Lucene search
+L

132 matches found

OSV
OSV
added 2025/10/09 9:15 p.m.6 views

CVE-2025-35060

Newforma Info Exchange NIX provides a 'Send a File Transfer' feature that allows a remote, authenticated attacker to upload SVG files that contain JavaScript or other content that may be executed or rendered by a web browser using a mobile user agent...

5.4CVSS5.8AI score0.00201EPSS
Exploits0References2
NVD
NVD
added 2025/10/09 9:15 p.m.11 views

CVE-2025-35052

Newforma Info Exchange NIX uses a hard-coded key to encrypt certain query parameters. Some encrypted parameter values can specify paths to download files, potentially bypassing authentication and authorization, for example, the 'qs' parameter used in '/DownloadWeb/download.aspx'. This key is shar...

6.3CVSS0.00347EPSS
Exploits0References2
NVD
NVD
added 2025/10/09 9:15 p.m.5 views

CVE-2025-35053

Newforma Info Exchange NIX accepts requests to '/UserWeb/Common/MarkupServices.ashx' specifying the 'DownloadExportedPDF' command that allow an authenticated user to read and delete arbitrary files with 'NT AUTHORITY\NetworkService' privileges. In Newforma before 2023.1, anonymous access is enabl...

6.4CVSS0.00378EPSS
Exploits0References3
OSV
OSV
added 2025/10/09 9:15 p.m.4 views

CVE-2025-35052

Newforma Info Exchange NIX uses a hard-coded key to encrypt certain query parameters. Some encrypted parameter values can specify paths to download files, potentially bypassing authentication and authorization, for example, the 'qs' parameter used in '/DownloadWeb/download.aspx'. This key is shar...

6.3CVSS5.8AI score0.00347EPSS
Exploits0References2
OSV
OSV
added 2025/10/09 9:15 p.m.6 views

CVE-2025-35054

Newforma Info Exchange NIX stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\Credentials'. The credentials are encrypted but the encryption key is stored in the same registry location. Authenticated users can access both the credentials and the encryption key. If...

5.3CVSS5.8AI score0.00074EPSS
Exploits0References2
NVD
NVD
added 2025/10/09 9:15 p.m.22 views

CVE-2025-35057

Newforma Info Exchange NIX '/RemoteWeb/IntegrationServices.ashx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the NIX service account...

6CVSS0.00305EPSS
Exploits0References2
NVD
NVD
added 2025/10/09 9:15 p.m.10 views

CVE-2025-35056

Newforma Info Exchange NIX '/UserWeb/Common/MarkupServices.ashx' 'StreamStampImage' accepts an encrypted file path and returns an image of the specified file. An authenticated attacker can read arbitrary files subject to the privileges of NIX, typically 'NT AUTHORITY\NetworkService', and the...

5.3CVSS0.0033EPSS
Exploits0References3
NVD
NVD
added 2025/10/09 9:15 p.m.5 views

CVE-2025-35055

Newforma Info Exchange NIX '/UserWeb/Common/UploadBlueimp.ashx' allows an authenticated attacker to upload an arbitrary file to any location writable by the NIX application. An attacker can upload and run a web shell or other content executable by the web server. An attacker can also delete...

8.8CVSS0.00504EPSS
Exploits0References3
OSV
OSV
added 2025/10/09 9:15 p.m.3 views

CVE-2025-35056

Newforma Info Exchange NIX '/UserWeb/Common/MarkupServices.ashx' 'StreamStampImage' accepts an encrypted file path and returns an image of the specified file. An authenticated attacker can read arbitrary files subject to the privileges of NIX, typically 'NT AUTHORITY\NetworkService', and the...

5CVSS5.9AI score0.00346EPSS
Exploits0References3
OSV
OSV
added 2025/10/09 9:15 p.m.6 views

CVE-2025-35055

Newforma Info Exchange NIX '/UserWeb/Common/UploadBlueimp.ashx' allows an authenticated attacker to upload an arbitrary file to any location writable by the NIX application. An attacker can upload and run a web shell or other content executable by the web server. An attacker can also delete...

8.7CVSS5.9AI score0.00504EPSS
Exploits0References3
OSV
OSV
added 2025/10/09 9:15 p.m.9 views

CVE-2025-35057

Newforma Info Exchange NIX '/RemoteWeb/IntegrationServices.ashx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the NIX service account...

6CVSS5.8AI score0.00305EPSS
Exploits0References2
OSV
OSV
added 2025/10/09 9:15 p.m.7 views

CVE-2025-35053

Newforma Info Exchange NIX accepts requests to '/UserWeb/Common/MarkupServices.ashx' specifying the 'DownloadExportedPDF' command that allow an authenticated user to read and delete arbitrary files with 'NT AUTHORITY\NetworkService' privileges. In Newforma before 2023.1, anonymous access is enabl...

6.4CVSS5.9AI score0.00378EPSS
Exploits0References3
OSV
OSV
added 2025/10/09 9:15 p.m.9 views

CVE-2025-35058

Newforma Info Exchange NIX '/UserWeb/Common/MarkupServices.ashx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the customer-configured NIX service account...

5.9CVSS5.8AI score0.00353EPSS
Exploits0References2
NVD
NVD
added 2025/10/09 9:15 p.m.8 views

CVE-2025-35058

Newforma Info Exchange NIX '/UserWeb/Common/MarkupServices.ashx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the customer-configured NIX service account...

8.2CVSS0.00353EPSS
Exploits0References2
NVD
NVD
added 2025/10/09 9:15 p.m.9 views

CVE-2025-35054

Newforma Info Exchange NIX stores credentials used to configure NPCS in 'HKLM\Software\WOW6432Node\Newforma\Credentials'. The credentials are encrypted but the encryption key is stored in the same registry location. Authenticated users can access both the credentials and the encryption key. If...

5.3CVSS0.00074EPSS
Exploits0References2
OSV
OSV
added 2025/10/09 9:15 p.m.6 views

CVE-2025-35051

Newforma Project Center Server NPCS accepts serialized .NET data via the '/ProjectCenter.rem' endpoint on 9003/tcp, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. According to the recommended architecture, the vulnerable NPCS...

7.7CVSS6.1AI score0.00789EPSS
Exploits0References3
NVD
NVD
added 2025/10/09 9:15 p.m.5 views

CVE-2025-35050

Newforma Info Exchange NIX accepts serialized .NET data via the '/remoteweb/remote.rem' endpoint, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. The vulnerable endpoint is used by Newforma Project Center Server NPCS, so a...

9.8CVSS0.00861EPSS
Exploits0References4
OSV
OSV
added 2025/10/09 9:15 p.m.6 views

CVE-2025-35050

Newforma Info Exchange NIX accepts serialized .NET data via the '/remoteweb/remote.rem' endpoint, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. The vulnerable endpoint is used by Newforma Project Center Server NPCS, so a...

9.3CVSS6.1AI score0.00861EPSS
Exploits0References4
NVD
NVD
added 2025/10/09 9:15 p.m.7 views

CVE-2025-35051

Newforma Project Center Server NPCS accepts serialized .NET data via the '/ProjectCenter.rem' endpoint on 9003/tcp, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. According to the recommended architecture, the vulnerable NPCS...

9.8CVSS0.00789EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/10/09 8:22 p.m.11 views

CVE-2025-35061 Newforma Info Exchange (NIX) forced NTLMv2 authentication via /NPCSRemoteWeb/LegacyIntegrationServices.asmx

Newforma Info Exchange NIX '/NPCSRemoteWeb/LegacyIntegrationServices.asmx' allows a remote, unauthenticated attacker to cause NIX to make an SMB connection to an attacker-controlled system. The attacker can capture the NTLMv2 hash of the user-configured NIX service account...

8.2CVSS0.00353EPSS
Exploits0References2
Rows per page
Query Builder