Accellion

Kiteworks

22 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2026-24782

  • EPSS 0.67%
  • Veröffentlicht 01.06.2026 22:00:24
  • Zuletzt bearbeitet 03.06.2026 15:16:31

Kiteworks is a private data network (PDN). Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBuilder role to retrieve information on or modify othe...

4.3

CVE-2026-24761

  • EPSS 0.14%
  • Veröffentlicht 01.06.2026 21:52:53
  • Zuletzt bearbeitet 03.06.2026 15:17:56

Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metadata of resources belonging to other users due to in...

4.3

CVE-2026-24756

  • EPSS 0.15%
  • Veröffentlicht 01.06.2026 21:51:04
  • Zuletzt bearbeitet 03.06.2026 15:26:29

Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resources belonging to other users due to insufficient a...

5.4

CVE-2026-24755

  • EPSS 0.14%
  • Veröffentlicht 01.06.2026 21:49:22
  • Zuletzt bearbeitet 03.06.2026 15:27:51

Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify permissions on resources belonging to other users due to...

5.4

CVE-2026-24754

  • EPSS 0.14%
  • Veröffentlicht 01.06.2026 21:46:56
  • Zuletzt bearbeitet 03.06.2026 15:28:15

Kiteworks is a private data network (PDN). Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code in other users' sessions. Upgrade Kiteworks to ver...

6.5

CVE-2026-24753

  • EPSS 0.17%
  • Veröffentlicht 01.06.2026 21:45:59
  • Zuletzt bearbeitet 03.06.2026 15:28:43

Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resources belonging to other users due to insufficient a...

8.2

CVE-2026-24752

  • EPSS 0.28%
  • Veröffentlicht 01.06.2026 21:43:25
  • Zuletzt bearbeitet 03.06.2026 15:29:15

Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9....

8.2

CVE-2026-24751

  • EPSS 0.29%
  • Veröffentlicht 01.06.2026 18:50:07
  • Zuletzt bearbeitet 03.06.2026 15:29:40

Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9....

6.5

CVE-2026-23638

  • EPSS 0.18%
  • Veröffentlicht 01.06.2026 18:11:35
  • Zuletzt bearbeitet 03.06.2026 15:30:28

Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated attacker to tamper with the internal approval flow configurations of fo...

7.5

CVE-2026-29092

  • EPSS 0.24%
  • Veröffentlicht 25.03.2026 16:59:55
  • Zuletzt bearbeitet 27.03.2026 19:01:19

Kiteworks is a private data network (PDN). Prior to version 9.2.1, a vulnerability in Kiteworks Email Protection Gateway session management allows blocked users to maintain active sessions after their account is disabled. This could allow unauthorize...