CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

139 matches found

SUSE CVE•added 2025/09/19 11:22 p.m.•2 views

SUSE CVE-2025-54123

Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, the middleware functionality in Hoverfly is vulnerable to command injection vulnerability at /api/v2/hoverfly/middleware endpoint due to insufficient validation and sanitization in user input. The vulnerability exists i...

9.8CVSS9.4AI score0.10543EPSS

Exploits7References2

SUSE CVE•added 2025/09/19 11:22 p.m.•1 views

SUSE CVE-2025-54376

Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, Hoverfly's admin WebSocket endpoint /api/v2/ws/logs is not protected by the same authentication middleware that guards the REST admin API. Consequently, an unauthenticated remote attacker can stream real-time applicatio...

7.5CVSS7AI score0.00663EPSS

Exploits1References2

OSV•added 2025/09/17 5:3 p.m.•3 views

GO-2025-3944 Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation in github.com/SpectoLabs/hoverfly

Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation in github.com/SpectoLabs/hoverfly...

9.8CVSS7.5AI score0.10543EPSS

Exploits7References8

OSV•added 2025/09/17 5:3 p.m.•4 views

GO-2025-3945 WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled in github.com/SpectoLabs/hoverfly

WebSocket endpoint /api/v2/ws/logs reachable without authentication even when --auth is enabled in github.com/SpectoLabs/hoverfly...

8.8CVSS7.2AI score0.00663EPSS

Exploits1References3

RedhatCVE•added 2025/09/12 8:47 p.m.•8 views

CVE-2025-54376

Hoverfly is an open source API simulation tool. In versions 1.11.3 and prior, Hoverfly’s admin WebSocket endpoint /api/v2/ws/logs is not protected by the same authentication middleware that guards the REST admin API. Consequently, an unauthenticated remote attacker can stream real-time applicatio...

8.8CVSS7.3AI score0.00663EPSS

Exploits1References1

RedhatCVE•added 2025/09/12 7:23 p.m.•3 views

CVE-2025-54123

9.8CVSS9.4AI score0.10543EPSS

Exploits7References1

NVD•added 2025/09/10 8:15 p.m.•9 views

CVE-2025-54376

8.8CVSS0.00663EPSS

Exploits1References2

CVE•added 2025/09/10 7:49 p.m.•34 views

CVE-2025-54376

Hoverfly (versions

8.8CVSS6.7AI score0.00663EPSS

Exploits1References2Affected Software1

Cvelist•added 2025/09/10 7:49 p.m.•13 views

CVE-2025-54376 Hoverfly's WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled.

8.8CVSS0.00663EPSS

Exploits1References2

OSV•added 2025/09/10 7:49 p.m.•6 views

CVE-2025-54376 Hoverfly's WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled.

8.8CVSS6.9AI score0.00663EPSS

Exploits1References4

Github Security Blog•added 2025/09/10 7:48 p.m.•14 views

Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation

Summary It has been discovered that the middleware functionality in Hoverfly is vulnerable to command injection through its /api/v2/hoverfly/middleware endpoint due to insufficient validation and sanitization in user input. Details The vulnerability exists in the middleware management API endpoin...

9.8CVSS9.5AI score0.10543EPSS

Exploits7References9Affected Software1

Snyk•added 2025/09/10 7:48 p.m.•1 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the /api/v2/hoverfly/middleware endpoint. An attacker can execute arbitrary system commands by supplying crafted input to the binary and script parameters, which are passed directly to command execution without...

9.8CVSS7.8AI score0.10543EPSS

Exploits7References2