Fastify Swagger-UI - Information Disclosure

fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting th...

EUVD-2019-3829

Malware in sbrugna...

EUVD-2020-18748

Malware in sbrugna...

EUVD-2023-26995

Malicious code in bioql PyPI...

EUVD-2023-26997

Malicious code in bioql PyPI...

EUVD-2023-26998

Malicious code in bioql PyPI...

EUVD-2024-48862

Malicious code in bioql PyPI...

EUVD-2021-28669

Malicious code in bioql PyPI...

EUVD-2023-26996

Malicious code in bioql PyPI...

CVE-2023-22892

There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances...

CVE-2023-22889

SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined input during report generation. This could lead to remote code execution by unauthenticated users...

CVE-2020-12835

An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to unsafe use of an Java RMI based protocol in an unsafe configuration, an attacker can inject malicious serialized objects into the communication, resulting in remote code execution in the context of a client-side Network...

CVE-2019-12180

An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an attacker to execute arbitrary Groovy Language code Java scripting language on the victim machine by inducing it ...

CVE-2020-26118

In SmartBear Collaborator Server through 13.3.13302, use of the Google Web Toolkit GWT API introduces a post-authentication Java deserialization vulnerability. The application's UpdateMemento class accepts a serialized Java object directly from the user without properly sanitizing it. A malicious...

CVE-2024-7565

SMARTBEAR SoapUI unpackageAll Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SMARTBEAR SoapUI. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2024-7565 SMARTBEAR SoapUI unpackageAll Directory Traversal Remote Code Execution Vulnerability

SMARTBEAR SoapUI unpackageAll Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SMARTBEAR SoapUI. User interaction is required to exploit this vulnerability in that the target must visit a...

CVE-2024-7565

CVE-2024-7565 describes a directory traversal vulnerability in SMARTBEAR SoapUI’s unpackageAll function. The flaw stems from insufficient validation of a user-supplied path used in file operations, allowing an attacker to achieve Remote Code Execution in the context of the current user. Exploitat...

CVE-2024-7565 SMARTBEAR SoapUI unpackageAll Directory Traversal Remote Code Execution Vulnerability

SMARTBEAR SoapUI unpackageAll Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SMARTBEAR SoapUI. User interaction is required to exploit this vulnerability in that the target must visit a...

PT-2024-38423 · Smartbear · Soapui

Name of the Vulnerable Software and Affected Versions: SMARTBEAR SoapUI affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of SMARTBEAR SoapUI. User interaction is required to exploit this issue, where the target mus...

SMARTBEAR SoapUI unpackageAll Directory Traversal Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of SMARTBEAR SoapUI. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the unpackageAll...