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/21 12:41 p.m.11 views

CVE-2025-13477 OTP Bypass in Digital Operation Services' WifiBurada

Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. This issue affects WifiBurada: through 21052026. NOTE: The vendor was contacted early about this...

7.1CVSS5.8AI score0.00224EPSS
Exploits0References1
EUVD
EUVD
added 2026/05/21 12:41 p.m.11 views

EUVD-2025-209910

Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. This issue affects WifiBurada: through 21052026. NOTE: The vendor was contacted early about this...

7.1CVSS5.8AI score0.00224EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/05/21 12:41 p.m.44 views

CVE-2025-13477 OTP Bypass in Digital Operation Services' WifiBurada

Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. This issue affects WifiBurada: through 21052026. NOTE: The vendor was contacted early about this...

7.1CVSS0.00224EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/21 12:41 p.m.6 views

CVE-2025-13477

Exposure of private personal information to an unauthorized actor, Insufficiently Protected Credentials vulnerability in Digital Operations Services Inc. WifiBurada allows Authentication Bypass. This issue affects WifiBurada: through 21052026. NOTE: The vendor was contacted early about this...

7.1CVSS5.8AI score0.00224EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/21 12:0 a.m.10 views

Digital Operation Services WiFiBurada 安全漏洞

Digital Operation Services WiFiBurada is an application developed by Digital Operation Services. Versions of Digital Operation Services WiFiBurada dated before May 20, 2026, have security vulnerabilities. These vulnerabilities stem from the exposure of private personal information to unauthorized...

7.1CVSS5.8AI score0.00224EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: net: phy: dp83822: Fix null pointer access on DP83825/DP83826 devices The probe function is only used for the DP83822 PHY; the private data pointer remains uninitialized for the smaller DP83825/26 models. While all uses of the...

5.5CVSS5.5AI score0.00246EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Net: FDDI – Fixed a UAF Use-after-Free issue in fzaprobe. “FP” is netdev private data, and it cannot be used after the freenetdev call. Using “FP” after freenetdev can cause a UAF bug. This issue was fixed by moving the freenetde...

7.8CVSS6.1AI score0.00231EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintelpcie: Memory allocation for driver-private data was not performed. The issue was that the driver did not allocate memory for the struct btinteldata structure, which is used to store internal data...

5.5CVSS5.9AI score0.00205EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/05/15 7:57 p.m.17 views

CVE-2026-42031

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed ...

9.8CVSS5.9AI score0.01815EPSS
Exploits0References1
OSV
OSV
added 2026/05/14 8:26 p.m.12 views

GHSA-4G37-7P2C-38R9 Open WebUI Vulnerable to IDOR: Retrieval API Bypasses Knowledge Base Access Controls

IDOR: Retrieval API Bypasses Knowledge Base Access Controls Author: Andrew Orr Summary validatecollectionaccess PR 22109 checks the user-memory- and file- collection name prefixes but does not check knowledge base collections, which use raw UUIDs as collection names. Any authenticated user who...

7.5CVSS5.9AI score0.00331EPSS
Exploits1References5
NVD
NVD
added 2026/05/13 7:17 p.m.18 views

CVE-2026-42031

CKAN is an open-source DMS data management system for powering data hubs and data portals. Prior to 2.10.10 and 2.11.5, a vulnerability in datastoresearchsql allowed attackers to inject SQL in order to gain access to private resources and PostgreSQL system information This vulnerability is fixed ...

9.8CVSS0.01815EPSS
Exploits0References1
Rows per page
Query Builder