Open Forms

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-28803 MEDIUM This Month

Open Forms versions prior to 3.3.13 and 3.4.5 allow authenticated attackers to access arbitrary form submissions through submission reference enumeration or manipulation in the cosigning workflow. An attacker with valid credentials can guess or modify cosigner codes to retrieve submissions they should not have access to, resulting in unauthorized information disclosure.

Authentication Bypass Open Forms
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2025-64515 MEDIUM PATCH Monitor

Open Forms allows users create and publish smart forms. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Open Forms
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2026-28803
EPSS 0% CVSS 6.5
MEDIUM This Month

Open Forms versions prior to 3.3.13 and 3.4.5 allow authenticated attackers to access arbitrary form submissions through submission reference enumeration or manipulation in the cosigning workflow. An attacker with valid credentials can guess or modify cosigner codes to retrieve submissions they should not have access to, resulting in unauthorized information disclosure.

Authentication Bypass Open Forms
NVD GitHub VulDB
CVE-2025-64515
EPSS 0% CVSS 4.3
MEDIUM PATCH Monitor

Open Forms allows users create and publish smart forms. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure Open Forms
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy