Lucene search
K
RocketsoftwareTrufusion Enterprise

8 matches found

CVE
CVE
added 2023/01/12 12:0 a.m.56 views

CVE-2022-25026

CVE-2022-25026 is a Server-Side Request Forgery in Rocket TRUfusion Portal v7.9.2.1. An attacker can trigger requests to /trufusionPortal/upDwModuleProxy to access internal resources. CVSS v3.1 base score 7.5 (HIGH); vector AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. No exploitation details or remediati...

7.5CVSS7.6AI score0.24353EPSS
CVE
CVE
added 2023/01/12 12:0 a.m.50 views

CVE-2022-25027

The CVE-2022-25027 entry concerns Rocket TRUfusion Portal v7.9.2.1, where the Forgotten Password flow can bypass authentication by validating the user’s session token after clicking the Password forgotten?; this is described across multiple sources (NVD, Red Hat CVE entries, OSV) as an authentica...

7.5CVSS7.7AI score0.01057EPSS
CVE
CVE
added 2025/10/27 12:0 a.m.22 views

CVE-2025-27222

TRUfusion Enterprise ≤ 7.10.4.0 is impacted by a pre-auth path-traversal in the /trufusionPortal/getCobrandingData endpoint. The unsanitized input can cause the traversal sequences to be processed, allowing an unauthenticated attacker to read arbitrary local files accessible to the TRUfusion user...

8.6CVSS6.1AI score0.01895EPSS
In wild
CVE
CVE
added 2025/10/27 12:0 a.m.22 views

CVE-2025-27224

TRUfusion Enterprise (versions up to 7.10.4.0) is affected by insecure handling of the /trufusionPortal/fileupload endpoint, where input is not properly sanitized, enabling path traversal sequences to write arbitrary files anywhere on the local server and potentially execute code. Root cause: ins...

9.8CVSS6.7AI score0.00803EPSS
CVE
CVE
added 2025/10/27 12:0 a.m.20 views

CVE-2025-27225

TRUfusion Enterprise (versions

7.5CVSS6.3AI score0.17601EPSS
CVE
CVE
added 2026/02/17 12:0 a.m.19 views

CVE-2025-59793

CVE-2025-59793 Details (MODE C) Rocket TRUfusion Enterprise (

9.9CVSS6.1AI score0.01027EPSS
CVE
CVE
added 2025/10/27 12:0 a.m.16 views

CVE-2025-27223

TRUfusion Enterprise

7.5CVSS6.7AI score0.0212EPSS
In wild
CVE
CVE
added 2026/02/17 12:0 a.m.16 views

CVE-2025-32355

CVE-2025-32355 affects Rocket TRUfusion Enterprise up to version 7.10.4.0, where the built-in reverse proxy can be misconfigured to accept absolute URLs in the HTTP request line. This enables server-side requests to load arbitrary resources via the proxy, constituting a server-side request forger...

7.9CVSS5.5AI score0.01249EPSS
In wild