Browse all 3 CVE security advisories affecting SpectoLabs. AI-powered Chinese analysis, POCs, and references for each vulnerability.
SpectoLabs specializes in web application security testing, offering solutions for identifying vulnerabilities in web applications and APIs. Historically, their products have been associated with vulnerabilities including remote code execution, cross-site scripting (XSS), and privilege escalation issues. The company has recorded three CVEs, primarily related to input validation flaws and insecure default configurations. While no major security incidents have been publicly documented, the presence of CVEs indicates potential risks in their testing tools that could allow attackers to compromise systems or bypass security controls. These vulnerabilities highlight the importance of proper configuration and regular updates when using SpectoLabs' security solutions.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-54376 | Hoverfly's WebSocket endpoint `/api/v2/ws/logs` reachable without authentication even when --auth is enabled. — hoverflyCWE-200 | 7.5AI | HighAI | 2025-09-10 |
| CVE-2025-54123 | Hoverfly vulnerable to remote code execution at `/api/v2/hoverfly/middleware` endpoint due to insecure middleware implementation — hoverflyCWE-20 | 9.8 | Critical | 2025-09-10 |
| CVE-2024-45388 | Arbitrary file read in the `/api/v2/simulation` endpoint in hoverfly (`GHSL-2023-274`) — hoverflyCWE-200 | 7.5 | High | 2024-09-02 |
This page lists every published CVE security advisory associated with SpectoLabs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.