139 matches found
Hoverfly < 1.10.3 - Arbitrary File Read
Hoverfly is a lightweight service virtualization/ API simulation / API mocking tool for developers and testers. The /api/v2/simulation POST handler allows users to create new simulation views from the contents of a user-specified file. This feature can be abused by an attacker to read arbitrary...
Exploit for Improper Input Validation in Hoverfly
CVE-2025-54123 — Hoverfly Middleware API Remote Code Execution...
📄 Hoverfly 1.11.3 Remote Command Execution
This Python script is an exploitation tool targeting a vulnerable Hoverfly API endpoint, specifically the /api/v2/hoverfly/middleware functionality, which allows execution of user-supplied input through a backend binary...
ffensive-playbook
HackTheBox — Writeups Collection A collection of HackTheBox m...
ofensive-playbook
HackTheBox — Writeups Collection A collection of HackTheBox m...
Exploit for OS Command Injection in Hoverfly
CVE-2025-54123 Hoverfly CVE RCE Usage bash python3 CVE...
Exploit for OS Command Injection in Hoverfly
CVE-2025-54123 - Hoverfly Command Injection RCE PoC CVE-2...
Exploit for OS Command Injection in Hoverfly
CVE-2025-54123 A PoC demonstrating a RCE in Hoverfly version...
Exploit for OS Command Injection in Hoverfly
CVE-2025-54123 Exploit Hoverfly Authenticated Middleware Comm...
Hoverfly <= 1.11.3 - Remote Code Execution
Hoverfly versions 1.11.3 and below are vulnerable to remote code execution RCE via command injection in the middleware API endpoint /api/v2/hoverfly/middleware. Insufficient validation of the 'binary' and 'script' parameters allows an unauthenticated attacker to execute arbitrary commands on the...
EUVD-2025-117186
Malicious code in original-lavender-hoverfly npm...
MAL-2025-138916 Malicious code in original-lavender-hoverfly (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1a7cff724291031461ab159ba45bb2ac32653ad7f88919277281836ad9fda92a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-117307
Malicious code in inc-tomato-hoverfly npm...
EUVD-2025-117315
Malicious code in icy-lavender-hoverfly npm...
EUVD-2025-101875
Malicious code in thickhoverflyz3n npm...
EUVD-2025-101182
Malicious code in usualhoverflyz3n npm...
EUVD-2025-96464
Malicious code in mechanicalhoverflyz3n npm...
Malicious code in silent_hoverfly_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1f55ea8cd9ca4e9970ad081e83e278111f7e329c3756fa66e1915737232829c4 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
MAL-2025-118958 Malicious code in blushing_hoverfly_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector e758a1c0c362a42bfc94ce85e12a48ea970e44800569ee90164d171b5554d4a7 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-94883
Malicious code in supposedhoverflyz3n npm...