VYPR
Vendor

Newgensoft

Products
4
CVEs
10
Across products
10
Status
Private

Products

4

Recent CVEs

10
  • CVE-2020-35737HigDec 30, 2020
    risk 0.53cvss 7.5epss 0.10

    In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference.

  • CVE-2025-69907HigJan 23, 2026
    risk 0.49cvss 7.5epss 0.01

    An unauthenticated information disclosure vulnerability exists in Newgen OmniDocs due to missing authentication and access control on the /omnidocs/GetListofCabinet API endpoint. A remote attacker can access this endpoint without valid credentials to retrieve sensitive internal…

  • CVE-2024-39033HigFeb 6, 2025
    risk 0.49cvss 7.5epss 0.00

    In Newgensoft OmniDocs 11.0_SP1_03_006, Insecure Direct Object Reference (IDOR) in the getuserproperty function allows user's configuration and PII to be stolen.

  • CVE-2018-17791HigAug 21, 2019
    risk 0.49cvss 7.5epss 0.02

    Newgen OmniFlow Intelligent Business Process Suite (iBPS) 7.0 has an "improper server side validation" vulnerability where client-side validations are tampered, and inappropriate information is stored on the server side and fetched from the server every time the user visits the…

  • CVE-2026-5414MedApr 2, 2026
    risk 0.34cvss 5.3epss 0.00

    A security flaw has been discovered in Newgen OmniDocs up to 12.0.00. Affected by this issue is some unknown functionality of the file /omnidocs/WebApiRequestRedirection. The manipulation of the argument DocumentId results in improper control of resource identifiers. The attack…

  • CVE-2026-5413LowApr 2, 2026
    risk 0.24cvss 3.7epss 0.00

    A vulnerability was identified in Newgen OmniDocs up to 12.0.00. Affected by this vulnerability is an unknown functionality of the file /omnidocs/GetWebApiConfiguration. The manipulation of the argument connectionDetails leads to information disclosure. The attack is possible to…

  • CVE-2011-3645Sep 27, 2011
    risk 0.03cvss epss 0.03

    Newgen OmniDocs allows remote attackers to bypass intended access restrictions via (1) a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or (2) a modified UserIndex parameter to doccab/userprofile/editprofile.jsp, which selects…

  • CVE-2010-0701Feb 23, 2010
    risk 0.03cvss epss 0.01

    SQL injection vulnerability in ForceChangePassword.jsp in Newgen Software OmniDocs allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

  • CVE-2025-69908Jan 23, 2026
    risk 0.00cvss epss 0.00

    An unauthenticated information disclosure vulnerability in Newgen OmniApp allows attackers to enumerate valid privileged usernames via a publicly accessible client-side JavaScript resource.

  • CVE-2025-65742Dec 15, 2025
    risk 0.00cvss epss 0.00

    An unauthenticated Broken Function Level Authorization (BFLA) vulnerability in Newgen OmniDocs v11.0 allows attackers to obtain sensitive information and execute a full account takeover via a crafted API request.