CVE-2022-0928: Microweber < 1.2.12 - Stored Cross-Site Scripting
漏洞标题 CVE-2022-0928: Microweber < 1.2.12 - Stored Cross-Site Scripting 漏洞描述 Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability via the Type p...
CVE-2025-31125: Vite Development Server – Path Traversal
漏洞标题 CVE-2025-31125: Vite Development Server - Path Traversal 漏洞描述 Path traversal vulnerability in Vite development server's @fs endpoint allows attackers to access fi...
CVE-2025-2011: Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection
漏洞标题 CVE-2025-2011: Slider & Popup Builder by Depicter <= 3.6.1 - Unauthenticated SQL Injection 漏洞描述 The Slider & Popup Builder by Depicter plugin for WordPress ...
CVE-2022-1020: WordPress WooCommerce <3.1.2 - Arbitrary Function Call
漏洞标题 CVE-2022-1020: WordPress WooCommerce <3.1.2 - Arbitrary Function Call 漏洞描述 WordPress WooCommerce plugin before 3.1.2 does not have authorisation and CSRF checks in ...
CVE-2021-40149: Reolink E1 Zoom Camera <=3.0.0.716 - Private Key Disclosure
漏洞标题 CVE-2021-40149: Reolink E1 Zoom Camera <=3.0.0.716 - Private Key Disclosure 漏洞描述 Reolink E1 Zoom Camera versions 3.0.0.716 and below suffer from a private key (RSA)...
CVE-2014-3120: ElasticSearch v1.1.1/1.2 RCE
漏洞标题 CVE-2014-3120: ElasticSearch v1.1.1/1.2 RCE 漏洞描述 The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to exec...
Apache Druid存在服务器请求伪造漏洞(CVE-2025-27888)
漏洞标题 Apache Druid存在服务器请求伪造漏洞(CVE-2025-27888) 漏洞描述 Apache Druid存在服务器请求伪造漏洞,攻击者可以直接访问的内部系统。 PoC代码 暂无
CVE-2021-27748: IBM WebSphere HCL Digital Experience – Server-Side Request Forgery
漏洞标题 CVE-2021-27748: IBM WebSphere HCL Digital Experience - Server-Side Request Forgery 漏洞描述 IBM WebSphere HCL Digital Experience is vulnerable to server-side request forge...
CVE-2018-5715: SugarCRM 3.5.1 – Cross-Site Scripting
漏洞标题 CVE-2018-5715: SugarCRM 3.5.1 - Cross-Site Scripting 漏洞描述 SugarCRM 3.5.1 is vulnerable to cross-site scripting via phprint.php and a parameter name in the query string...
CVE-2021-26084: Confluence Server – Remote Code Execution
漏洞标题 CVE-2021-26084: Confluence Server - Remote Code Execution 漏洞描述 Confluence Server and Data Center contain an OGNL injection vulnerability that could allow an authentica...
CVE-2019-12581: Zyxel ZyWal/USG/UAG Devices – Cross-Site Scripting
漏洞标题 CVE-2019-12581: Zyxel ZyWal/USG/UAG Devices - Cross-Site Scripting 漏洞描述 Zyxel ZyWall, USG, and UAG devices allow remote attackers to inject arbitrary web script or HTM...
(CVE-2025-27817) Apache Kafka Client任意文件读取和SSRF漏洞
漏洞标题 (CVE-2025-27817) Apache Kafka Client任意文件读取和SSRF漏洞 漏洞描述 (CVE-2025-27817) Apache Kafka Client任意文件读取和SSRF漏洞 PoC代码 暂无
CVE-2024-0012: Palo Alto Networks PAN-OS身份认证绕过导致RCE漏洞(CVE-2024-0012)
漏洞标题 CVE-2024-0012: Palo Alto Networks PAN-OS身份认证绕过导致RCE漏洞(CVE-2024-0012) 漏洞描述 PAN-OS 设备管理 Web 界面中存在身份认证绕过漏洞,未经身份验证的远程攻击者可以通过网...
CVE-2025-0282: Ivanti Connect Secure – Stack-based Buffer Overflow
漏洞标题 CVE-2025-0282: Ivanti Connect Secure - Stack-based Buffer Overflow 漏洞描述 Ivanti Connect Secure < 22.7R2.5, Ivanti Policy Secure < 22.7R1.2, and Ivanti Neurons for...
CVE-2023-6568: Mlflow – Cross-Site Scripting
漏洞标题 CVE-2023-6568: Mlflow - Cross-Site Scripting 漏洞描述 The vulnerability allows an attacker to inject malicious code into the Content-Type header of a POST request, which i...
CVE-2021-3654: Nova noVNC – Open Redirect
漏洞标题 CVE-2021-3654: Nova noVNC - Open Redirect 漏洞描述 Nova noVNC contains an open redirect vulnerability. An attacker can redirect a user to a malicious site and possibly obt...
