Smartbear: Security Vulnerabilities
Cross Site Scripting vulnerability in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via a crafted script to the /api/v3/pet
CVSS Score
6.1
EPSS Score
0.001
Published
2025-09-25
An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via accessing a non-existent endpoint/cart, the server returns a 404-error page exposing sensitive information including the Servlet name (default) and server version
CVSS Score
6.5
EPSS Score
0.002
Published
2025-09-25
An issue in petstore v.1.0.7 allows a remote attacker to execute arbitrary code via the DELETE endpoint
CVSS Score
6.5
EPSS Score
0.002
Published
2025-09-25
SMARTBEAR SoapUI unpackageAll Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SMARTBEAR SoapUI. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.
The specific flaw exists within the unpackageAll function. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-19060.
CVSS Score
7.8
EPSS Score
0.026
Published
2024-11-22
fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of `@fastify/swagger-ui` without `baseDir` set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting the `baseDir` option can also work around this vulnerability.
CVSS Score
5.3
EPSS Score
0.144
Published
2024-01-15
SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined input during report generation. This could lead to remote code execution by unauthenticated users.
CVSS Score
9.8
EPSS Score
0.063
Published
2023-03-08
SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition.
CVSS Score
7.5
EPSS Score
0.004
Published
2023-03-08
There exists a privilege escalation vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by authorized users to reset passwords for other accounts.
CVSS Score
8.1
EPSS Score
0.004
Published
2023-03-08
There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances.
CVSS Score
7.5
EPSS Score
0.004
Published
2023-03-08
Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions. Note: This was originally claimed to be resolved in 4.1.3. However, third parties have indicated this is not resolved in 4.1.3 and even occurs in that version and possibly others.
CVSS Score
4.3
EPSS Score
0.804
Published
2022-03-11
Page 1