CVE-2021-39226: Grafana Snapshot – Authentication Bypass
漏洞标题 CVE-2021-39226: Grafana Snapshot - Authentication Bypass 漏洞描述 Grafana instances up to 7.5.11 and 8.1.5 allow remote unauthenticated users to view the snapshot associat...
CVE-2021-40524: Pure-FTPd 1.0.23 < 1.0.50 - Arbitrary File Upload
漏洞标题 CVE-2021-40524: Pure-FTPd 1.0.23 < 1.0.50 - Arbitrary File Upload 漏洞描述 Pure-FTPd versions 1.0.23 through 1.0.49 contain an arbitrary file upload vulnerability due t...
CVE-2021-46069: Vehicle Service Management System 1.0 – Stored Cross Site Scripting
漏洞标题 CVE-2021-46069: Vehicle Service Management System 1.0 - Stored Cross Site Scripting 漏洞描述 Vehicle Service Management System 1.0 contains a stored cross-site scripting v...
CVE-2021-24300: WordPress WooCommerce <1.13.22 - Cross-Site Scripting
漏洞标题 CVE-2021-24300: WordPress WooCommerce <1.13.22 - Cross-Site Scripting 漏洞描述 WordPress WooCommerce before 1.13.22 contains a reflected cross-site scripting vulnerabil...
CVE-2021-24370: WordPress Fancy Product Designer <4.6.9 - Arbitrary File Upload
漏洞标题 CVE-2021-24370: WordPress Fancy Product Designer <4.6.9 - Arbitrary File Upload 漏洞描述 WordPress Fancy Product Designer plugin before 4.6.9 is susceptible to an arbit...
近两万钱骡,欧洲第七次联合打击洗钱行动落幕
12月1日,一项有着400家金融机构支持、名为EMMA 7(The European Money Mule Action)的欧洲多国联合行动落下帷幕。从9月15日起至11月30日,该行动取得了如下成果:识别18351名“钱骡“;识别32...
CVE-2021-3110: PrestaShop 1.7.7.0 – SQL Injection
漏洞标题 CVE-2021-3110: PrestaShop 1.7.7.0 - SQL Injection 漏洞描述 PrestaShop 1.7.7.0 contains a SQL injection vulnerability via the store system. It allows time-based boolean SQL...
CVE-2021-27670: Appspace 6.2.4 – Server-Side Request Forgery
漏洞标题 CVE-2021-27670: Appspace 6.2.4 - Server-Side Request Forgery 漏洞描述 Appspace 6.2.4 allows SSRF via the api/v1/core/proxy/jsonprequest url parameter. PoC代码
CVE-2021-25298: Nagios XI 5.5.6-5.7.5 – Authenticated Remote Command Injection
漏洞标题 CVE-2021-25298: Nagios XI 5.5.6-5.7.5 - Authenticated Remote Command Injection 漏洞描述 Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command inject...
CVE-2021-23241: MERCUSYS Mercury X18G 1.0.5 Router – Local File Inclusion
漏洞标题 CVE-2021-23241: MERCUSYS Mercury X18G 1.0.5 Router - Local File Inclusion 漏洞描述 MERCUSYS Mercury X18G 1.0.5 devices are vulnerable to local file inclusion via ../ in co...
CVE-2021-29622: Prometheus – Open Redirect
漏洞标题 CVE-2021-29622: Prometheus - Open Redirect 漏洞描述 Prometheus 2.23.0 through 2.26.0 and 2.27.0 contains an open redirect vulnerability. To ensure a seamless transition to...
CVE-2021-40149: Reolink E1 Zoom Camera <=3.0.0.716 - Private Key Disclosure
漏洞标题 CVE-2021-40149: Reolink E1 Zoom Camera <=3.0.0.716 - Private Key Disclosure 漏洞描述 Reolink E1 Zoom Camera versions 3.0.0.716 and below suffer from a private key (RSA)...
(CVE-2021-21975) vRealize Operations Manager API 请求伪造漏洞
漏洞标题 (CVE-2021-21975) vRealize Operations Manager API 请求伪造漏洞 漏洞描述 (CVE-2021-21975) vRealize Operations Manager API 请求伪造漏洞 PoC代码 暂无
家贼难防,Ubiquiti前雇员窃取公司数据并实施勒索
12月1日,美国司法部公布了一份起诉书,指控Nickolas Sharp窃取了其所在公司数千兆字节机密文件,并以匿名攻击者身份勒索其公司近200万美元,在公司拒绝支付赎金后,还匿名举报公司导致公司股价...
CVE-2021-43831: Gradio < 2.5.0 - Arbitrary File Read
漏洞标题 CVE-2021-43831: Gradio < 2.5.0 - Arbitrary File Read 漏洞描述 Files on the host computer can be accessed from the Gradio interface PoC代码
CVE-2021-25082: WordPress Popup Builder < 4.0.7 - Remote Code Execution
漏洞标题 CVE-2021-25082: WordPress Popup Builder < 4.0.7 - Remote Code Execution 漏洞描述 Popup Builder WordPress plugin before 4.0.7 contains a local file inclusion caused by u...
