Lucene search
K

10 matches found

Cvelist
Cvelist
added 2026/03/25 4:59 p.m.20 views

CVE-2026-29092 Kiteworks Email Protection Gateway has an Insufficient Session Expiration

Kiteworks is a private data network PDN. Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management allows blocked users to maintain active sessions after their account is disabled. This could allow unauthorized access to continue until the session naturally...

4.9CVSS0.00237EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:59 p.m.2 views

CVE-2026-29092 Kiteworks Email Protection Gateway has an Insufficient Session Expiration

Kiteworks is a private data network PDN. Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management allows blocked users to maintain active sessions after their account is disabled. This could allow unauthorized access to continue until the session naturally...

4.9CVSS5.8AI score0.00237EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:58 p.m.25 views

CVE-2026-23636 Kiteworks Secure Data Forms is vulnerable to an Unrestricted Upload of File with Dangerous Type

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, the manager of a form could potentially exploit an Unrestricted Upload of File with Dangerous Type due to a missing validation. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

5.5CVSS0.00988EPSS
Exploits0References1
EUVD
EUVD
added 2026/03/25 4:58 p.m.7 views

EUVD-2026-15541

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, the manager of a form could potentially exploit an Unrestricted Upload of File with Dangerous Type due to a missing validation. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

5.5CVSS5.8AI score0.00988EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 4:57 p.m.23 views

CVE-2026-23635 Kiteworks Secure Data Forms has a potential Unprotected Transport of Credentials

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of the security attributes could potentially lead to Unprotected Transport of Credentials under certain circumstances. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

6.5CVSS0.00317EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/25 4:57 p.m.5 views

CVE-2026-23635 Kiteworks Secure Data Forms has a potential Unprotected Transport of Credentials

Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms prior to version 9.2.1, a misconfiguration of the security attributes could potentially lead to Unprotected Transport of Credentials under certain circumstances. Upgrade Kiteworks to version 9.2.1 or later to receive a patch...

6.5CVSS5.8AI score0.00317EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.7 views

PT-2026-27785

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.2.1 Description Kiteworks is a private data network PDN. In Kiteworks Secure Data Forms, an authenticated attacker could exploit an Improper Neutralization of Input During Web Page Generation, resulting in Stored...

7.6CVSS5.9AI score0.00236EPSS
Exploits0References4
IBM Security Bulletins
IBM Security Bulletins
added 2026/03/05 6:24 p.m.8 views

Security Bulletin: InfoSphere Data Architect 9.2.1

Summary Multiple Vulnerabilites has been fixed. IBM strongly recommends addressing the vulnerability now by upgrading to release 9.2.1 Vulnerability Details CVEID:CVE-2022-46363 DESCRIPTION: A vulnerability in Apache CXF before versions 3.5.5 and 3.4.10 allows an attacker to perform a remote...

7.5CVSS6AI score0.01193EPSS
Exploits1Affected Software1
OSV
OSV
added 2023/12/22 11:6 a.m.4 views

OESA-2023-1974 trafficserver security update

Apache Traffic Server is an OpenSource HTTP / HTTPS / HTTP/2 / QUIC reverse, forward and transparent proxy and cache. Security Fixes: Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Software Foundation Apache Traffic Server.This issue affects Apache Traffic...

7.5CVSS6.9AI score0.01879EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2021/01/06 1:23 p.m.49 views

Security Bulletin: IBM MQ Appliance is affected by a cross-site scripting vulnerability (CVE-2020-7676)

Summary IBM MQ Appliance has addressed a cross-site scripting vulnerability. Vulnerability Details CVEID: CVE-2020-7676 DESCRIPTION: angular.js is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject...

5.4CVSS1.1AI score0.02142EPSS
Exploits0Affected Software1
Rows per page
Query Builder