28676 matches found
Code-Projects Project Monitoring System SQL注入漏洞
Project Monitoring System is a project monitoring system. Project Monitoring System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter uid in the file /useredit.php. An attacker can exploit this vulnerabilit...
CVE-2025-60378
Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject arbitrary HTML into invoices and messages. Injected content renders in emails, PDFs, and messaging/chat modules sent to clients or team members, enabling phishing, credential theft, and business emai...
CVE-2025-60378
CVE-2025-60378 affects RISE Ultimate Project Manager & CRM. A stored HTML injection allows authenticated users to inject arbitrary HTML into invoices and messages, with injected content rendering in emails, PDFs, and messaging/chat modules sent to clients or team members. This enables phishing, c...
PT-2025-41605
Name of the Vulnerable Software and Affected Versions code-projects Project Monitoring System version 1.0 Description A SQL injection issue exists in the Project Monitoring System 1.0. The flaw is located in an unknown function within the /useredit.php script. Manipulation of the uid parameter...
CVE-2025-60378
Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject arbitrary HTML into invoices and messages. Injected content renders in emails, PDFs, and messaging/chat modules sent to clients or team members, enabling phishing, credential theft, and business emai...
EUVD-2025-33577
Newforma Info Exchange NIX accepts serialized .NET data via the '/remoteweb/remote.rem' endpoint, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. The vulnerable endpoint is used by Newforma Project Center Server NPCS, so a...
EUVD-2025-33576
Newforma Project Center Server NPCS accepts serialized .NET data via the '/ProjectCenter.rem' endpoint on 9003/tcp, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. According to the recommended architecture, the vulnerable NPCS...
CVE-2025-61779
Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn't check if the kbs-client submitting the request was actually authenticated had the right key...
CVE-2025-35050
Newforma Info Exchange NIX accepts serialized .NET data via the '/remoteweb/remote.rem' endpoint, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. The vulnerable endpoint is used by Newforma Project Center Server NPCS, so a...
CVE-2025-35051
Newforma Project Center Server NPCS accepts serialized .NET data via the '/ProjectCenter.rem' endpoint on 9003/tcp, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. According to the recommended architecture, the vulnerable NPCS...
CVE-2025-35051
Newforma Project Center Server NPCS accepts serialized .NET data via the '/ProjectCenter.rem' endpoint on 9003/tcp, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. According to the recommended architecture, the vulnerable NPCS...
CVE-2025-61779
The CVE-2025-61779 issue affects Confidential Containers' Trustee project. In versions before 0.15.0, the attestation-policy endpoint did not verify that the kbs-client submitting a request was actually authenticated, allowing an unauthenticated client to change the attestation policy. The vulner...
CVE-2025-61779 Trustee's attestation-policy endpoint is not protected by admin autentication
Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn't check if the kbs-client submitting the request was actually authenticated had the right key...
EUVD-2025-33556
Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn't check if the kbs-client submitting the request was actually authenticated had the right key...
CVE-2025-35051 Newforma Project Center Server (NPCS) .NET unauthenticated deserialization
Newforma Project Center Server NPCS accepts serialized .NET data via the '/ProjectCenter.rem' endpoint on 9003/tcp, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. According to the recommended architecture, the vulnerable NPCS...
CVE-2025-35051 Newforma Project Center Server (NPCS) .NET unauthenticated deserialization
Newforma Project Center Server NPCS accepts serialized .NET data via the '/ProjectCenter.rem' endpoint on 9003/tcp, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. According to the recommended architecture, the vulnerable NPCS...
CVE-2025-35051
CVE-2025-35051 affects Newforma Project Center Server (NPCS). The vulnerability exists because NPCS accepts serialized .NET data via the “/ProjectCenter.rem” endpoint on port 9003, enabling a remote, unauthenticated attacker to execute arbitrary code with the NT AUTHORITY\NetworkService privilege...
Newforma Project Center multiple vulnerabilities
RISK EVALUATION Newforma Project Center contains multiple vulnerabilities. In the worst case, successful exploitation could allow unauthenticated, remote code execution. 2. RECOMMENDED PRACTICES Follow updated hardening guides and upgrade to most recent version of Newforma Project Center. 3...
Newforma Project Center Server 安全漏洞
Newforma Project Center Server is a project information management solution for the Architecture, Engineering and Construction AEC industry from Newforma for centralized storage and management of project documents and collaboration. Newforma Project Center Server suffers from an information...
Security Bulletin: NVIDIA GPU Display Drivers - October 2025
NVIDIA has released a software security update for NVIDIA GPU Display Driver to address the issues that are disclosed in this bulletin. To protect your system, download and install this software update through the NVIDIA Driver Downloads page or, for the vGPU software and Cloud Gaming updates,...