Lucene search
K

21265 matches found

OSV
OSV
added 2025/04/04 10:15 a.m.4 views

CVE-2025-2245

A server-side request forgery SSRF vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte %00...

5.3CVSS5.9AI score
Exploits0References1
NVD
NVD
added 2025/04/04 10:15 a.m.8 views

CVE-2025-2245

A server-side request forgery SSRF vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte %00...

6.9CVSS0.00276EPSS
Exploits0References1
CVE
CVE
added 2025/04/04 9:54 a.m.71 views

CVE-2025-2245

CVE-2025-2245 describes an SSRF in Bitdefender GravityZone Update Server when in Relay Mode. The HTTP proxy on port 7074 uses a domain allowlist but fails to sanitize hostnames containing null-byte sequences (e.g., evil.com%00.bitdefender.com), allowing an attacker to bypass the allowlist and for...

6.9CVSS6.7AI score0.00276EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/04/04 9:54 a.m.17 views

CVE-2025-2245 Server Side Request Forgery in GravityZone Update Server Using Null Bytes (VA-12646)

A server-side request forgery SSRF vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte %00...

6.9CVSS0.00276EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/04/04 9:54 a.m.10 views

CVE-2025-2245 Server Side Request Forgery in GravityZone Update Server Using Null Bytes (VA-12646)

A server-side request forgery SSRF vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte %00...

6.9CVSS7.3AI score0.00276EPSS
Exploits0References1
Veracode
Veracode
added 2025/04/04 4:36 a.m.20 views

Relative Path Traversal

Apache Commons VFS is vulnerable to Relative Path Traversal. The vulnerability is due to improper validation in the resolveFile method, which allows encoded ".." sequences to bypass descendant path restrictions and access unintended files...

7.5CVSS6.6AI score0.01277EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2025/04/04 12:0 a.m.18 views

SUSE SLES15: tomcat / tomcat-admin-webapps / tomcat-docs-webapp / etc (SUSE-SU-2025:1126-1)

The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:1126-1 advisory. - CVE-2025-24813: Fixed potential RCE and/or information disclosure/corruption with partial PUT bsc1239302 - Update t...

10CVSS7.1AI score0.99945EPSS
Exploits58References7
Positive Technologies
Positive Technologies
added 2025/04/04 12:0 a.m.6 views

PT-2025-14875 · Bitdefender · Bitdefender Gravityzone Update Server

Name of the Vulnerable Software and Affected Versions: Bitdefender GravityZone Update Server affected versions not specified Description: A server-side request forgery SSRF issue exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 707...

6.9CVSS6.6AI score0.00276EPSS
Exploits0References8
IBM Security Bulletins
IBM Security Bulletins
added 2025/04/03 11:21 p.m.69 views

Security Bulletin: Multiple vulnerabilities affect IBM Data Virtualization on Cloud Pak for Data (January 2025)

Summary Multiple vulnerabilities have been addressed in IBM Data Virtualization on Cloud Pak for Data. Note that IBM Data Virtualization was named Watson Query in IBM Cloud Pak for Data version 4.6, 4.7, and 4.8. Vulnerability Details CVEID:CVE-2022-46363 DESCRIPTION: Apache CXF could allow a...

10CVSS10AI score0.10608EPSS
Exploits11Affected Software1
SUSE Linux
SUSE Linux
added 2025/04/03 11:51 a.m.5 views

Security update for tomcat

This update for tomcat fixes the following issues: CVE-2025-24813: Fixed potential RCE and/or information disclosure/corruption with partial PUT bsc1239302 Update to Tomcat 9.0.102 Fixes: launch with java 17 bsc1239676 Catalina Fix: Weak etags in the If-Range header should not match as strong eta...

9.2CVSS9.2AI score0.99945EPSS
Exploits58References8
OSV
OSV
added 2025/04/03 11:51 a.m.20 views

SUSE-SU-2025:1126-1 Security update for tomcat

This update for tomcat fixes the following issues: - CVE-2025-24813: Fixed potential RCE and/or information disclosure/corruption with partial PUT bsc1239302 - Update to Tomcat 9.0.102 Fixes: + launch with java 17 bsc1239676 Catalina + Fix: Weak etags in the If-Range header should not match as...

10CVSS7.2AI score0.99945EPSS
Exploits58References5
Schneier on Security
Schneier on Security
added 2025/04/03 11:5 a.m.12 views

Web 3.0 Requires Data Integrity

If you've ever taken a computer security class, you've probably learned about the three legs of computer security--confidentiality, integrity, and availability--known as the CIA triad. When we talk about a system being secure, that's what we're referring to. All are important, but to different...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2025/04/02 12:0 a.m.334 views

ABB Cylon Aspect 3.08.01 - Arbitrary File Delete

Exploit Title : ABB Cylon Aspect 3.08.01 - Arbitrary File Delete Vendor: ABB Ltd. Product web page: https://www.global.abb Affected version: NEXUS Series, MATRIX-2 Series, ASPECT-Enterprise, ASPECT-Studio Firmware: =3.08.01 Summary: ASPECT is an award-winning scalable building energy management a...

10CVSS7.8AI score0.17159EPSS
Exploits3
Snyk
Snyk
added 2025/04/01 6:31 p.m.1 views

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal through the squelette parameter. An attacker can read arbitrary files on the server by submitting specially crafted path traversal sequences. PoC...

8.6CVSS7.6AI score0.05401EPSS
Exploits6References2
OSV
OSV
added 2025/04/01 6:31 p.m.10 views

GHSA-W34W-FVP3-68XM Yeswiki Path Traversal vulnerability allows arbitrary read of files

Summary The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. The payload ../../../../../../etc/passwd was submitted in the squelette parameter. The requested file was returned in the application's response. Details File path...

8.6CVSS7AI score0.05401EPSS
Exploits6References4
Github Security Blog
Github Security Blog
added 2025/04/01 6:31 p.m.35 views

Yeswiki Path Traversal vulnerability allows arbitrary read of files

Summary The squelette parameter is vulnerable to path traversal attacks, enabling read access to arbitrary files on the server. The payload ../../../../../../etc/passwd was submitted in the squelette parameter. The requested file was returned in the application's response. Details File path...

8.6CVSS7AI score0.05401EPSS
Exploits6References4Affected Software1
RedHat Linux
RedHat Linux
added 2025/04/01 3:20 p.m.6 views

rack: rubygem-rack: Local File Inclusion in Rack::Static

A flaw was found in RackRubygems, where Rack::Static does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly validated, allowing attackers to access files outside the designated static file directory. This flaw allows a...

7.5CVSS6.6AI score0.01068EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/04/01 3:15 p.m.5 views

rack: rubygem-rack: Local File Inclusion in Rack::Static

A flaw was found in RackRubygems, where Rack::Static does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly validated, allowing attackers to access files outside the designated static file directory. This flaw allows a...

7.5CVSS6.6AI score0.01068EPSS
Exploits0References6
RedHat Linux
RedHat Linux
added 2025/04/01 3:15 p.m.4 views

rack: rubygem-rack: Local File Inclusion in Rack::Static

A flaw was found in RackRubygems, where Rack::Static does not properly sanitize user-supplied paths before serving files. Specifically, encoded path traversal sequences are not correctly validated, allowing attackers to access files outside the designated static file directory. This flaw allows a...

7.5CVSS6.6AI score0.01068EPSS
Exploits0References6
GithubExploit
GithubExploit
added 2025/04/01 2:23 p.m.560 views

Exploit for CVE-2025-0401

CVE-2025-0401 - Local Privilege Escalation via SUID Binary Abu...

6.9CVSS7.6AI score0.01239EPSS
Exploits1
Rows per page
Query Builder