Nintex

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-27926 1Nintex 1Automation Jan 29, 2026 Mar 10, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 In Nintex Automation 5.6 and 5.7 before 5.8, the K2 SmartForms Designer folder has configuration files (web.config) containing passwords that are readable by unauthorized users.
CVE-2025-27925 1Nintex 1Automation Jan 29, 2026 Mar 10, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Nintex Automation 5.6 and 5.7 before 5.8 has insecure deserialization of user input.
CVE-2025-27924 1Nintex 1Automation Jan 30, 2026 Mar 10, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Nintex Automation 5.6 and 5.7 before 5.8 has a stored XSS issue associated with the "Navigate to a URL" action.
CVE-2022-38167 1Nintex 1Workflow May 1, 2025 Nov 14, 2022 N/A· v4 6.1 MEDIUM· v3 N/A· v2 The Nintex Workflow plugin 5.2.2.30 for SharePoint allows XSS.
CVE-2015-7299 1Nintex 3K2 Blackpearl K2 For SharepointK2 Smartforms May 6, 2026 Oct 21, 2015 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in Runtime/Runtime/AjaxCall.ashx in K2 blackpearl, smartforms, and K2 for SharePoint 4.6.7 allows remote attackers to execute arbitrary SQL commands via the xml parameter.