Approved changes feed: RSS · Atom
cpe:2.3:a:n/a:rebuild:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | N/A (22f567d3-1203-528c-8f0e-3eb9c2f6ca78) |
|---|---|
| Product | Rebuild (4b225ec6-6e77-5f11-bf8a-40d418e8f4ee) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2025-11276 |
vulnerable | 2026-06-08 07:02:28.530684 |
Rebuild Comment/Guestbook cross site scripting
LOW (3.5)
A security flaw has been discovered in Rebuild up to 4.1.3. Affected by this issue is some unknown functionality of the component Comment/Guestbook. Performing manipulation results in cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 4.1.4 can resolve this issue. It is suggested to upgrade the affected component. According to the researcher the vendor has confirmed the flaw and fix in a private issue response.
Published: 2025-10-05T01:02:07.928Z
Updated: 2025-10-06T20:13:11.695Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1099 |
vulnerable | 2026-06-08 06:25:39.249676 |
Rebuild read-raw getFileOfData cross site scripting
LOW (3.5)
A vulnerability was found in Rebuild up to 3.5.5. It has been classified as problematic. Affected is the function getFileOfData of the file /filex/read-raw. The manipulation of the argument url leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-252456.
Published: 2024-01-31T11:31:05.389Z
Updated: 2024-08-23T19:26:33.667Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1098 |
vulnerable | 2026-06-08 06:25:39.248990 |
Rebuild proxy-download QiniuCloud.getStorageFile information disclosure
MEDIUM (4.3)
A vulnerability was found in Rebuild up to 3.5.5 and classified as problematic. This issue affects the function QiniuCloud.getStorageFile of the file /filex/proxy-download. The manipulation of the argument url leads to information disclosure. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-252455.
Published: 2024-01-31T11:31:04.316Z
Updated: 2025-05-29T15:04:07.376Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1021 |
vulnerable | 2026-06-08 06:25:39.014304 |
Rebuild HTTP Request readRawText server-side request forgery
MEDIUM (6.3)
A vulnerability, which was classified as critical, has been found in Rebuild up to 3.5.5. Affected by this issue is the function readRawText of the component HTTP Request Handler. The manipulation of the argument url leads to server-side request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-252290 is the identifier assigned to this vulnerability.
Published: 2024-01-29T22:00:08.338Z
Updated: 2025-06-06T20:16:06.549Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-1020 |
vulnerable | 2026-06-08 06:25:39.013652 |
Rebuild proxy-download getStorageFile cross site scripting
LOW (3.5)
A vulnerability classified as problematic was found in Rebuild up to 3.5.5. Affected by this vulnerability is the function getStorageFile of the file /filex/proxy-download. The manipulation of the argument url leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-252289 was assigned to this vulnerability.
Published: 2024-01-29T21:31:04.591Z
Updated: 2024-10-18T14:11:55.989Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-2474 |
vulnerable | 2026-06-08 06:02:42.359653 |
Rebuild cross-site request forgery
MEDIUM (4.3)
A vulnerability has been found in Rebuild 3.2 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to change the configuration settings. VDB-227866 is the identifier assigned to this vulnerability.
Published: 2023-05-02T12:31:03.658Z
Updated: 2024-08-02T06:26:08.712Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-1613 |
vulnerable | 2026-06-08 05:52:36.191857 |
Rebuild publish cross site scripting
LOW (3.5)
A vulnerability has been found in Rebuild up to 3.2.3 and classified as problematic. This vulnerability affects unknown code of the file /feeds/post/publish. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-223744.
Published: 2023-03-23T21:00:07.114Z
Updated: 2024-08-02T05:57:24.784Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-1612 |
vulnerable | 2026-06-08 05:52:36.191089 |
Rebuild list-file sql injection
MEDIUM (6.3)
A vulnerability, which was classified as critical, was found in Rebuild up to 3.2.3. This affects an unknown part of the file /files/list-file. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-223743.
Published: 2023-03-23T20:31:03.701Z
Updated: 2025-02-07T15:35:40.944Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-1610 |
vulnerable | 2026-06-08 05:52:36.184843 |
Rebuild list sql injection
MEDIUM (6.3)
A vulnerability, which was classified as critical, has been found in Rebuild up to 3.2.3. Affected by this issue is some unknown functionality of the file /project/tasks/list. The manipulation leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. VDB-223742 is the identifier assigned to this vulnerability.
Published: 2023-03-23T20:00:06.354Z
Updated: 2024-08-02T05:57:24.361Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-1495 |
vulnerable | 2026-06-08 05:52:36.004583 |
Rebuild list queryListOfConfig sql injection
MEDIUM (6.3)
A vulnerability classified as critical was found in Rebuild up to 3.2.3. Affected by this vulnerability is the function queryListOfConfig of the file /admin/robot/approval/list. The manipulation of the argument q leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is c9474f84e5f376dd2ade2078e3039961a9425da7. It is recommended to apply a patch to fix this issue. The identifier VDB-223381 was assigned to this vulnerability.
Published: 2023-03-18T23:31:04.026Z
Updated: 2025-02-26T17:17:50.826Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.