EUVD-2025-33577

Newforma Info Exchange NIX accepts serialized .NET data via the '/remoteweb/remote.rem' endpoint, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. The vulnerable endpoint is used by Newforma Project Center Server NPCS, so a...

CVE-2025-35053

Summary of findings (CVE-2025-35053): Newforma Info Exchange (NIX) exposes a vulnerability in the endpoint "/UserWeb/Common/MarkupServices.ashx" where the command DownloadExportedPDF allows an authenticated user to read and delete arbitrary files with the NT AUTHORITY\NetworkService privileges. T...

CVE-2025-35053 Newforma Info Exchange (NIX) arbitrary file read and delete

Newforma Info Exchange NIX accepts requests to '/UserWeb/Common/MarkupServices.ashx' specifying the 'DownloadExportedPDF' command that allow an authenticated user to read and delete arbitrary files with 'NT AUTHORITY\NetworkService' privileges. In Newforma before 2023.1, anonymous access is enabl...

CVE-2025-35050 Newforma Info Exchange (NIX) .NET unauthenticated deserialization

Newforma Info Exchange NIX accepts serialized .NET data via the '/remoteweb/remote.rem' endpoint, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. The vulnerable endpoint is used by Newforma Project Center Server NPCS, so a...

Newforma Project Center Server 安全漏洞

Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. A directory traversal vulnerability exists in Newforma Project...

PT-2025-41469

Name of the Vulnerable Software and Affected Versions Newforma Info Exchange NIX versions prior to 2023.1 Description Newforma Info Exchange NIX allows authenticated users to read and delete arbitrary files with 'NT AUTHORITYNetworkService' privileges through requests to the...

EUVD-2024-41548

Malicious code in bioql PyPI...

EUVD-2023-27931

Malicious code in bioql PyPI...

Citrix Session Recording Deserialization of Untrusted Data Vulnerability

Citrix Session Recording contains a deserialization of untrusted data vulnerability that allows limited remote code execution with privilege of a NetworkService Account access. Attacker must be an authenticated user on the same intranet as the session recording server...

The vulnerability of the SolarWinds Orion Platform’s network monitoring software lies in the use of dangerous methods or functions, allowing a malicious actor to execute arbitrary commands with privileges of NETWORK SERVICE.

The vulnerability of the SolarWinds Orion Platform’s network monitoring software is related to the use of dangerous methods or functions. Exploiting this vulnerability could allow a hacker to execute arbitrary commands with privileges of NETWORK SERVICE...

CVE-2023-23845

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges...

CVE-2023-23840

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges...

CVE-2023-23840

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges...

Design/Logic Flaw

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges...

CVE-2023-23845 SolarWinds Platform Exposed Dangerous Method Vulnerability

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges...

CVE-2023-23840 SolarWinds Platform Exposed Dangerous Method Vulnerability

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges...

CVE-2023-23840 SolarWinds Platform Exposed Dangerous Method Vulnerability

The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges...

PT-2023-7124 · Solarwinds · Solarwinds Orion Platform

Name of the Vulnerable Software and Affected Versions: SolarWinds Orion Platform affected versions not specified Description: The issue is related to an incorrect comparison vulnerability in the UpdateAction method of the SolarWinds Orion Platform. This vulnerability can be exploited by a remote...

PT-2023-5576 · Solarwinds · Solarwinds Orion Platform

Name of the Vulnerable Software and Affected Versions: SolarWinds Orion Platform affected versions not specified Description: The issue is related to the use of dangerous methods or functions in the SolarWinds Orion Platform, which can allow an attacker to execute arbitrary commands with NETWORK...

Design/Logic Flaw

The SolarWinds Platform was susceptible to the Incorrect Behavior Order Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with NETWORK SERVICE privileges...