云记
CVE-2024-13160: Ivanti EPM – Credential Coercion Vulnerability in GetHashForWildcard
漏洞标题 CVE-2024-13160: Ivanti EPM - Credential Coercion Vulnerability in GetHashForWildcard 漏洞描述 A vulnerability in Ivanti Endpoint Manager (EPM) allows an unauthenticated at...
CVE-2023-30212: OURPHP <= 7.2.0 - Cross Site Scripting
漏洞标题 CVE-2023-30212: OURPHP <= 7.2.0 - Cross Site Scripting 漏洞描述 OURPHP <= 7.2.0 is vulnerale to Cross Site Scripting (XSS) via /client/manage/ourphp_out.php. PoC代码
Commvault /commandcenter/publicLink.do 权限绕过漏洞(CVE-2025-57788)
漏洞标题 Commvault /commandcenter/publicLink.do 权限绕过漏洞(CVE-2025-57788) 漏洞描述 Commvault-WebServer是Commvault公司推出的一款网络服务器软件。该软件具有高效、安全、稳定的特点...
Adobe ColdFusion远程代码执行漏洞(CVE-2021-21087)
漏洞标题 Adobe ColdFusion远程代码执行漏洞(CVE-2021-21087) 漏洞描述 Adobe ColdFusion是Adobe公司的一套快速应用程序开发平台。该平台包括集成开发环境和脚本语言。 Adobe发布了AdobeColdF...
CVE-2018-18775: Microstrategy Web 7 – Cross-Site Scripting
漏洞标题 CVE-2018-18775: Microstrategy Web 7 - Cross-Site Scripting 漏洞描述 Microstrategy Web 7 does not sufficiently encode user-controlled inputs, resulting in cross-site script...
CVE-2025-2710: Yonyou UFIDA ERP-NC V5.0 – Cross-Site Scripting
漏洞标题 CVE-2025-2710: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting 漏洞描述 Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting (XSS) via the flag paramet...
CVE-2024-29198: GeoServer Demo Request Endpoint – Server Side Request Forgery
漏洞标题 CVE-2024-29198: GeoServer Demo Request Endpoint - Server Side Request Forgery 漏洞描述 It is possible to achieve Server Side Request Forgery (SSRF) via the Demo request en...
CVE-2021-39144: XStream 1.4.18 – Remote Code Execution
漏洞标题 CVE-2021-39144: XStream 1.4.18 - Remote Code Execution 漏洞描述 XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by man...
Aspera Faspex CVE-2022-47986 远程代码执行漏洞
漏洞标题 Aspera Faspex CVE-2022-47986 远程代码执行漏洞 漏洞描述 Aspera Faspex CVE-2022-47986 远程 PoC代码 暂无
CVE-2014-8799: WordPress Plugin DukaPress 2.5.2 – Directory Traversal
漏洞标题 CVE-2014-8799: WordPress Plugin DukaPress 2.5.2 - Directory Traversal 漏洞描述 A directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in...
CVE-2025-1562: Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit – Broken Access Control
漏洞标题 CVE-2025-1562: Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit - Broken Access Control 漏洞描述 The Recover WooCommerc...
微软称发现针对乌克兰的破坏性恶意软件
2022年1月15日,微软安全团队发布了一份报告,称在乌克兰政府机构及与乌克兰密切合作的组织系统中观察到破坏性恶意软件。该恶意软件一旦被攻击者激活,受感染的计算机系统将无法运行。微软威胁...
CVE-2023-49494: DedeCMS v5.7.111 – Cross-Site Scripting
漏洞标题 CVE-2023-49494: DedeCMS v5.7.111 - Cross-Site Scripting 漏洞描述 DedeCMS v5.7.111 was discovered to contain a reflective cross-site scripting (XSS) vulnerability via the c...
CVE-2025-1302: JSONPath Plus < 10.3.0 - Remote Code Execution
漏洞标题 CVE-2025-1302: JSONPath Plus < 10.3.0 - Remote Code Execution 漏洞描述 Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution (RCE)...
CVE-2017-14135: OpenDreambox 2.0.0 – Remote Code Execution
漏洞标题 CVE-2017-14135: OpenDreambox 2.0.0 - Remote Code Execution 漏洞描述 OpenDreambox 2.0.0 is susceptible to remote code execution via the webadmin plugin. Remote attackers ca...
bugbounty技巧聚合20211011
漏洞报告 【Ubiquiti 344刀】link.cgi存在反射xss漏洞 http://hackerone.com/reports/802498 【Ubiquiti 950刀】services.cgi存在反射xss漏洞 http://hackerone.com/reports/331368 【Google】...
