CVE-2021-40651: OS4Ed OpenSIS Community 8.0 – Local File Inclusion
漏洞标题 CVE-2021-40651: OS4Ed OpenSIS Community 8.0 - Local File Inclusion 漏洞描述 OS4Ed OpenSIS Community 8.0 is vulnerable to a local file inclusion vulnerability in Modules.ph...
CVE-2021-21234: Spring Boot Actuator Logview Directory Traversal
漏洞标题 CVE-2021-21234: Spring Boot Actuator Logview Directory Traversal 漏洞描述 spring-boot-actuator-logview before version 0.2.13 contains a directory traversal vulnerability i...
CVE-2021-24746: WordPress Sassy Social Share Plugin <3.3.40 - Cross-Site Scripting
漏洞标题 CVE-2021-24746: WordPress Sassy Social Share Plugin <3.3.40 - Cross-Site Scripting 漏洞描述 WordPress plugin Sassy Social Share < 3.3.40 contains a reflected cross-s...
CVE-2021-34621: WordPress ProfilePress 3.0.0-3.1.3 – Admin User Creation Weakness
漏洞标题 CVE-2021-34621: WordPress ProfilePress 3.0.0-3.1.3 - Admin User Creation Weakness 漏洞描述 ProfilePress WordPress plugin is susceptible to a vulnerability in the user regi...
CVE-2021-30128: Apache OFBiz <17.12.07 - Arbitrary Code Execution
漏洞标题 CVE-2021-30128: Apache OFBiz <17.12.07 - Arbitrary Code Execution 漏洞描述 Apache OFBiz before 17.12.07 is susceptible to arbitrary code execution via unsafe deserializ...
CVE-2021-27358: Grafana Unauthenticated Snapshot Creation
漏洞标题 CVE-2021-27358: Grafana Unauthenticated Snapshot Creation 漏洞描述 Grafana 6.7.3 through 7.4.1 snapshot functionality can allow an unauthenticated remote attacker to trigg...
CVE-2021-25016: Chaty < 2.8.2 - Cross-Site Scripting
漏洞标题 CVE-2021-25016: Chaty < 2.8.2 - Cross-Site Scripting 漏洞描述 The Chaty WordPress plugin before 2.8.3 and Chaty Pro WordPress plugin before 2.8.2 do not sanitise and es...
CVE-2021-37416: Zoho ManageEngine ADSelfService Plus <=6103 - Cross-Site Scripting
漏洞标题 CVE-2021-37416: Zoho ManageEngine ADSelfService Plus <=6103 - Cross-Site Scripting 漏洞描述 Zoho ManageEngine ADSelfService Plus 6103 and prior contains a reflected cro...
松下承认严重数据泄露,涉技术文件和客户敏感信息
日本科技巨头松下(Panasonic)在上周五发布了一份声明,承认其服务器遭到了入侵,有未知的第三方非法访问了其技术文件和业务合作伙伴信息。松下在新闻稿中称其首次于11月11日发现入侵,但据日...
Alibaba Nacos derby 未授权访问(CVE-2021-29442)
漏洞标题 Alibaba Nacos derby 未授权访问(CVE-2021-29442) 漏洞描述 Alibaba Nacos /derby端点不受保护,未经身份验证的用户可以公开访问。导致可以执行任意的select查询语句,可以查询数据库用...
CVE-2021-24499: WordPress Workreap – Remote Code Execution
漏洞标题 CVE-2021-24499: WordPress Workreap - Remote Code Execution 漏洞描述 WordPress Workreap theme is susceptible to remote code execution. The AJAX actions workreap_award_temp_...
CVE-2021-24554: WordPress Paytm Donation <=1.3.2 - Authenticated SQL Injection
漏洞标题 CVE-2021-24554: WordPress Paytm Donation <=1.3.2 - Authenticated SQL Injection 漏洞描述 WordPress Paytm Donation plugin through 1.3.2 is susceptible to authenticated SQ...
CVE-2021-24488: WordPress Post Grid <2.1.8 - Cross-Site Scripting
漏洞标题 CVE-2021-24488: WordPress Post Grid <2.1.8 - Cross-Site Scripting 漏洞描述 WordPress Post Grid plugin before 2.1.8 contains a reflected cross-site scripting vulnerabili...
CVE-2021-41773: Apache 2.4.49 – Path Traversal and Remote Code Execution
漏洞标题 CVE-2021-41773: Apache 2.4.49 - Path Traversal and Remote Code Execution 漏洞描述 A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An ...
CVE-2021-27358: Grafana Unauthenticated Snapshot Creation
漏洞标题 CVE-2021-27358: Grafana Unauthenticated Snapshot Creation 漏洞描述 Grafana 6.7.3 through 7.4.1 snapshot functionality can allow an unauthenticated remote attacker to trigg...
CVE-2021-42887: TOTOLINK EX1200T 4.1.2cu.5215 – Authentication Bypass
漏洞标题 CVE-2021-42887: TOTOLINK EX1200T 4.1.2cu.5215 - Authentication Bypass 漏洞描述 TOTOLINK EX1200T 4.1.2cu.5215 is susceptible to authentication bypass. An attacker can bypas...
