CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

178 matches found

MeterSphere < 2.5.0 SSRF

MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in...

7.2CVSS6.3AI score0.23569EPSS

Exploits1References4

Nuclei•added 2026/05/29 3:59 a.m.•20 views

Metersphere - Arbitrary File Read

Metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in /api/jmeter/download/files, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This...

8.6CVSS7AI score0.93634EPSS

Exploits1References5

RedhatCVE•added 2026/01/09 8:44 a.m.•6 views

CVE-2022-23512

MeterSphere is a one-stop open source continuous testing platform. Versions prior to 2.4.1 are vulnerable to Path Injection in ApiTestCaseService::deleteBodyFiles which takes a user-controlled string id and passes it to ApiTestCaseService, which uses the user-provided value testId in new...

8.1CVSS7AI score0.00432EPSS

Exploits1References1

RedhatCVE•added 2025/10/23 3:13 p.m.•3 views

CVE-2025-62604

MeterSphere is an open source continuous testing platform. Prior to version 2.10.25-lts, a logic flaw allows retrieval of arbitrary user information. This allows an unauthenticated attacker to log in to the system as any user. This issue has been patched in version 2.10.25-lts...

7.5CVSS7AI score0.00062EPSS

Exploits1References1

NVD•added 2025/10/22 3:16 p.m.•3 views

CVE-2025-62604

7.5CVSS0.00062EPSS

Exploits1References3

Vulnrichment•added 2025/10/22 3:3 p.m.•2 views

CVE-2025-62604 MeterSphere logic flaw allows retrieval of arbitrary user information

5.3CVSS6.7AI score0.00062EPSS

Exploits1References3

EUVD•added 2025/10/22 3:3 p.m.•1 views

EUVD-2025-35590

5.3CVSS6.5AI score0.00062EPSS

Exploits1References3

OSV•added 2025/10/22 3:3 p.m.•1 views

CVE-2025-62604 MeterSphere logic flaw allows retrieval of arbitrary user information

5.3CVSS7AI score0.00062EPSS

Exploits1References5

Cvelist•added 2025/10/22 3:3 p.m.•5 views

CVE-2025-62604 MeterSphere logic flaw allows retrieval of arbitrary user information

5.3CVSS0.00062EPSS

Exploits1References3

CVE•added 2025/10/22 3:3 p.m.•4 views

CVE-2025-62604

MeterSphere (open source continuous testing platform) contains a logic flaw prior to version 2.10.25-lts that allows retrieval of arbitrary user information. The underlying issue enables an unauthenticated attacker to log in as any user. A fix has been applied in version 2.10.25-lts. Practical im...

7.5CVSS6.7AI score0.00062EPSS

Exploits1References3Affected Software1

CNNVD•added 2025/10/22 12:0 a.m.•2 views

MeterSphere 信息泄露漏洞

MeterSphere is MeterSphere's open source one-stop open source continuous testing platform. An information disclosure vulnerability exists in versions prior to MeterSphere 2.10.25-lts that stems from a logic flaw that could lead to the disclosure of arbitrary user information and an unauthenticate...

7.5CVSS6.2AI score0.00062EPSS

Exploits1References4

Positive Technologies•added 2025/10/22 12:0 a.m.•3 views

PT-2025-43364

Name of the Vulnerable Software and Affected Versions MeterSphere versions prior to 2.10.25-lts Description MeterSphere is a continuous testing platform. A logic flaw exists that allows retrieval of arbitrary user information. This flaw enables an unauthenticated attacker to log in to the system ...

7.5CVSS6.8AI score0.00062EPSS

Exploits1References8

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2024-35888

Malicious code in bioql PyPI...

4.3CVSS6.6AI score0.0025EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2021-32507

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00404EPSS

Exploits1References1