Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Project Center — Vulnerabilities & Security Advisories 13

All 13 CVE vulnerabilities found in Project Center, with AI-generated Chinese analysis, references, and POCs.

Vendor: Newforma

CVE IDTitleCVSSSeverityPublished
CVE-2025-35061 Newforma Info Exchange (NIX) forced NTLMv2 authentication via /NPCSRemoteWeb/LegacyIntegrationServices.asmx CWE-294 5.9 Medium2025-10-09
CVE-2025-35062 Newforma Info Exchange (NIX) default anonymous access CWE-276 5.3 Medium2025-10-09
CVE-2025-35060 Newforma Info Exchange (NIX) stored XSS via SVG file upload CWE-79 5.5 Medium2025-10-09
CVE-2025-35059 Newforma Info Exchange (NIX) open URL redirect via /DownloadWeb/hyperlinkredirect.aspx CWE-601 4.3 Medium2025-10-09
CVE-2025-35058 Newforma Info Exchange (NIX) forced NTLMv2 authentication via /UserWeb/Common/MarkupServices.ashx CWE-294 5.9 Medium2025-10-09
CVE-2025-35057 Newforma Info Exchange (NIX) forced NTLMv2 authentication via /RemoteWeb/IntegrationServices.ashx CWE-294 5.3 Medium2025-10-09
CVE-2025-35056 Newforma Info Exchange (NIX) limited file read CWE-22 5.0 Medium2025-10-09
CVE-2025-35055 Newforma Info Exchange (NIX) insecure file upload CWE-22 8.8 High2025-10-09
CVE-2025-35054 Newforma Info Exchange (NIX) insufficiently protected credentials CWE-922 5.3 Medium2025-10-09
CVE-2025-35053 Newforma Info Exchange (NIX) arbitrary file read and delete CWE-22 6.4 Medium2025-10-09
CVE-2025-35052 Newforma Info Exchange (NIX) shared hard-coded secret key CWE-321 5.3 Medium2025-10-09
CVE-2025-35051 Newforma Project Center Server (NPCS) .NET unauthenticated deserialization CWE-502 9.8 Critical2025-10-09
CVE-2025-35050 Newforma Info Exchange (NIX) .NET unauthenticated deserialization CWE-502 9.8 Critical2025-10-09

All 13 known CVE vulnerabilities affecting Project Center with full Chinese analysis, references, and POCs where available.