newgensoft CVE Vulnerabilities & Metrics

Focus on newgensoft vulnerabilities and metrics.

Last updated: 16 Jan 2026, 23:25 UTC

About newgensoft Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with newgensoft. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total newgensoft CVEs: 3
Earliest CVE date: 23 Feb 2010, 20:30 UTC
Latest CVE date: 15 Dec 2025, 17:15 UTC

Latest CVE reference: CVE-2025-65742

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): -100.0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): -100.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical newgensoft CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 5.0

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	1
4.0-6.9	2
7.0-8.9	2
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS newgensoft CVEs

These are the five CVEs with the highest CVSS scores for newgensoft, sorted by severity first and recency.

CVE-2011-3645 newgensoft Published on 27 Sep 2011, 19:55 UTC (CVSS: 7.5)
Newgen OmniDocs allows remote attackers to bypass intended access restrictions via (1) a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or (2) a modified UserIndex parameter to doccab/userprofile/editprofile.jsp, which selects the settings page of an arbitrary user.
CVE-2010-0701 newgensoft Published on 23 Feb 2010, 20:30 UTC (CVSS: 7.5)
SQL injection vulnerability in ForceChangePassword.jsp in Newgen Software OmniDocs allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
CVE-2020-35737 newgensoft Published on 30 Dec 2020, 20:15 UTC (CVSS: 5.0)
In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference.
CVE-2018-17791 newgensoft Published on 21 Aug 2019, 20:15 UTC (CVSS: 5.0)
Newgen OmniFlow Intelligent Business Process Suite (iBPS) 7.0 has an "improper server side validation" vulnerability where client-side validations are tampered, and inappropriate information is stored on the server side and fetched from the server every time the user visits the D, creating business confusion. In the worst case, all available resources are consumed while processing the data, res...
CVE-2025-65742 newgensoft Published on 15 Dec 2025, 17:15 UTC (CVSS: 0)
An unauthenticated Broken Function Level Authorization (BFLA) vulnerability in Newgen OmniDocs v11.0 allows attackers to obtain sensitive information and execute a full account takeover via a crafted API request.

All CVEs for newgensoft

CVE-2025-65742 newgensoft vulnerability CVSS: 0 15 Dec 2025, 17:15 UTC

An unauthenticated Broken Function Level Authorization (BFLA) vulnerability in Newgen OmniDocs v11.0 allows attackers to obtain sensitive information and execute a full account takeover via a crafted API request.

CVE-2020-35737 newgensoft vulnerability CVSS: 5.0 30 Dec 2020, 20:15 UTC

In Correspondence Management System (corms) in Newgen eGov 12.0, an attacker can modify other users' profile information by manipulating the unvalidated UserIndex parameter, aka Insecure Direct Object Reference.

CVE-2018-17791 newgensoft vulnerability CVSS: 5.0 21 Aug 2019, 20:15 UTC

Newgen OmniFlow Intelligent Business Process Suite (iBPS) 7.0 has an "improper server side validation" vulnerability where client-side validations are tampered, and inappropriate information is stored on the server side and fetched from the server every time the user visits the D, creating business confusion. In the worst case, all available resources are consumed while processing the data, resulting in unavailability of the service to legitimate users. This occurs because non-editable parameters can be modified by manually editing a disabled form field within the developer options.

CVE-2011-3645 newgensoft vulnerability CVSS: 7.5 27 Sep 2011, 19:55 UTC

Newgen OmniDocs allows remote attackers to bypass intended access restrictions via (1) a modified FolderRights parameter to doccab/doclist.jsp, which leads to arbitrary permission changes; or (2) a modified UserIndex parameter to doccab/userprofile/editprofile.jsp, which selects the settings page of an arbitrary user.

CVE-2010-0701 newgensoft vulnerability CVSS: 7.5 23 Feb 2010, 20:30 UTC

SQL injection vulnerability in ForceChangePassword.jsp in Newgen Software OmniDocs allows remote attackers to execute arbitrary SQL commands via unspecified vectors.