15 matches found
AstrBot 安全漏洞
AstrBot is an open-source multi-platform LLM chatbot and development framework created by AstrBot. Version 3.5.15 of AstrBot contains a security vulnerability, which stems from the use of hard-coded private keys for signing JWTs...
CVE-2025-64242
Missing Authorization vulnerability in Merv Barrett Easy Property Listings easy-property-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Property Listings: from n/a through = 3.5.22...
EUVD-2025-203608
Missing Authorization vulnerability in Merv Barrett Easy Property Listings easy-property-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Property Listings: from n/a through = 3.5.15...
CVE-2025-64242
Missing Authorization vulnerability in Merv Barrett Easy Property Listings easy-property-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Property Listings: from n/a through = 3.5.22...
CVE-2025-64242 WordPress Easy Property Listings plugin <= 3.5.22 - Broken Access Control vulnerability
Missing Authorization vulnerability in Merv Barrett Easy Property Listings easy-property-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Property Listings: from n/a through = 3.5.22...
CVE-2025-64242 WordPress Easy Property Listings plugin <= 3.5.22 - Broken Access Control vulnerability
Missing Authorization vulnerability in Merv Barrett Easy Property Listings easy-property-listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Property Listings: from n/a through = 3.5.22...
EUVD-2024-33746
Malicious code in bioql PyPI...
PT-2024-16791 · WordPress · Publishpress Revisions
Name of the Vulnerable Software and Affected Versions: PublishPress Revisions plugin versions up to, and including, 3.5.15 Description: The issue allows authenticated attackers with Subscriber-level access and above to extract sensitive data, including revisions of posts and pages, via the...
CVE-2024-25637 Reflected XSS via X-October-Request-Handler Header
October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interaction...
CVE-2024-25637 Reflected XSS via X-October-Request-Handler Header
October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interaction...
CVE-2024-24764
October is a self-hosted CMS platform based on the Laravel PHP Framework. This issue affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema october:// allowed external links, therefore allowing an op...
CVE-2024-24764 October Open Redirect for Administrator Accounts
October is a self-hosted CMS platform based on the Laravel PHP Framework. This issue affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema october:// allowed external links, therefore allowing an op...
CVE-2024-24764 October Open Redirect for Administrator Accounts
October is a self-hosted CMS platform based on the Laravel PHP Framework. This issue affects authenticated administrators who may be redirected to an untrusted URL using the PageFinder schema. The resolver for the page finder link schema october:// allowed external links, therefore allowing an op...
October Security breach
October is a content management system CMS and web platform from October Open Source. A security vulnerability exists in October prior to version 3.5.15, which stems from the X-October-Request-Handler header that does not clean up AJAX handler names and allows unescaped HTML to be reflected back...
Firefox < 3.5.15 Buffer Overflow
The installed version of Firefox is earlier than 3.5.15. Such versions are potentially affected by a heap-based buffer overflow vulnerability. The combination of DOM insertions and the handling of the JavaScript function 'document.write' exposes an error that can lead to a heap-based buffer...