Vulnerabilities > Smartbear > Critical

DATE CVE VULNERABILITY TITLE RISK
2023-03-08 CVE-2023-22889 Code Injection vulnerability in Smartbear Zephyr Enterprise
SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined input during report generation.
network
low complexity
smartbear CWE-94
critical
 9.8
9.8
2020-05-20 CVE-2020-12835 Deserialization of Untrusted Data vulnerability in Smartbear Readyapi 3.2.5
An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5.
network
low complexity
smartbear CWE-502
critical
 9.8
9.8
2019-10-10 CVE-2019-17495 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value.
network
low complexity
smartbear oracle CWE-352
critical
 9.8
9.8