Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
smartbear vulnerabilities and exploits
(subscribe to this query)
935
VMScore
CVE-2018-20580
The WSDL import functionality in SmartBear ReadyAPI 2.5.0 and 2.6.0 allows remote malicious users to execute arbitrary Java code via a crafted request parameter in a WSDL file.
Smartbear Readyapi 2.5.0
Smartbear Readyapi 2.6.0
1 EDB exploit
1 Github repository
935
VMScore
CVE-2014-1202
The WSDL/WADL import functionality in SoapUI prior to 4.6.4 allows remote malicious users to execute arbitrary Java code via a crafted request parameter in a WSDL file.
Smartbear Soapui
Smartbear Soapui 4.6.2
Smartbear Soapui 4.0
Eviware Soapui 3.5.1
Eviware Soapui 3.5
Smartbear Soapui 4.5.1
Smartbear Soapui 4.5
Eviware Soapui 3.0.1
Eviware Soapui 2.5.1
Smartbear Soapui 4.0.1
Eviware Soapui 3.6.1
Eviware Soapui 3.6
Smartbear Soapui 4.6.1
Smartbear Soapui 4.6.0
Smartbear Soapui 4.5.2
1 EDB exploit
828
VMScore
CVE-2019-12180
An issue exists in SmartBear ReadyAPI up to and including 2.8.2 and 3.0.0 and SoapUI up to and including 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an malicious user to execute arbitrary Groovy Language code (Java script...
Smartbear Readyapi
Smartbear Soapui
1 Github repository
801
VMScore
CVE-2020-26118
In SmartBear Collaborator Server up to and including 13.3.13302, use of the Google Web Toolkit (GWT) API introduces a post-authentication Java deserialization vulnerability. The application's UpdateMemento class accepts a serialized Java object directly from the user without...
Smartbear Collaborator
668
VMScore
CVE-2020-12835
An issue exists in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to unsafe use of an Java RMI based protocol in an unsafe configuration, an attacker can inject malicious serialized objects into the communication, resulting in remote code execution in the context of a client-side Netwo...
Smartbear Readyapi 3.2.5
668
VMScore
CVE-2019-17495
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI prior to 3.23.11 allows malicious users to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this pr...
Smartbear Swagger Ui
Oracle Utilities Framework 4.3.0.6.0
Oracle Utilities Framework 4.4.0.0.0
Oracle Banking Digital Experience 19.1
Oracle Utilities Framework 4.4.0.2.0
Oracle Banking Digital Experience 19.2
Oracle Banking Digital Experience 20.1
Oracle Primavera Gateway
Oracle Banking Platform
Oracle Banking Digital Experience 21.1
Oracle Banking Apis
Oracle Banking Apis 19.1
Oracle Banking Apis 19.2
Oracle Banking Apis 20.1
Oracle Banking Apis 21.1
Oracle Banking Digital Experience
4 Github repositories
605
VMScore
CVE-2017-16670
The project import functionality in SoapUI 5.3.0 allows remote malicious users to execute arbitrary Java code via a crafted request parameter in a WSDL project file.
Smartbear Soapui 5.3.0
392
VMScore
CVE-2021-21363
swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix like systems, the syste...
Smartbear Swagger-codegen
385
VMScore
CVE-2018-25031
Swagger UI prior to 4.1.3 could allow a remote malicious user to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
Smartbear Swagger Ui
8 Github repositories
383
VMScore
CVE-2021-46708
The swagger-ui-dist package prior to 4.1.3 for Node.js could allow a remote malicious user to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actio...
Smartbear Swagger-ui-dist
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »