RacerZ

5 exploits Active since Aug 2025
CVE-2024-46412 WRITEUP MEDIUM WRITEUP
Rebuild 3.7.7 - Unauthenticated Authentication Bypass via /commons/ip-location GET Request
Incorrect access control in the prehandle function of Rebuild v3.7.7 allows attackers to bypass authentication via a crafted GET request sent to /commons/ip-location.
CVSS 6.5
CVE-2024-46412 WRITEUP MEDIUM WRITEUP
Rebuild 3.7.7 - Unauthenticated Authentication Bypass via /commons/ip-location GET Request
Incorrect access control in the prehandle function of Rebuild v3.7.7 allows attackers to bypass authentication via a crafted GET request sent to /commons/ip-location.
CVSS 6.5
CVE-2024-46413 WRITEUP MEDIUM WRITEUP
rebuild < 3.7.7 - Server-Side Request Forgery via Type Parameter
Rebuild v3.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the type parameter in the com.rebuild.web.admin.rbstore.RBStoreController#loadDataIndex method.
CVSS 5.1
CVE-2024-46413 WRITEUP MEDIUM WRITEUP
rebuild < 3.7.7 - Server-Side Request Forgery via Type Parameter
Rebuild v3.7.7 was discovered to contain a Server-Side Request Forgery (SSRF) via the type parameter in the com.rebuild.web.admin.rbstore.RBStoreController#loadDataIndex method.
CVSS 5.1
CVE-2024-50641 WRITEUP HIGH WRITEUP
PandoraNext-TokensTool <0.6.8 - Auth Bypass
An authentication bypass vulnerability in PandoraNext-TokensTool v0.6.8 and before. An attacker can exploit this vulnerability to access API without any token.
CVSS 8.1