CVE-2025-35052
- EPSS 0.07%
- Veröffentlicht 09.10.2025 20:20:00
- Zuletzt bearbeitet 22.10.2025 15:56:25
Newforma Info Exchange (NIX) uses a hard-coded key to encrypt certain query parameters. Some encrypted parameter values can specify paths to download files, potentially bypassing authentication and authorization, for example, the 'qs' parameter used ...
CVE-2025-35051
- EPSS 0.27%
- Veröffentlicht 09.10.2025 20:19:43
- Zuletzt bearbeitet 09.01.2026 18:18:15
Newforma Project Center Server (NPCS) accepts serialized .NET data via the '/ProjectCenter.rem' endpoint on 9003/tcp, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. According to th...
CVE-2025-35050
- EPSS 0.33%
- Veröffentlicht 09.10.2025 20:19:12
- Zuletzt bearbeitet 09.01.2026 18:19:59
Newforma Info Exchange (NIX) accepts serialized .NET data via the '/remoteweb/remote.rem' endpoint, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. The vulnerable endpoint is used b...
CVE-2024-32499
- EPSS 0.53%
- Veröffentlicht 28.04.2025 00:00:00
- Zuletzt bearbeitet 22.10.2025 15:06:49
Newforma Project Center Server through 2023.3.0.32259 allows remote code execution because .NET Remoting is exposed.