通达OA v11.8 api.ali.php任意文件上传漏洞
本文转载于公众号:融云攻防实验室,原文地址: 漏洞复现 通达OA v11.8 api.ali.php任意文件上传漏洞 通达OA(OfficeAnywhere网络智能办公系统)是由北京通达信科科技有限公司自主研发的协同办...
蓝凌OA custom.jsp 任意文件读取
本文转载于公众号:融云攻防实验室,原文地址: 蓝凌OA custom.jsp 任意文件读取 蓝凌是国内数字化办公专业服务商,阿里钉钉唯一投资的OA厂商,阿里云知识管理与协同领域首家战略合作伙伴。蓝凌OA...
蓝凌OA admin.do JNDI远程命令执行
本文转载于公众号:融云攻防实验室,原文地址: 蓝凌OA admin.do JNDI远程命令执行 蓝凌是国内数字化办公专业服务商,阿里钉钉唯一投资的OA厂商,阿里云知识管理与协同领域首家战略合作伙伴。蓝凌...
安恒明御WEB应用防火墙 未授权访问
本文转载于公众号:融云攻防实验室,原文地址: 安恒明御WEB应用防火墙 未授权访问 明御WEB应用防火墙(简称WAF)是一款由安恒信息自主研发,专注为网站、APP等Web应用提供安全防护的专业应用安...
蓝凌OA treexml.tmpl 远程命令执行漏洞
本文转载于公众号:融云攻防实验室,原文地址: 蓝凌OA treexml.tmpl 远程命令执行漏洞 蓝凌是国内数字化办公专业服务商,阿里钉钉唯一投资的OA厂商,阿里云知识管理与协同领域首家战略合作伙伴。...
通达OA v2014 get_contactlist.php 敏感信息泄漏漏洞
本文转载于公众号:融云攻防实验室,原文地址: 漏洞复现 通达OA v2014 get_contactlist.php 敏感信息泄漏漏洞 通达OA(OfficeAnywhere网络智能办公系统)是由北京通达信科科技有限公司自主研发...
CVE-2025-8286: Güralp Systems FMUS Series – Unauthenticated Access
漏洞标题 CVE-2025-8286: Güralp Systems FMUS Series - Unauthenticated Access 漏洞描述 Güralp Systems FMUS Series Seismic Monitoring Devices expose an unauthenticated Telnet-based ...
CVE-2025-1562: Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit – Broken Access Control
漏洞标题 CVE-2025-1562: Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit - Broken Access Control 漏洞描述 The Recover WooCommerc...
CVE-2025-31125: Vite Development Server – Path Traversal
漏洞标题 CVE-2025-31125: Vite Development Server - Path Traversal 漏洞描述 Path traversal vulnerability in Vite development server's @fs endpoint allows attackers to access fi...
CVE-2025-51501: Microweber CMS2.0 – Cross-Site Scripting
漏洞标题 CVE-2025-51501: Microweber CMS2.0 - Cross-Site Scripting 漏洞描述 Reflected Cross-Site Scripting (XSS) in the `id` parameter of the `live_edit.module_settings` API endpoin...
CVE-2025-1595: EasyCVR <=2.1.2 - Information Disclosure
漏洞标题 CVE-2025-1595: EasyCVR <=2.1.2 - Information Disclosure 漏洞描述 A vulnerability has been found in Anhui Xufan Information Technology EasyCVR up to 2.7.0 and classified...
CVE-2025-6970: WordPress Events Manager <= 7.0.3 - SQL Injection
漏洞标题 CVE-2025-6970: WordPress Events Manager <= 7.0.3 - SQL Injection 漏洞描述 The Events Manager - Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable...
CVE-2025-4322: Motors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover
漏洞标题 CVE-2025-4322: Motors <= 5.6.67 - Unauthenticated Privilege Escalation via Password Update/Account Takeover 漏洞描述 The Motors theme for WordPress is vulnerable to pri...
CVE-2025-34141: ETQ Reliance – Reflected XSS via SQLConverterServlet
漏洞标题 CVE-2025-34141: ETQ Reliance - Reflected XSS via SQLConverterServlet 漏洞描述 A reflected cross-site scripting (XSS) vulnerability exists in ETQ Reliance CG (legacy) platf...
CVE-2025-2712: Yonyou UFIDA ERP-NC V5.0 – Cross-Site Scripting
漏洞标题 CVE-2025-2712: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting 漏洞描述 Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting (XSS) via the langcode par...
同迅科技-神行者路由 / chkid 代码执行漏洞(CVE-2025-54322)
漏洞标题 同迅科技-神行者路由 / chkid 代码执行漏洞(CVE-2025-54322) 漏洞描述 Xspeeder SXZOS 系统在 2025-12-26 之前的版本中,vLogin.py 接口存在远程代码执行漏洞,攻击者可通过向 chkid...
