EUVD-2025-9720

Malicious code in bioql PyPI...

CVE-2025-2243

Bitdefender GravityZone Console (GravityZone Console) is affected by CVE-2025-2243, an SSRF vulnerability where an attacker may bypass input validation by using leading characters in DNS requests. The issue affects GravityZone Console versions before 6.41.2.1. Root cause: flawed input validation ...

CVE-2025-2243 SSRF in GravityZone Console via DNS Truncation (VA-12634)

A server-side request forgery SSRF vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code. This issue...

CVE-2025-2243 SSRF in GravityZone Console via DNS Truncation (VA-12634)

A server-side request forgery SSRF vulnerability in Bitdefender GravityZone Console allows an attacker to bypass input validation logic using leading characters in DNS requests. Paired with other potential vulnerabilities, this bypass could be used for execution of third party code. This issue...

CVE-2025-2244 Insecure PHP deserialization issue in GravityZone Console (VA-12634)

A vulnerability in the sendMailFromRemoteSource method in Emails.php as used in Bitdefender GravityZone Console unsafely uses php unserialize on user-supplied input without validation. By crafting a malicious serialized payload, an attacker can trigger PHP object injection, perform a file write,...

CVE-2025-2244 Insecure PHP deserialization issue in GravityZone Console (VA-12634)

A vulnerability in the sendMailFromRemoteSource method in Emails.php as used in Bitdefender GravityZone Console unsafely uses php unserialize on user-supplied input without validation. By crafting a malicious serialized payload, an attacker can trigger PHP object injection, perform a file write,...

PT-2025-14873 · Bitdefender · Bitdefender Gravityzone Console

Name of the Vulnerable Software and Affected Versions: Bitdefender GravityZone Console versions prior to 6.41.2.1 Description: A server-side request forgery SSRF issue allows an attacker to bypass input validation logic using leading characters in DNS requests. This could potentially be used for...

PT-2025-14874 · Bitdefender · Bitdefender Gravityzone Console

Name of the Vulnerable Software and Affected Versions: Bitdefender GravityZone Console affected versions not specified Description: A vulnerability exists in the sendMailFromRemoteSource method in Emails.php, which unsafely uses the php unserialize function on user-supplied input without...

CVE-2024-6980

The CVE-2024-6980 entry concerns Bitdefender GravityZone: GravityZone Console on-premises prior to 6.38.1-5, where a verbose error handling issue in the Update Server proxy service enables server-side request forgery (SSRF). The vulnerability affects the proxy component (GravityZone Update Server...

CVE-2024-6980 Verbose error handling issue in GravityZone Update Server proxy service

A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-5 running only on premise...

PT-2024-38018 · Bitdefender · Gravityzone Console

Name of the Vulnerable Software and Affected Versions: GravityZone Console versions prior to 6.38.1-5 Description: A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects...

CVE-2024-4177

A host whitelist parser issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-2 that are running only on premise...

CVE-2024-4177

The CVE-2024-4177 issue affects Bitdefender GravityZone Update Server (on‑premise) with GravityZone Console versions prior to 6.38.1-2. The root cause is a host whitelist parser in the proxy service, enabling server-side request forgery (SSRF). Impact is high/critical per sources, with network at...

CVE-2022-2830

Deserialization of Untrusted Data vulnerability in the message processing component of Bitdefender GravityZone Console allows an attacker to pass unsafe commands to the environment. This issue affects: Bitdefender GravityZone Console On-Premise versions prior to 6.29.2-1. Bitdefender GravityZone...

CVE-2022-2830

CVE-2022-2830 describes a Deserialization of Untrusted Data vulnerability in Bitdefender GravityZone Console’s message processing component. Affected: GravityZone Console On-Premise < 6.29.2-1 and GravityZone Cloud Console

CVE-2022-2830

Deserialization of Untrusted Data vulnerability in the message processing component of Bitdefender GravityZone Console allows an attacker to pass unsafe commands to the environment. This issue affects: Bitdefender GravityZone Console On-Premise versions prior to 6.29.2-1. Bitdefender GravityZone...