Exploit for Unrestricted Upload of File with Dangerous Type in Wordpress

WordPress Crop Image RCE — CVE-2019-8942 / CVE-2019-8943 Pyth...

shadowstrike

⚡ ShadowStrike AI-Powered Advanced Security Testing Platf...

strix-advanced

⚡ Strix-Advanced AI-Powered Security Testing Platform An...

CVE-2023-25573

metersphere is an open source continuous testing platform. In affected versions an improper access control vulnerability exists in /api/jmeter/download/files, which allows any user to download any file without authentication. This issue may expose all files available to the running process. This...

EUVD-2023-52369

Malicious code in bioql PyPI...

EUVD-2022-7584

Malicious code in bioql PyPI...

EUVD-2025-8269

Malicious code in bioql PyPI...

Akamai CloudTest 代码问题漏洞

Akamai CloudTest is a suite of scalable load testing platforms from Akamai Corporation. A code issue vulnerability exists in Akamai CloudTest versions prior to 2025.06.09 that stems from vulnerability to server-side request forgery attacks...

CVE-2025-31165

Cross-Site Scripting XSS vulnerability in the Logbug module of NightWolf Penetration Testing Platform 1.2.2 allows attackers to execute JavaScript through the markdown editor feature...

CVE-2025-31165

CVE-2025-31165 is an XSS vulnerability in the Logbug module of NightWolf Penetration Testing Platform 1.2.2 , specifically through the markdown editor feature . The description states that attackers can execute JavaScript via this editor. The CVSS metrics included indicate a base score of 6.9 (Me...

CVE-2024-8327

Easy test Online Learning and Testing Platform from HWA JIUH DIGITAL TECHNOLOGY does not properly validate a specific page parameter, allowing remote attackers with regular privilege to inject arbitrary SQL commands to read, modify, and delete database contents...

MeterSphere Cross-Site Scripting Vulnerability

MeterSphere is MeterSphere open source one-stop open source continuous testing platform. MeterSphere 1.10.1-lts previous versions of cross-site scripting vulnerability , the vulnerability stems from the application of the user-supplied data lack of effective filtering and escaping , an attacker c...

CVE-2024-37161 MeterSphere front-end editor stores XSS vulnerability

MeterSphere is an open source continuous testing platform. Prior to version 1.10.1-lts, the system's step editor stores cross-site scripting vulnerabilities. Version 1.10.1-lts fixes this issue...

MeterSphere 跨站脚本漏洞

MeterSphere is MeterSphere open source one-stop open source continuous testing platform. MeterSphere 1.10.1-lts previous versions of cross-site scripting vulnerability , the vulnerability stems from the application of the user-supplied data lack of effective filtering and escaping , an attacker c...

CVE-2024-32467

MeterSphere is an open source continuous testing platform. Prior to version 2.10.14-lts, members without space permissions can view member information from other workspaces beyond their authority. Version 2.10.14-lts fixes this issue...

CVE-2023-50267

MeterSphere is a one-stop open source continuous testing platform. Prior to 2.10.10-lts, the authenticated attackers can update resources which don't belong to him if the resource ID is known. This issue if fixed in 2.10.10-lts. There are no known workarounds...

CVE-2023-41878

MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Metersphere is using a weak password by default, attackers can login to vnc and obtain high...

Design/Logic Flaw

MeterSphere is a one-stop open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing and performance testing. The Selenium VNC config used in Metersphere is using a weak password by default, attackers can login to vnc and obtain high...

CVE-2023-38494

CVE-2023-38494 affects MeterSphere Cloud interfaces; root cause is interfaces lacking configuration permissions, enabling sensitive data disclosure. Public details indicate versions prior to 2.10.4 LTS are affected; 2.10.4 LTS contains the patch. Remediation: upgrade to 2.10.4 LTS (or apply vendo...

CVE-2023-35937

CVE-2023-35937 affects Metersphere before version 2.10.2 LTS, where several key APIs lack permission checks, allowing ordinary users to perform actions reserved for space/project administrators (e.g., updating a user as a space administrator). The issue is documented in multiple sources (NVD entr...