Pymetasploit3 安全漏洞

Pymetasploit3 is an automated library developed by Dan McInerney. Versions of pymetasploit3 prior to 1.0.6 contain security vulnerabilities. These vulnerabilities stem from the console.runmodulewithoutput function, which allows for the injection of line breaks into module options, potentially...

CVE-2025-9062 IDOR in MeCODE Informatics' Envanty

Authorization Bypass Through User-Controlled Key vulnerability in MeCODE Informatics and Engineering Services Ltd. Envanty allows Parameter Injection. This issue affects Envanty: before 1.0.6. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. The...

OESA-2025-2558 python-asteval security update

ASTEVAL provides a numpy-aware, safeish 'eval' function Security Fixes: ASTEVAL is an evaluator of Python expressions and statements. Prior to version 1.0.6, if an attacker can control the input to the asteval library, they can bypass asteval s restrictions and execute arbitrary Python code in th...

EUVD-2025-25043

Malicious code in bioql PyPI...

CVE-2025-8675

Server-Side Request Forgery SSRF vulnerability in Drupal AI SEO Link Advisor allows Server Side Request Forgery.This issue affects AI SEO Link Advisor: from 0.0.0 before 1.0.6...

CVE-2025-8675

Server-Side Request Forgery SSRF vulnerability in Drupal AI SEO Link Advisor allows Server Side Request Forgery.This issue affects AI SEO Link Advisor: from 0.0.0 before 1.0.6...

CVE-2025-8675

Summary (CVE-2025-8675): Drupal AI SEO Link Advisor module has a Server-Side Request Forgery (SSRF) weakness in how it handles user-supplied URLs, affecting versions earlier than 1.0.6 (0.0.0–1.0.5). The issue stems from insufficient sanitization, allowing an attacker to trigger SSRF via the modu...

CVE-2023-0453

The WP Private Message WordPress plugin bundled with the Superio theme as a required plugin before 1.0.6 does not ensure that private messages to be accessed belong to the user making the requests. This allowing any authenticated users to access private messages belonging to other users by...

CVE-2023-1542

Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6...

CVE-2023-1541

Business Logic Errors in GitHub repository answerdev/answer prior to 1.0.6...

CVE-2023-1241

Cross-site Scripting XSS - Stored in GitHub repository answerdev/answer prior to 1.0.6...

WordPress pz-frontend-manager plugin < 1.0.6 - CSRF change user profile picture vulnerability

CSRF change user profile picture vulnerability discovered by Vuln Seeker Cybersecurity Team in WordPress Plugin pz-frontend-manager versions 1.0.6...

PrestaShop Security Breach

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The program provides a variety of payment methods, SMS alerts and product image scaling and other features. A security vulnerability exists in PrestaShop versions prior to 1.0.6. The vulnerability stems...

PT-2023-17061 · Answer +3 · Answer +2

Name of the Vulnerable Software and Affected Versions: answer versions prior to 1.0.6 Description: The issue concerns an Observable Response Discrepancy. No further details are provided about the nature of this discrepancy or its potential impact. There is no information available regarding the...

answer 安全漏洞

answer is an open source knowledge-based community software. A security vulnerability exists in versions of answer prior to 1.0.6, which stems from an unlimited number of authentications...

PT-2023-17058 · Unknown · Answerdev/Answer

Name of the Vulnerable Software and Affected Versions: answerdev/answer versions prior to 1.0.6 Description: The issue is related to Authentication Bypass by Capture-replay. This allows unauthorized access by reusing captured authentication data. There is no information provided about the estimat...

answer 安全漏洞

answer is an open source knowledge-based community software. A user enumeration vulnerability exists in versions of answer prior to 1.0.6, which stems from brute-force breaking of a valid email account in the login portal, where the time for a valid account is significantly higher than the time f...

answer 安全漏洞

answer is an open source knowledge-based community software. A security vulnerability exists in versions of answer prior to 1.0.6 that stems from bypassing authentication...

answer 跨站脚本漏洞

answer is an open source knowledge-based community software. A cross-site scripting vulnerability exists in versions of answer prior to 1.0.6. An attacker could exploit this vulnerability to perform a cross-site scripting attack...

answer 跨站脚本漏洞

answer is an open source knowledge-based community software. A cross-site scripting vulnerability exists in versions of answer prior to 1.0.6. An attacker could exploit this vulnerability to perform a cross-site scripting attack...