Lucene search
K

74 matches found

Nuclei
Nuclei
added 2 days ago24 views

TRUfusion Enterprise <= 7.10.4.0 - Admin Contact Portal

TRUfusion Enterprise versions 7.10.4.0 and earlier contained a vulnerability that allowed unauthenticated access to the Internal Admin Contact Page, resulting in the disclosure of PII including partner and contact names. id: CVE-2025-27225 info: name: TRUfusion Enterprise = 7.10.4.0 - Admin Conta...

7.5CVSS5.9AI score0.17464EPSS
Exploits1References3
Nuclei
Nuclei
added 2026/04/03 7:34 a.m.9 views

Rocket TRUfusion Enterprise - Server Side Request Forgery

Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource. id: CVE-2025-32355 info: name: Rocket TRUfusi...

7.9CVSS7.4AI score0.01249EPSS
Exploits1References2
VulnCheck KEV
VulnCheck KEV
added 2026/03/31 12:0 a.m.6 views

VulnCheck KEV: CVE-2025-32355

Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource...

7.9CVSS5.8AI score0.01249EPSS
In wildExploits1References2
Nuclei
Nuclei
added 2026/03/09 5:27 a.m.12 views

TRUfusion Enterprise <= 7.10.4.0 - Path Traversal

Pre-Auth Path Traversal Allowing to Leak Local server files disclosing sensitive clear-text passwords. id: CVE-2025-27222 info: name: TRUfusion Enterprise = 7.10.4.0 - Path Traversal author: DhiyaneshDK,rcesecurity severity: critical description: | Pre-Auth Path Traversal Allowing to Leak Local...

8.6CVSS5.8AI score0.01895EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2026/03/07 12:0 a.m.7 views

VulnCheck KEV: CVE-2025-27222

TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to retrieve files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to read any local server file...

8.6CVSS5.8AI score0.01895EPSS
In wildExploits1References12
RedhatCVE
RedhatCVE
added 2026/02/18 1:41 a.m.7 views

CVE-2025-59793

Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn't properly sanitize the jobDirectory parameter, which allows path traversal sequences to be included. This...

9.9CVSS6AI score0.01027EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/02/18 1:41 a.m.7 views

CVE-2025-32355

Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource...

7.9CVSS5.5AI score0.01249EPSS
Exploits1References1
NVD
NVD
added 2026/02/17 8:22 p.m.8 views

CVE-2025-32355

Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource...

7.9CVSS0.01249EPSS
Exploits1References3
CVE
CVE
added 2026/02/17 12:0 a.m.16 views

CVE-2025-32355

CVE-2025-32355 affects Rocket TRUfusion Enterprise up to version 7.10.4.0, where the built-in reverse proxy can be misconfigured to accept absolute URLs in the HTTP request line. This enables server-side requests to load arbitrary resources via the proxy, constituting a server-side request forger...

7.9CVSS5.5AI score0.01249EPSS
In wildExploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.7 views

PT-2026-20237

Name of the Vulnerable Software and Affected Versions Rocket TRUfusion Enterprise versions through 7.10.4.0 Description The Rocket TRUfusion Enterprise reverse proxy is misconfigured, permitting the specification of absolute URLs within HTTP request lines. This configuration flaw allows the proxy...

7.9CVSS5.5AI score0.01249EPSS
Exploits1References15
ATTACKERKB
ATTACKERKB
added 2026/02/17 12:0 a.m.5 views

CVE-2025-59793

Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn't properly sanitize the jobDirectory parameter, which allows path traversal sequences to be included. This...

6.1AI score0.01027EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/02/17 12:0 a.m.27 views

CVE-2025-59793

Rocket TRUfusion Enterprise through 7.10.5 exposes the endpoint at /axis2/services/WsPortalV6UpDwAxis2Impl to authenticated users to be able to upload files. However, the application doesn't properly sanitize the jobDirectory parameter, which allows path traversal sequences to be included. This...

0.01027EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/02/17 12:0 a.m.2 views

CVE-2025-32355

Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource...

5.8AI score0.01249EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/17 12:0 a.m.27 views

CVE-2025-32355

Rocket TRUfusion Enterprise through 7.10.4.0 uses a reverse proxy to handle incoming connections. However, the proxy is misconfigured in a way that allows specifying absolute URLs in the HTTP request line, causing the proxy to load the given resource...

0.01249EPSS
Exploits1References3
Nuclei
Nuclei
added 2026/02/04 7:0 a.m.11 views

TRUfusion Enterprise <= 7.10.4.0 - Authentication Bypass

Hard-Coded Cryptographic key allowing to forge session cookies that can be used to entirely bypass authentication id: CVE-2025-27223 info: name: TRUfusion Enterprise = 7.10.4.0 - Authentication Bypass author: DhiyaneshDK,rcesecurity severity: critical description: | Hard-Coded Cryptographic key...

7.5CVSS6.7AI score0.02102EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/10/28 12:27 a.m.10 views

CVE-2025-27225

TRUfusion Enterprise through 7.10.4.0 exposes the /trufusionPortal/jsp/internaladmincontactlogin.jsp endpoint to unauthenticated users. This endpoint discloses sensitive internal information including PII to unauthenticated attackers...

7.5CVSS6.6AI score0.17464EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/10/28 12:27 a.m.8 views

CVE-2025-27223

TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism for some endpoints such as /trufusionPortal/getProjectList. However, the application uses a static key to create the encrypted cookie, ultimately allowing anyone to forge cookies and gain access to...

7.5CVSS7AI score0.02102EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/10/28 12:27 a.m.10 views

CVE-2025-27224

TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to write to any filename with any file...

9.8CVSS7AI score0.00796EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/10/28 12:27 a.m.10 views

CVE-2025-27222

TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to retrieve files. However, the application doesn't properly sanitize the input to this endpoint, ultimately allowing path traversal sequences to be included. This can be used to read any local server file...

8.6CVSS6.4AI score0.01895EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/27 6:31 p.m.5 views

EUVD-2025-36211

TRUfusion Enterprise through 7.10.4.0 exposes the /trufusionPortal/jsp/internaladmincontactlogin.jsp endpoint to unauthenticated users. This endpoint discloses sensitive internal information including PII to unauthenticated attackers...

7.5CVSS6.2AI score0.17464EPSS
Exploits1References4
Rows per page
Query Builder