CVE-2021-3129: Laravel with Ignition <= v8.4.2 Debug Mode - Remote Code Execution
漏洞标题 CVE-2021-3129: Laravel with Ignition <= v8.4.2 Debug Mode - Remote Code Execution 漏洞描述 Laravel version 8.4.2 and before with Ignition before 2.5.2 allows unauthenti...
CVE-2021-24838: WordPress AnyComment <0.3.5 - Open Redirect
漏洞标题 CVE-2021-24838: WordPress AnyComment <0.3.5 - Open Redirect 漏洞描述 WordPress AnyComment plugin before 0.3.5 contains an open redirect vulnerability via an API endpoin...
CVE-2021-25075: WordPress Duplicate Page or Post <1.5.1 - Cross-Site Scripting
漏洞标题 CVE-2021-25075: WordPress Duplicate Page or Post <1.5.1 - Cross-Site Scripting 漏洞描述 WordPress Duplicate Page or Post plugin before 1.5.1 contains a stored cross-sit...
CVE-2021-22214: Gitlab CE/EE 10.5 – Server-Side Request Forgery
漏洞标题 CVE-2021-22214: Gitlab CE/EE 10.5 - Server-Side Request Forgery 漏洞描述 GitLab CE/EE versions starting from 10.5 are susceptible to a server-side request forgery vulnerab...
CVE-2021-30047: vsftpd < 3.0.3 - DoS
漏洞标题 CVE-2021-30047: vsftpd < 3.0.3 - DoS 漏洞描述 vsftpd before 3.0.3 allows remote attackers to cause a denial of service by sending a crafted FTP command. PoC代码
CVE-2021-21402: Jellyfin prior to 10.7.0 Unauthenticated Arbitrary File Read
漏洞标题 CVE-2021-21402: Jellyfin prior to 10.7.0 Unauthenticated Arbitrary File Read 漏洞描述 Jellyfin is a Free Software Media System. In Jellyfin before version 10.7.1, with cer...
CVE-2021-41648: PuneethReddyHC action.php SQL Injection
漏洞标题 CVE-2021-41648: PuneethReddyHC action.php SQL Injection 漏洞描述 An unauthenticated SQL injection vulnerability exists in PuneethReddyHC Online Shopping through the /actio...
CVE-2021-24991: WooCommerce PDF Invoices & Packing Slips WordPress Plugin < 2.10.5 - Cross-Site Scripting
漏洞标题 CVE-2021-24991: WooCommerce PDF Invoices & Packing Slips WordPress Plugin < 2.10.5 - Cross-Site Scripting 漏洞描述 The Wordpress plugin WooCommerce PDF Invoices &am...
CVE-2021-40247: Budget and Expense Tracker System SQL注入 – 绕过B&E Tracker登录CVE-2021-40247
漏洞标题 CVE-2021-40247: Budget and Expense Tracker System SQL注入 - 绕过B&E Tracker登录CVE-2021-40247 漏洞描述 B&E Tracker v1.0 存在漏洞在从/expense_budget/dist/js/script....
CVE-2021-39316: WordPress DZS Zoomsounds <=6.50 - Local File Inclusion
漏洞标题 CVE-2021-39316: WordPress DZS Zoomsounds <=6.50 - Local File Inclusion 漏洞描述 WordPress Zoomsounds plugin 6.45 and earlier allows arbitrary files, including sensitive...
CVE-2021-42192: KONGA 0.14.9 – Privilege Escalation
漏洞标题 CVE-2021-42192: KONGA 0.14.9 - Privilege Escalation 漏洞描述 KONGA 0.14.9 allows attackers to set higher privilege users to full administration access. The attack vector i...
CVE-2021-33564: Ruby Dragonfly <1.4.0 - Remote Code Execution
漏洞标题 CVE-2021-33564: Ruby Dragonfly <1.4.0 - Remote Code Execution 漏洞描述 Ruby Dragonfly before 1.4.0 contains an argument injection vulnerability that allows remote attac...
CVE-2021-44228: Apache Log4j2 Remote Code Injection
漏洞标题 CVE-2021-44228: Apache Log4j2 Remote Code Injection 漏洞描述 Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect aga...
CVE-2021-24681: Duplicate Page WordPress – Stored Cross-Site Scripting
漏洞标题 CVE-2021-24681: Duplicate Page WordPress - Stored Cross-Site Scripting 漏洞描述 Duplicate Page WordPress plugin <= 4.4.2 contains a stored cross-site scripting caused b...
CVE-2021-28377: Joomla! ChronoForums 2.0.11 – Local File Inclusion
漏洞标题 CVE-2021-28377: Joomla! ChronoForums 2.0.11 - Local File Inclusion 漏洞描述 Joomla! ChronoForums 2.0.11 avatar function is vulnerable to local file inclusion through unaut...
CVE-2021-36260: Hikvision IP camera/NVR – Remote Command Execution
漏洞标题 CVE-2021-36260: Hikvision IP camera/NVR - Remote Command Execution 漏洞描述 Certain Hikvision products contain a command injection vulnerability in the web server due to t...
