3 matches found
PT-2026-45505
Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.3.0 Description An Insecure Direct Object Reference IDOR issue in Kiteworks Secure Data Forms allows an authenticated attacker to tamper with internal approval flow configurations of forms belonging to other users...
CVE-2026-27943 OpenEMR's Eye Exam View Trusts form_id Without Verifying Patient/Encounter Ownership
OpenEMR is a free and open source electronic health records and medical practice management application. In versions up to and including 8.0.0, the eye exam eyemag view loads data by formid or equivalent without verifying that the form belongs to the current user’s patient/encounter context. An...
CVE-2026-1860 Kali Forms <= 2.4.8 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Form Data Exposure
The Kali Forms plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.4.8. This is due to the getitemspermissionscheck permission callback on the /kaliforms/v1/forms/id REST API endpoint only checking for the editposts capability without...