Filtered by vendor Getrebuild
Subscriptions
Filtered by product Rebuild
Subscriptions
Total
5 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-46413 | 1 Getrebuild | 1 Rebuild | 2025-08-26 | 5.1 Medium |
| Rebuild v3.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the type parameter in the com.rebuild.web.admin.rbstore.RBStoreController#loadDataIndex method. | ||||
| CVE-2024-46412 | 1 Getrebuild | 1 Rebuild | 2025-08-26 | 6.5 Medium |
| Incorrect access control in the prehandle function of Rebuild v3.7.7 allows attackers to bypass authentication via a crafted GET request sent to /commons/ip-location. | ||||
| CVE-2025-50900 | 1 Getrebuild | 1 Rebuild | 2025-08-26 | 9.8 Critical |
| An issue was discovered in getrebuild/rebuild 4.0.4. The affected source code class is com.rebuild.web.RebuildWebInterceptor, and the affected function is preHandle In the filter code, use CodecUtils.urlDecode(request.getRequestURI()) to obtain the URL-decoded request path, and then determine whether the path endsWith /error. If so, execute return true to skip this Interceptor. Else, redirect to /user/login api. Allowing unauthenticated attackers to gain sensitive information or escalated privileges. | ||||
| CVE-2024-25294 | 1 Getrebuild | 1 Rebuild | 2025-06-17 | 9.1 Critical |
| An SSRF issue in REBUILD v.3.5 allows a remote attacker to obtain sensitive information and execute arbitrary code via the FileDownloader.java, proxyDownload,URL parameters. | ||||
| CVE-2023-2474 | 1 Getrebuild | 1 Rebuild | 2024-11-21 | 4.3 Medium |
| A vulnerability has been found in Rebuild 3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. VDB-227866 is the identifier assigned to this vulnerability. | ||||
Page 1 of 1.