CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

EUVD•added 3 days ago•7 views

EUVD-2026-33839

4.3CVSS5.8AI score0.00026EPSS

Cvelist•added 3 days ago•25 views

CVE-2026-24756 Kiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled Key

4.3CVSS0.00026EPSS

EUVD•added 3 days ago•7 views

EUVD-2026-33838

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify permissions on resources belonging to other users due to insufficient authorization checks on resource...

5.4CVSS5.8AI score0.00021EPSS

Cvelist•added 3 days ago•24 views

CVE-2026-24755 Kiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled Key

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify permissions on resources belonging to other users due to insufficient authorization checks on resource...

5.4CVSS0.00021EPSS

CVE•added 3 days ago•10 views

CVE-2026-24755

Kiteworks Secure Data Forms (prior to v9.3.0) contains an Insecure Direct Object Reference (IDOR) vulnerability that allows an authenticated user to modify permissions on resources belonging to other users due to insufficient authorization checks on resource ownership. A patch is available in Kit...

5.4CVSS5.8AI score0.00021EPSS

Exploits0References1Affected Software1

ATTACKERKB•added 3 days ago•8 views

CVE-2026-24755

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify permissions on resources belonging to other users due to insufficient authorization checks on resource...

5.4CVSS5.8AI score0.00021EPSS

CVE•added 3 days ago•10 views

CVE-2026-24753

Kiteworks (PDN) prior to 9.3.0 is affected by an Insecure Direct Object Reference (IDOR) in Secure Data Forms. An authenticated user can modify resources belonging to other users due to insufficient authorization checks on resource ownership. A patch is available in version 9.3.0 and later; upgra...

Exploits0References1Affected Software1

Snyk•added 3 days ago•4 views

Malicious Package

Overview imillegal5 is a malicious package. This package is part of a malicious npm campaign that abused the registry to distribute ad-supported web proxy applications disguised as educational websites. The package contains web assets intended to bypass network restrictions and generate advertisi...

9.8CVSS5.8AI score

Exploits0References2

NVD•added 3 days ago•6 views

CVE-2026-23638

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated attacker to tamper with the internal approval flow configurations of forms belonging to other users due to insufficient...

6.5CVSS0.00026EPSS

ATTACKERKB•added 3 days ago•6 views

CVE-2026-23638

Vulnrichment•added 3 days ago•8 views

CVE-2026-23638 Kiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled Key

EUVD•added 3 days ago•6 views

EUVD-2026-33742

OSV•added 3 days ago•6 views

CGA-JJG9-854C-P759

Bulletin has no description...

6.3CVSS5.7AI score0.00014EPSS

Exploits1

Github Security Blog•added 3 days ago•12 views

praisonai-platform: Issue endpoints accept any issue_id without workspace ownership check, cross-workspace read/update/delete IDOR

Summary Type: Insecure Direct Object Reference. The issue CRUD endpoints GET / PATCH / DELETE /workspaces/workspaceid/issues/issueid gate access on requireworkspacememberworkspaceid only, then resolve issueid through IssueService.getissueid which is a primary-key lookup with no workspace...

5.8AI score

OSV•added 3 days ago•2 views

GHSA-XWQ8-FRCG-77Q8 praisonai-platform: Issue endpoints accept any issue_id without workspace ownership check, cross-workspace read/update/delete IDOR

8.3CVSS5.8AI score

Exploits0References2

OSV•added 3 days ago•2 views

GHSA-CP4F-5M9R-5JC2 praisonai-platform: Comment endpoints accept any issue_id without workspace ownership check, cross-workspace comment read and post IDOR

Summary Type: Insecure Direct Object Reference. The comment endpoints POST /workspaces/workspaceid/issues/issueid/comments and GET .../comments gate access on requireworkspacememberworkspaceid only, then call CommentService.createissueid=issueid, ... and CommentService.listforissueissueid without...

8.1CVSS5.9AI score

Exploits0References2

Github Security Blog•added 3 days ago•11 views

praisonai-platform: Comment endpoints accept any issue_id without workspace ownership check, cross-workspace comment read and post IDOR

5.9AI score

Github Security Blog•added 3 days ago•10 views

praisonai-platform: Project endpoints accept any project_id without workspace ownership check, cross-workspace read/update/delete IDOR

Summary Type: Insecure Direct Object Reference. The project CRUD endpoints GET / PATCH / DELETE /workspaces/workspaceid/projects/projectid and GET .../projectid/stats gate access on requireworkspacememberworkspaceid only, then resolve projectid through ProjectService.getprojectid / updateprojecti...

5.8AI score