VYPR

Kiteworks

by Accellion

CVEs (12)

  • CVE-2026-24752HigJun 1, 2026
    risk 0.53cvss 8.2epss 0.00

    Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a…

  • CVE-2026-24751HigJun 1, 2026
    risk 0.53cvss 8.2epss 0.00

    Kiteworks is a private data network (PDN). Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a…

  • CVE-2016-5662HigAug 26, 2016
    risk 0.51cvss 7.8epss 0.00

    Accellion Kiteworks appliances before kw2016.03.00 use setuid-root permissions for /opt/bin/cli, which allows local users to gain privileges via unspecified vectors.

  • CVE-2026-24782HigJun 1, 2026
    risk 0.49cvss 7.6epss 0.01

    Kiteworks is a private data network (PDN). Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBuilder role to retrieve information on or modify other users' form definitions and…

  • CVE-2026-24753MedJun 1, 2026
    risk 0.42cvss 6.5epss 0.00

    Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resources belonging to other users due to insufficient authorization checks on…

  • CVE-2026-23638MedJun 1, 2026
    risk 0.42cvss 6.5epss 0.00

    Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated attacker to tamper with the internal approval flow configurations of forms belonging to other users…

  • CVE-2016-5663MedAug 26, 2016
    risk 0.40cvss 6.1epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in oauth_callback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers to inject arbitrary web script or HTML via the (1) code, (2) error, or (3) error_description parameter.

  • CVE-2026-24755MedJun 1, 2026
    risk 0.35cvss 5.4epss 0.00

    Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify permissions on resources belonging to other users due to insufficient authorization…

  • CVE-2026-24754MedJun 1, 2026
    risk 0.35cvss 5.4epss 0.00

    Kiteworks is a private data network (PDN). Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code in other users' sessions. Upgrade Kiteworks to version 9.3.0 or later to…

  • CVE-2026-24756MedJun 1, 2026
    risk 0.28cvss 4.3epss 0.00

    Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify resources belonging to other users due to insufficient authorization checks on…

  • CVE-2016-5664MedAug 26, 2016
    risk 0.28cvss 4.3epss 0.02

    Directory traversal vulnerability on Accellion Kiteworks appliances before kw2016.03.00 allows remote attackers to read files via a crafted URI.

  • CVE-2026-24761LowJun 1, 2026
    risk 0.24cvss 3.7epss 0.00

    Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metadata of resources belonging to other users due to insufficient authorization…