CVE-2021-25094: WordPress Tatsubuilder <= 3.3.11 - Remote Code Execution
漏洞标题 CVE-2021-25094: Wordpress Tatsubuilder <= 3.3.11 - Remote Code Execution 漏洞描述 An unrestricted file upload in WordPress Tatsubuilder plugin version <= 3.3.11 enab...
CVE-2021-41460: ECShop 4.1.0 – SQL Injection
漏洞标题 CVE-2021-41460: ECShop 4.1.0 - SQL Injection 漏洞描述 ECShop 4.1.0 has SQL injection vulnerability, which can be exploited by attackers to obtain sensitive information. Po...
Apache OFBiz RMI反序列化前台命令执行(CVE-2021-26295)
漏洞标题 Apache OFBiz RMI反序列化前台命令执行(CVE-2021-26295) 漏洞描述 OFBiz是基于Java的Web框架,包括实体引擎,服务引擎和基于小部件的UI。近日,Apache OFBiz官方发布安全更新。Apache ...
CVE-2025-6970: WordPress Events Manager <= 7.0.3 - SQL Injection
漏洞标题 CVE-2025-6970: WordPress Events Manager <= 7.0.3 - SQL Injection 漏洞描述 The Events Manager - Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable...
CVE-2020-13700: WordPress acf-to-rest-api <=3.1.0 - Insecure Direct Object Reference
漏洞标题 CVE-2020-13700: WordPress acf-to-rest-api <=3.1.0 - Insecure Direct Object Reference 漏洞描述 WordPress acf-to-rest-ap through 3.1.0 allows an insecure direct object re...
CVE-2021-34640: WordPress Securimage-WP-Fixed <=3.5.4 - Cross-Site Scripting
漏洞标题 CVE-2021-34640: WordPress Securimage-WP-Fixed <=3.5.4 - Cross-Site Scripting 漏洞描述 WordPress Securimage-WP-Fixed plugin 3.5.4 and prior contains a cross-site scripti...
CVE-2022-24816: GeoServer <1.2.2 - Remote Code Execution
漏洞标题 CVE-2022-24816: GeoServer <1.2.2 - Remote Code Execution 漏洞描述 Programs run on GeoServer before 1.2.2 which use jt-jiffle and allow Jiffle script to be provided via ...
CVE-2025-30567: WordPress WP01 – Path Traversal
漏洞标题 CVE-2025-30567: WordPress WP01 - Path Traversal 漏洞描述 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wp01ru W...
CVE-2022-1020: WordPress WooCommerce <3.1.2 - Arbitrary Function Call
漏洞标题 CVE-2022-1020: WordPress WooCommerce <3.1.2 - Arbitrary Function Call 漏洞描述 WordPress WooCommerce plugin before 3.1.2 does not have authorisation and CSRF checks in ...
H3C Magic NX系列设备存在远程命令执行漏洞(CVE-2025-2725)
漏洞标题 H3C Magic NX系列设备存在远程命令执行漏洞(CVE-2025-2725) 漏洞描述 H3C Magic NX系列设备(包括Magic NX15、Magic NX30 Pro、Magic NX400),以及Magic R系列设备(如MagicR3010)...
CVE-2021-31602: Hitachi Vantara Pentaho/Business Intelligence Server – Authentication Bypass
漏洞标题 CVE-2021-31602: Hitachi Vantara Pentaho/Business Intelligence Server - Authentication Bypass 漏洞描述 Hitachi Vantara Pentaho through 9.1 and Pentaho Business Intelligence...
CVE-2018-12909: Webgrind fileviewer.phtml 任意文件读取漏洞
漏洞标题 CVE-2018-12909: Webgrind fileviewer.phtml 任意文件读取漏洞 漏洞描述 Webgrind是一套PHP执行时间分析工具。其中Webgrind 1.5版本中存在安全漏洞,该漏洞源于程序依靠用户输入来显示...
CVE-2022-29153: HashiCorp Consul/Consul Enterprise – Server-Side Request Forgery
漏洞标题 CVE-2022-29153: HashiCorp Consul/Consul Enterprise - Server-Side Request Forgery 漏洞描述 HashiCorp Consul and Consul Enterprise up to 1.9.16, 1.10.9, and 1.11 are suscept...
CVE-2025-11371: Gladinet CentreStack & TrioFox – Local File Inclusion
漏洞标题 CVE-2025-11371: Gladinet CentreStack & TrioFox - Local File Inclusion 漏洞描述 In the default installation and configuration of Gladinet CentreStack and TrioFox, there...
CVE-2022-31268: Gitblit 1.9.3 – Local File Inclusion
漏洞标题 CVE-2022-31268: Gitblit 1.9.3 - Local File Inclusion 漏洞描述 Gitblit 1.9.3 is vulnerable to local file inclusion via /resources//../ (e.g., followed by a WEB-INF or META-...
CVE-2004-1602: ProFTPD 1.2.x – Username Enumeration via Timing Attack
漏洞标题 CVE-2004-1602: ProFTPD 1.2.x - Username Enumeration via Timing Attack 漏洞描述 ProFTPD versions 1.2.x (including 1.2.8 and 1.2.10) are vulnerable to timing attacks that al...
