CVE-2025-47424 – Retool Host Header Injection Vulnerability

May 9, 2025

CVE ID : CVE-2025-47424

Published : May 9, 2025, 11:15 p.m. | 1 hour, 3 minutes ago

Description : Retool (self-hosted) before 3.196.0 allows Host header injection. When the BASE_DOMAIN environment variable is not set, the HTTP host header can be manipulated.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous Articlebookmarkmenu offers bookmark storage using the menu back end

Next Article CVE-2025-3794 – WordPress WPForms Stored Cross-Site Scripting Vulnerability

Highlights

CVE-2025-32950 – Jmix File Path Traversal Vulnerability

April 22, 2025

CVE ID : CVE-2025-32950

Published : April 22, 2025, 6:15 p.m. | 31 minutes ago

Description : Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, attackers could manipulate the FileRef parameter to access files on the system where the Jmix application is deployed, provided the application server has the necessary permissions. This can be accomplished either by modifying the FileRef directly in the database or by supplying a harmful value in the fileRef parameter of the `/files` endpoint of the generic REST API. This issue has been patched in versions 1.6.2 and 2.4.0. A workaround is provided on the Jmix documentation website.

Severity: 6.5 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Sentry launches MCP monitoring tool

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

From Line To Layout: How Past Experiences Shape Your Design Career

Hire React.js Developers in the US: How to Choose the Right Team for Your Needs

I’ve tested every Samsung Galaxy phone in 2025 – here’s the model I’d recommend on sale

Google Photos just put all its best editing tools a tap away – here’s the shortcut

Claude can teach you how to code now, and more – how to try it

One of the best work laptops I’ve tested has MacBook written all over it (but it’s even better)

Controlling Execution Flow with Laravel’s Sleep Helper

Controlling Execution Flow with Laravel’s Sleep Helper

Generate Secure Temporary Share Links for Files in Laravel

This Week in Laravel: Filament 4, Laravel Boost, and Junie Review

KDE Plasma 6 on Wayland: the Payoff for Years of Plumbing

KDE Plasma 6 on Wayland: the Payoff for Years of Plumbing

FOSS Weekly #25.33: Debian 13 Released, Torvalds vs RISC-V, Arch’s New Tool, GNOME Perfection and More Linux Stuff

Ultimate ChatGPT-5 Prompt Guide: 52 Ideas for Any Task

CVE-2025-47424 – Retool Host Header Injection Vulnerability

CISA Adds Two N-able N-central Flaws to Known Exploited Vulnerabilities Catalog

From Banking Darling to $1B Fraud Magnet: Inside the Zelle Lawsuit 2025

How To Improve Website Performance

CVE-2025-1725 – WordPress Bit File Manager Stored Cross-Site Scripting Vulnerability

Microsoft Pressed Over DOGE GitHub Code Tied to NLRB Data Removal

Firebase Cloud Notifications for Laravel

CVE-2025-32950 – Jmix File Path Traversal Vulnerability

TwintailLauncher – multi-platform launcher

This Week in Laravel: 3rd-party APIs, Large File Uploads, and APP_KEY Security

I’ve been in tech for decades. Here are 10 ways my home lab keeps me sharp – and employable

CVE-2025-47424 – Retool Host Header Injection Vulnerability

Related Posts