VYPR
Vendor

Nintex

Products
6
CVEs
5
Across products
8
Status
Private

Products

6

Recent CVEs

5
  • CVE-2025-27926Mar 10, 2025
    risk 0.00cvss epss 0.00

    In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files (web.config) containing passwords that are readable by unauthorized users.

  • CVE-2025-27924Mar 10, 2025
    risk 0.00cvss epss 0.00

    Nintex Automation 5.6 and 5.7 before 5.8 has a stored XSS issue associated with the "Navigate to a URL" action.

  • CVE-2025-27925Mar 10, 2025
    risk 0.00cvss epss 0.00

    Nintex Automation 5.6 and 5.7 before 5.8 has insecure deserialization of user input.

  • CVE-2022-38167Nov 14, 2022
    risk 0.00cvss epss 0.00

    The Nintex Workflow plugin 5.2.2.30 for SharePoint allows XSS.

  • CVE-2015-7299Oct 21, 2015
    risk 0.00cvss epss 0.02

    SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter.