Lucene search
K

54 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2023-34932

Malicious code in bioql PyPI...

6.8CVSS5AI score0.0067EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2023-42304

Malicious code in bioql PyPI...

7.5CVSS7.5AI score0.00412EPSS
Exploits1References2
The Hacker News
The Hacker News
added 2025/10/02 11:55 a.m.5 views

Automating Pentest Delivery: 7 Key Workflows for Maximum Impact

Penetration testing is critical to uncovering real-world security weaknesses. With the shift into continuous testing and validation, it is time we automate the delivery of these results. The way results are delivered hasn't kept up with today's fast-moving threat landscape. Too often, findings ar...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:20 a.m.5 views

CVE-2024-32467

MeterSphere is an open source continuous testing platform. Prior to version 2.10.14-lts, members without space permissions can view member information from other workspaces beyond their authority. Version 2.10.14-lts fixes this issue...

6.5CVSS6.6AI score0.00532EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:52 a.m.7 views

CVE-2024-37161

MeterSphere is an open source continuous testing platform. Prior to version 1.10.1-lts, the system's step editor stores cross-site scripting vulnerabilities. Version 1.10.1-lts fixes this issue...

4CVSS6.3AI score0.00355EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:8 a.m.12 views

CVE-2023-38494

MeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. Version 2.10.4 LTS contains a patch for this issue...

7.5CVSS6.8AI score0.00412EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/05 8:57 p.m.9 views

CVE-2022-46178

MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.1 allow users to upload a file, but do not validate the file name, which may lead to upload file to any path. The vulnerability...

8.8CVSS6.7AI score0.00717EPSS
Exploits1References1
Wallarm Lab
Wallarm Lab
added 2024/11/13 3:23 p.m.13 views

Your AppSec Journey Demystified: Driving Effective API Security with Wallarm and StackHawk

There is no doubt that attackers have shifted their attention to APIs. Wallarm’s API ThreatStats research identifies that 70% of attacks now target APIs instead of Web Applications. While APIs have become the backbone of innovation and connectivity for businesses, they have also introduced a vast...

7.4AI score
Exploits0
Cvelist
Cvelist
added 2024/06/11 2:7 p.m.29 views

CVE-2024-37161 MeterSphere front-end editor stores XSS vulnerability

MeterSphere is an open source continuous testing platform. Prior to version 1.10.1-lts, the system's step editor stores cross-site scripting vulnerabilities. Version 1.10.1-lts fixes this issue...

4CVSS0.00355EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/06/11 12:0 a.m.4 views

MeterSphere 跨站脚本漏洞

MeterSphere is MeterSphere open source one-stop open source continuous testing platform. MeterSphere 1.10.1-lts previous versions of cross-site scripting vulnerability , the vulnerability stems from the application of the user-supplied data lack of effective filtering and escaping , an attacker c...

6.1CVSS6.4AI score0.00355EPSS
Exploits1References3
NVD
NVD
added 2023/12/28 4:16 p.m.17 views

CVE-2023-50267

MeterSphere is a one-stop open source continuous testing platform. Prior to 2.10.10-lts, the authenticated attackers can update resources which don't belong to him if the resource ID is known. This issue if fixed in 2.10.10-lts. There are no known workarounds...

4.3CVSS0.00338EPSS
Exploits0References1
CVE
CVE
added 2023/09/26 10:53 p.m.45 views

CVE-2023-41878

MeterSphere’s CVE-2023-41878 describes a vulnerability in the Selenium VNC configuration where a weak default password allows unauthenticated access to VNC and can grant high-level privileges. Affected product: MeterSphere (Selenium VNC config). Root cause: default weak password enabling unauthor...

9.8CVSS7AI score0.00578EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/09/26 10:53 p.m.105 views

CVE-2023-41878 Weak password of selenium VNC in MeterSphere

MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Metersphere is using a weak password by default, attackers can login to vnc and obtain high...

4.6CVSS9.1AI score0.00578EPSS
Exploits0References4
Prion
Prion
added 2023/08/04 4:15 p.m.20 views

Design/Logic Flaw

MeterSphere is an open-source continuous testing platform. Prior to version 2.10.4 LTS, some interfaces of the Cloud version of MeterSphere do not have configuration permissions, and are sensitively leaked by attackers. Version 2.10.4 LTS contains a patch for this issue...

5CVSS7.5AI score0.00412EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2023/08/04 3:44 p.m.59 views

CVE-2023-38494

CVE-2023-38494 affects MeterSphere Cloud interfaces; root cause is interfaces lacking configuration permissions, enabling sensitive data disclosure. Public details indicate versions prior to 2.10.4 LTS are affected; 2.10.4 LTS contains the patch. Remediation: upgrade to 2.10.4 LTS (or apply vendo...

7.5CVSS6.5AI score0.00412EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2023/07/06 2:15 p.m.13 views

Design/Logic Flaw

Metersphere is an open source continuous testing platform. In versions prior to 2.10.2 LTS, some key APIs in Metersphere lack permission checks. This allows ordinary users to execute APIs that can only be executed by space administrators or project administrators. For example, ordinary users can ...

6.5CVSS8.6AI score0.00589EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2023/07/06 1:50 p.m.35 views

CVE-2023-35937

CVE-2023-35937 affects Metersphere before version 2.10.2 LTS, where several key APIs lack permission checks, allowing ordinary users to perform actions reserved for space/project administrators (e.g., updating a user as a space administrator). The issue is documented in multiple sources (NVD entr...

8.8CVSS7.3AI score0.00589EPSS
Exploits1References1Affected Software1
CNVD
CNVD
added 2023/05/31 12:0 a.m.15 views

MeterSphere Denial of Service Vulnerability

MeterSphere is MeterSphere open source one-stop open source continuous testing platform. MeterSphere 2.9.1 and previous versions of a denial of service vulnerability , the vulnerability stems from the submission of a very long password during login , it will force the system to perform a long...

6.5CVSS6.4AI score0.00587EPSS
Exploits1References1
CVE
CVE
added 2023/05/30 6:59 p.m.48 views

CVE-2023-32699

MeterSphere is affected by a denial-of-service vulnerability in versions up to 2.9.1. The issue arises when a user submits an excessively long password during login, triggering the MD5-based password hashing (CodingUtil.md5) to run for the long password and exhaust server CPU/memory, potentially ...

6.5CVSS6.4AI score0.00587EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2023/05/04 6:15 p.m.15 views

CVE-2023-30550

MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administrator of a project to modify other projects under the workspace. An attacker can obtain some...

6.8CVSS6.5AI score0.0067EPSS
Exploits1References2
Rows per page
Query Builder