CVE-2025-50900

CVE-2025-50900 affects getrebuild/rebuild 4.0.4. The issue resides in com.rebuild.web.RebuildWebInterceptor.preHandle, where the filter decodes the request URI and checks if the path ends with /error. If it does not, the code redirects to /user/login, potentially allowing an unauthenticated attac...

apache-cxf: Bypass of security constraints on WS endpoints when using WSS4JInInterceptor

The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to obtain access to SOAP services via an HTTP GET request...