Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Newforma — Vulnerabilities & Security Advisories 14

Browse all 14 CVE security advisories affecting Newforma. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Newforma provides project information management software for architecture, engineering, and construction industries. Historically, vulnerabilities have included remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation and authentication flaws. The platform has faced security incidents, including a 2021 vulnerability (CVE-2021-42312) allowing unauthorized access to project data. Security characteristics include integration with multiple third-party systems, increasing attack surface. While the company has addressed vulnerabilities through patches, the consistent presence of flaws in web interfaces and APIs suggests ongoing need for robust security testing in this specialized software sector.

Found 13 results / 14Clear Filters
Top products by Newforma: Project Center Project Center Server
CVE IDTitleCVSSSeverityPublished
CVE-2025-35061 Newforma Info Exchange (NIX) forced NTLMv2 authentication via /NPCSRemoteWeb/LegacyIntegrationServices.asmx — Project CenterCWE-294 5.9 Medium2025-10-09
CVE-2025-35062 Newforma Info Exchange (NIX) default anonymous access — Project CenterCWE-276 5.3 Medium2025-10-09
CVE-2025-35060 Newforma Info Exchange (NIX) stored XSS via SVG file upload — Project CenterCWE-79 5.5 Medium2025-10-09
CVE-2025-35059 Newforma Info Exchange (NIX) open URL redirect via /DownloadWeb/hyperlinkredirect.aspx — Project CenterCWE-601 4.3 Medium2025-10-09
CVE-2025-35058 Newforma Info Exchange (NIX) forced NTLMv2 authentication via /UserWeb/Common/MarkupServices.ashx — Project CenterCWE-294 5.9 Medium2025-10-09
CVE-2025-35057 Newforma Info Exchange (NIX) forced NTLMv2 authentication via /RemoteWeb/IntegrationServices.ashx — Project CenterCWE-294 5.3 Medium2025-10-09
CVE-2025-35056 Newforma Info Exchange (NIX) limited file read — Project CenterCWE-22 5.0 Medium2025-10-09
CVE-2025-35055 Newforma Info Exchange (NIX) insecure file upload — Project CenterCWE-22 8.8 High2025-10-09
CVE-2025-35054 Newforma Info Exchange (NIX) insufficiently protected credentials — Project CenterCWE-922 5.3 Medium2025-10-09
CVE-2025-35053 Newforma Info Exchange (NIX) arbitrary file read and delete — Project CenterCWE-22 6.4 Medium2025-10-09
CVE-2025-35052 Newforma Info Exchange (NIX) shared hard-coded secret key — Project CenterCWE-321 5.3 Medium2025-10-09
CVE-2025-35051 Newforma Project Center Server (NPCS) .NET unauthenticated deserialization — Project CenterCWE-502 9.8 Critical2025-10-09
CVE-2025-35050 Newforma Info Exchange (NIX) .NET unauthenticated deserialization — Project CenterCWE-502 9.8 Critical2025-10-09

This page lists every published CVE security advisory associated with Newforma. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.