CVE-2026-23638

Kiteworks CVE-2026-23638 is an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms, affecting versions prior to 9.3.0. An authenticated attacker can tamper with internal approval flow configurations of other users’ forms due to insufficient authorization checks on...

CVE-2026-23638 Kiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled Key

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated attacker to tamper with the internal approval flow configurations of forms belonging to other users due to insufficient...

EUVD-2026-33742

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated attacker to tamper with the internal approval flow configurations of forms belonging to other users due to insufficient...

CVE-2026-23638 Kiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled Key

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated attacker to tamper with the internal approval flow configurations of forms belonging to other users due to insufficient...

EUVD-2026-33713

Nextcloud is an open source content collaboration platform. From version 4.3.0 to before version 5.2.7, a removed collaborator retains unauthorized read access to uploaded respondent files for the affected form. The scope is limited to uploaded files for forms where that user previously had resul...

CVE-2026-45543 Nextcloud: Deleting a Forms collaborator share leaves uploaded response files accessible through a lingering Files share

Nextcloud is an open source content collaboration platform. From version 4.3.0 to before version 5.2.7, a removed collaborator retains unauthorized read access to uploaded respondent files for the affected form. The scope is limited to uploaded files for forms where that user previously had resul...

CVE-2026-48866

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: from n/a through 2.10.0.1...

CVE-2026-48866

CVE-2026-48866 concerns Gravity Forms for WordPress (Gravity Forms

CVE-2026-48866 WordPress Gravity Forms plugin <= 2.10.0.1 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: from n/a through 2.10.0.1...

EUVD-2026-33650

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: from n/a through 2.10.0.1...

CVE-2026-48866 WordPress Gravity Forms plugin <= 2.10.0.1 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Rocketgenius Inc. Gravity Forms allows Path Traversal. This issue affects Gravity Forms: from n/a through 2.10.0.1...

WordPress Gravity Forms plugin <= 2.10.0.1 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by daroo in WordPress Plugin Gravity Forms versions = 2.10.0.1...

Malicious Package

Overview collected-forms-embed-js is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

PT-2026-45505

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.3.0 Description An Insecure Direct Object Reference IDOR issue in Kiteworks Secure Data Forms allows an authenticated attacker to tamper with internal approval flow configurations of forms belonging to other users...

PT-2026-45653

Kiteworks is a private data network PDN. Prior to version 9.3.0, an Insecure Direct Object Reference IDOR vulnerability in Kiteworks Secure Data Forms allows an authenticated user to access metadata of resources belonging to other users due to insufficient authorization checks on resource...

PT-2026-45648

Kiteworks is a private data network PDN. Prior to version 9.3.0, a reflected XSS vulnerability in Kiteworks Secure Data Forms could allow an external attacker to trick a user into executing arbitrary JavaScript code. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

PT-2026-45440

Name of the Vulnerable Software and Affected Versions Gravity Forms versions prior to 2.10.0.2 Description An improper limitation of a pathname to a restricted directory, known as Path Traversal, exists in Gravity Forms. This allows an attacker to access files and directories outside of the...

PT-2026-45650

Kiteworks is a private data network PDN. Prior to version 9.3.0, a stored XSS vulnerability in Kiteworks Secure Data Forms could allow an authenticated attacker to execute arbitrary JavaScript code in other users' sessions. Upgrade Kiteworks to version 9.3.0 or later to receive a patch...

PT-2026-45654

Kiteworks is a private data network PDN. Prior to version 9.3.0,ultiple SQL Injection vulnerabilities in Kiteworks Secure Data Forms could be exploited by an authenticated attacker with the FormBuilder role to retrieve information on or modify other users' form definitions and some global...

NextCloud Forms security vulnerabilities

NextCloud Forms is an open-source, hosted questionnaire and form creation tool developed by NextCloud. Versions of NextCloud Forms prior to 5.2.6 contained a security vulnerability due to a lack of permission checks. This vulnerability could allow users to request access to other users’ form...