CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

178 matches found

MeterSphere < 2.5.0 SSRF

MeterSphere is a one-stop open source continuous testing platform, covering test management, interface testing, UI testing and performance testing. Versions prior to 2.5.0 are subject to a Server-Side Request Forgery that leads to Cross-Site Scripting. A Server-Side request forgery in...

7.2CVSS6.3AI score0.01607EPSS

Exploits1References4

Nuclei•added yesterday•23 views

Metersphere - Arbitrary File Read

Metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in /api/jmeter/download/files, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This...

8.6CVSS7AI score0.49851EPSS

Exploits1References5

RedhatCVE•added 2026/01/09 8:44 a.m.•6 views

CVE-2022-23512

MeterSphere is a one-stop open source continuous testing platform. Versions prior to 2.4.1 are vulnerable to Path Injection in ApiTestCaseService::deleteBodyFiles which takes a user-controlled string id and passes it to ApiTestCaseService, which uses the user-provided value testId in new...

8.1CVSS7AI score0.00827EPSS

Exploits1References1

RedhatCVE•added 2025/10/23 3:13 p.m.•4 views

CVE-2025-62604

MeterSphere is an open source continuous testing platform. Prior to version 2.10.25-lts, a logic flaw allows retrieval of arbitrary user information. This allows an unauthenticated attacker to log in to the system as any user. This issue has been patched in version 2.10.25-lts...

7.5CVSS7AI score0.00387EPSS

Exploits1References1

NVD•added 2025/10/22 3:16 p.m.•6 views

CVE-2025-62604

7.5CVSS0.00387EPSS

Exploits1References3

Cvelist•added 2025/10/22 3:3 p.m.•7 views

CVE-2025-62604 MeterSphere logic flaw allows retrieval of arbitrary user information

5.3CVSS0.00387EPSS

Exploits1References3

Vulnrichment•added 2025/10/22 3:3 p.m.•2 views

CVE-2025-62604 MeterSphere logic flaw allows retrieval of arbitrary user information

5.3CVSS6.7AI score0.00387EPSS

Exploits1References3

CVE•added 2025/10/22 3:3 p.m.•8 views

CVE-2025-62604

MeterSphere (open source continuous testing platform) contains a logic flaw prior to version 2.10.25-lts that allows retrieval of arbitrary user information. The underlying issue enables an unauthenticated attacker to log in as any user. A fix has been applied in version 2.10.25-lts. Practical im...

7.5CVSS6.7AI score0.00387EPSS

Exploits1References3Affected Software1

OSV•added 2025/10/22 3:3 p.m.•4 views

CVE-2025-62604 MeterSphere logic flaw allows retrieval of arbitrary user information

5.3CVSS7AI score0.00387EPSS

Exploits1References5

EUVD•added 2025/10/22 3:3 p.m.•5 views

EUVD-2025-35590

5.3CVSS6.5AI score0.00387EPSS

Exploits1References3

Positive Technologies•added 2025/10/22 12:0 a.m.•3 views

PT-2025-43364

Name of the Vulnerable Software and Affected Versions MeterSphere versions prior to 2.10.25-lts Description MeterSphere is a continuous testing platform. A logic flaw exists that allows retrieval of arbitrary user information. This flaw enables an unauthenticated attacker to log in to the system ...

7.5CVSS6.8AI score0.00387EPSS

Exploits1References8

CNNVD•added 2025/10/22 12:0 a.m.•3 views

MeterSphere 信息泄露漏洞

MeterSphere is MeterSphere's open source one-stop open source continuous testing platform. An information disclosure vulnerability exists in versions prior to MeterSphere 2.10.25-lts that stems from a logic flaw that could lead to the disclosure of arbitrary user information and an unauthenticate...

7.5CVSS6.2AI score0.00387EPSS

Exploits1References4

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-55079

Malicious code in bioql PyPI...

4.3CVSS5.1AI score0.00338EPSS

Exploits0References1

EUVD•added 2025/10/03 8:7 p.m.•5 views

EUVD-2023-46368

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00578EPSS

Exploits0References2