CVE-2024-29210

A local privilege escalation LPE vulnerability has been identified in Phish Alert Button for Outlook PAB, specifically within its configuration management functionalities. This vulnerability allows a regular user to modify the application's configuration file to redirect update checks to an...

CVE-2019-12764

An issue was discovered in Joomla! before 3.9.7. The update server URL of comjoomlaupdate can be manipulated by non Super-Admin users...

PT-2025-20110 · Unknown · Iulia Cazan Easy Replace Image

Name of the Vulnerable Software and Affected Versions: Iulia Cazan Easy Replace Image versions prior to 3.5.0 Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability, which allows for Server Side Request Forgery. Recommendations: For versions prior to 3.5.0, update t...

CVE-2025-2245

A server-side request forgery SSRF vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte %00...

CVE-2025-2245 Server Side Request Forgery in GravityZone Update Server Using Null Bytes (VA-12646)

A server-side request forgery SSRF vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte %00...

CVE-2025-2245

CVE-2025-2245 describes an SSRF in Bitdefender GravityZone Update Server when in Relay Mode. The HTTP proxy on port 7074 uses a domain allowlist but fails to sanitize hostnames containing null-byte sequences (e.g., evil.com%00.bitdefender.com), allowing an attacker to bypass the allowlist and for...

CVE-2025-2245 Server Side Request Forgery in GravityZone Update Server Using Null Bytes (VA-12646)

A server-side request forgery SSRF vulnerability exists in the Bitdefender GravityZone Update Server when operating in Relay Mode. The HTTP proxy component on port 7074 uses a domain allowlist to restrict outbound requests, but fails to properly sanitize hostnames containing null-byte %00...

Bitdefender GravityZone Update Server 代码问题漏洞

Bitdefender GravityZone Update Server is a solution for managing and distributing update files on the Bitdefender GravityZone administrator console from Bitdefender Romania. A code issue vulnerability exists in Bitdefender GravityZone Update Server versions prior to 3.5.2.689, which is rooted in...

CVE-2025-2516

The use of a weak cryptographic key pair in the signature verification process in WPS Office Kingsoft on Windows allows an attacker who successfully recovered the private key to sign components. As older versions of WPS Office did not validate the update server's certificate, an...

CVE-2025-1002

MicroDicom DICOM Viewer version 2024.03 fails to adequately verify the update server's certificate, which could make it possible for attackers in a privileged network position to alter network traffic and carry out a machine-in-the-middle MITM attack. This allows the attackers to modify the...

CVE-2025-1002

MicroDicom DICOM Viewer version 2024.03 fails to adequately verify the update server's certificate, which could make it possible for attackers in a privileged network position to alter network traffic and carry out a machine-in-the-middle MITM attack. This allows the attackers to modify the...

PT-2025-6014 · Unknown · Microdicom Dicom Viewer

Name of the Vulnerable Software and Affected Versions: MicroDicom DICOM Viewer version 2024.03 Description: The issue arises from the software's failure to adequately verify the update server's certificate. This could allow attackers in a privileged network position to alter network traffic and...

CVE-2024-39287

Dorsett Controls Central Server update server has potential information leaks with an unprotected file that contains passwords and API keys...

CVE-2024-6980

A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-5 running only on premise...

CVE-2024-6980

A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-5 running only on premise...

CVE-2024-6980 Verbose error handling issue in GravityZone Update Server proxy service

A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-5 running only on premise...

CVE-2024-6980 Verbose error handling issue in GravityZone Update Server proxy service

A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-5 running only on premise...

PT-2024-38018 · Bitdefender · Gravityzone Console

Name of the Vulnerable Software and Affected Versions: GravityZone Console versions prior to 6.38.1-5 Description: A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects...

CVE-2024-4177

A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-2 that are running only on premise...

CVE-2024-4177

A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-2 that are running only on premise...