Vendor
Nintex
Products
6
CVEs
5
Across products
8
Status
Private
Products
6- 3 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
Recent CVEs
5| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-27926 | 0.00 | — | 0.00 | Mar 10, 2025 | In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files (web.config) containing passwords that are readable by unauthorized users. | |||
| CVE-2025-27924 | 0.00 | — | 0.00 | Mar 10, 2025 | Nintex Automation 5.6 and 5.7 before 5.8 has a stored XSS issue associated with the "Navigate to a URL" action. | |||
| CVE-2025-27925 | 0.00 | — | 0.00 | Mar 10, 2025 | Nintex Automation 5.6 and 5.7 before 5.8 has insecure deserialization of user input. | |||
| CVE-2022-38167 | 0.00 | — | 0.00 | Nov 14, 2022 | The Nintex Workflow plugin 5.2.2.30 for SharePoint allows XSS. | |||
| CVE-2015-7299 | 0.00 | — | 0.02 | Oct 21, 2015 | SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter. |
- CVE-2025-27926Mar 10, 2025risk 0.00cvss —epss 0.00
In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files (web.config) containing passwords that are readable by unauthorized users.
- CVE-2025-27924Mar 10, 2025risk 0.00cvss —epss 0.00
Nintex Automation 5.6 and 5.7 before 5.8 has a stored XSS issue associated with the "Navigate to a URL" action.
- CVE-2025-27925Mar 10, 2025risk 0.00cvss —epss 0.00
Nintex Automation 5.6 and 5.7 before 5.8 has insecure deserialization of user input.
- CVE-2022-38167Nov 14, 2022risk 0.00cvss —epss 0.00
The Nintex Workflow plugin 5.2.2.30 for SharePoint allows XSS.
- CVE-2015-7299Oct 21, 2015risk 0.00cvss —epss 0.02
SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter.