Supr4S

Researcher fromYesWeHack
#11150of 53,630
24.7Total CVSS
Vulnerabilities · 4
Medium
3
High
1
PT-2026-45648
8.2
2026-06-01
Kiteworks · Kiteworks · CVE-2026-24752
**Name of the Vulnerable Software and Affected Versions** Kiteworks versions prior to 9.3.0 **Description** Kiteworks is a private data network (PDN). A reflected Cross-Site Scripting (XSS) issue in Kiteworks Secure Data Forms allows an external attacker to trick a user into executing arbitrary JavaScript code. **Recommendations** Upgrade to version 9.3.0 or later.
PT-2026-35724
6.5
2026-04-28
Devolutions · Devolutions Server · CVE-2026-6706
**Name of the Vulnerable Software and Affected Versions** Devolutions Server versions prior to 2026.1.14.1 **Description** Improper access control in the vault documentation feature allows an authenticated attacker to read documentation content from unauthorized vaults by sending a crafted API request. **Recommendations** Update to a version later than 2026.1.14.0.
PT-2022-6377
5.0
2022-12-21
Nextcloud · Nextcloud Mail · CVE-2023-23943
**Name of the Vulnerable Software and Affected Versions** Nextcloud mail versions prior to 1.15.0 Nextcloud mail versions prior to 2.2.2 **Description** The issue is related to insufficient validation of incoming requests in the Nextcloud mail client, allowing a remote attacker to scan internal services and servers accessible from the local network of the Nextcloud server. The SMTP, IMAP, and Sieve host fields are affected, enabling the scanning of internal services and servers reachable from within the local network of the Nextcloud Server. **Recommendations** For versions prior to 1.15.0, upgrade to 1.15.0 to resolve the issue. For versions prior to 2.2.2, upgrade to 2.2.2 to resolve the issue. As a temporary workaround, consider completely disabling the Nextcloud mail app until a patch is available.
PT-2022-19420
5.0
2022-05-20
Nextcloud · Nextcloud Deck · CVE-2022-29159
**Name of the Vulnerable Software and Affected Versions** Nextcloud Deck versions prior to 1.4.8 Nextcloud Deck versions prior to 1.5.6 Nextcloud Deck versions prior to 1.6.1 **Description** Nextcloud Deck is a Kanban-style project and personal management tool for Nextcloud. In affected versions, an authenticated user can move stacks with cards from their own board to a board of another user. **Recommendations** For versions prior to 1.4.8, update to version 1.4.8 or later. For versions prior to 1.5.6, update to version 1.5.6 or later. For versions prior to 1.6.1, update to version 1.6.1 or later.