CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

178 matches found

Metersphere - Arbitrary File Read

Metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in /api/jmeter/download/files, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This...

8.6CVSS7AI score0.49851EPSS

Exploits1References5

Nuclei•added 14 hours ago•25 views

MeterSphere < 2.5.0 SSRF

MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in...

7.2CVSS6.3AI score0.01607EPSS

Exploits1References4

RedhatCVE•added 2026/01/09 8:44 a.m.•6 views

CVE-2022-23512

MeterSphere is a one-stop open source continuous testing platform. Versions prior to 2.4.1 are vulnerable to Path Injection in ApiTestCaseService::deleteBodyFiles which takes a user-controlled string id and passes it to ApiTestCaseService, which uses the user-provided value testId in new...

8.1CVSS7AI score0.00827EPSS

Exploits1References1

RedhatCVE•added 2025/10/23 3:13 p.m.•7 views

CVE-2025-62604

MeterSphere is an open source continuous testing platform. Prior to version 2.10.25-lts, a logic flaw allows retrieval of arbitrary user information. This allows an unauthenticated attacker to log in to the system as any user. This issue has been patched in version 2.10.25-lts...

7.5CVSS7AI score0.00387EPSS

Exploits1References1

NVD•added 2025/10/22 3:16 p.m.•6 views

CVE-2025-62604

7.5CVSS0.00387EPSS

Exploits1References3

Cvelist•added 2025/10/22 3:3 p.m.•7 views

CVE-2025-62604 MeterSphere logic flaw allows retrieval of arbitrary user information

5.3CVSS0.00387EPSS

Exploits1References3

Vulnrichment•added 2025/10/22 3:3 p.m.•2 views

CVE-2025-62604 MeterSphere logic flaw allows retrieval of arbitrary user information

5.3CVSS6.7AI score0.00387EPSS

Exploits1References3

CVE•added 2025/10/22 3:3 p.m.•8 views

CVE-2025-62604

MeterSphere (open source continuous testing platform) contains a logic flaw prior to version 2.10.25-lts that allows retrieval of arbitrary user information. The underlying issue enables an unauthenticated attacker to log in as any user. A fix has been applied in version 2.10.25-lts. Practical im...

7.5CVSS6.7AI score0.00387EPSS

Exploits1References3Affected Software1

EUVD•added 2025/10/22 3:3 p.m.•5 views

EUVD-2025-35590

5.3CVSS6.5AI score0.00387EPSS

Exploits1References3

OSV•added 2025/10/22 3:3 p.m.•4 views

CVE-2025-62604 MeterSphere logic flaw allows retrieval of arbitrary user information

5.3CVSS7AI score0.00387EPSS

Exploits1References5

CNNVD•added 2025/10/22 12:0 a.m.•3 views

MeterSphere 信息泄露漏洞

MeterSphere is MeterSphere's open source one-stop open source continuous testing platform. An information disclosure vulnerability exists in versions prior to MeterSphere 2.10.25-lts that stems from a logic flaw that could lead to the disclosure of arbitrary user information and an unauthenticate...

7.5CVSS6.2AI score0.00387EPSS

Exploits1References4

Positive Technologies•added 2025/10/22 12:0 a.m.•4 views

PT-2025-43364

Name of the Vulnerable Software and Affected Versions MeterSphere versions prior to 2.10.25-lts Description MeterSphere is a continuous testing platform. A logic flaw exists that allows retrieval of arbitrary user information. This flaw enables an unauthenticated attacker to log in to the system ...

7.5CVSS6.8AI score0.00387EPSS

Exploits1References8

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-55079

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00338EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2023-46368

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00578EPSS

Exploits0References2