CVE-2021-24849: WCFM WooCommerce Multivendor Marketplace < 3.4.12 - SQL Injection
漏洞标题 CVE-2021-24849: WCFM WooCommerce Multivendor Marketplace < 3.4.12 - SQL Injection 漏洞描述 The wcfm_ajax_controller AJAX action of the WCFM Marketplace WordPress plugin...
Apache OFBiz StatsSinceStart 远程代码执行漏洞(CVE-2024-45507)
漏洞标题 Apache OFBiz StatsSinceStart 远程代码执行漏洞(CVE-2024-45507) 漏洞描述 Apache OFBiz 18.12.16 之前的版本在 Linux 和 Windows 系统上存在未经身份验证的远程代码执行漏洞。 PoC...
CVE-2023-0297: PyLoad 0.5.0 – Pre-auth Remote Code Execution (RCE)
漏洞标题 CVE-2023-0297: PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE) 漏洞描述 Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31. PoC代码
CVE-2022-43165: Rukovoditel <= 3.2.1 - Cross Site Scripting
漏洞标题 CVE-2022-43165: Rukovoditel <= 3.2.1 - Cross Site Scripting 漏洞描述 A stored cross-site scripting (XSS) vulnerability in the Global Variables feature (/index.php?modul...
CVE-2007-0885: Jira Rainbow.Zen – Cross-Site Scripting
漏洞标题 CVE-2007-0885: Jira Rainbow.Zen - Cross-Site Scripting 漏洞描述 Jira Rainbow.Zen contains a cross-site scripting vulnerability via Jira/secure/BrowseProject.jspa which all...
Atlassian Confluence OGNL注入漏洞(CVE-2022-26134)
漏洞标题 Atlassian Confluence OGNL注入漏洞(CVE-2022-26134) 漏洞描述 Atlassian Confluence OGNL注入漏洞(CVE-2022-26134) PoC代码 暂无
CVE-2024-7591: Kemp LoadMaster Load Balancer – Unauthenticated Command Injection
漏洞标题 CVE-2024-7591: Kemp LoadMaster Load Balancer - Unauthenticated Command Injection 漏洞描述 Improper Input Validation vulnerability in Progress LoadMaster allows OS Command ...
BackupBuddy 存在本地文件包含漏洞(CVE-2022-31474)
漏洞标题 BackupBuddy 存在本地文件包含漏洞(CVE-2022-31474) 漏洞描述 BackupBuddy 是WordPress一款备份迁移插件。BackupBuddy 8.5.8.0 - 8.7.4.1版本存在本地文件包含漏洞,攻击者可以利用...
CVE-2019-25213: WordPress Advanced Access Manager – Path Traversal
漏洞标题 CVE-2019-25213: WordPress Advanced Access Manager - Path Traversal 漏洞描述 The Advanced Access Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary Fil...
CVE-2023-25194: Apache Druid Kafka Connect – Remote Code Execution
漏洞标题 CVE-2023-25194: Apache Druid Kafka Connect - Remote Code Execution 漏洞描述 The vulnerability has the potential to enable a remote attacker with authentication to run any ...
CVE-2021-24278: WordPress Contact Form 7 <2.3.4 - Arbitrary Nonce Generation
漏洞标题 CVE-2021-24278: WordPress Contact Form 7 <2.3.4 - Arbitrary Nonce Generation 漏洞描述 WordPress Contact Form 7 before version 2.3.4 allows unauthenticated users to use ...
CVE-2020-14144: Gitea 1.1.0 – 1.12.5 – Remote Code Execution
漏洞标题 CVE-2020-14144: Gitea 1.1.0 - 1.12.5 - Remote Code Execution 漏洞描述 Gitea 1.1.0 through 1.12.5 is susceptible to authenticated remote code execution, via the git hook fu...
CVE-2024-39907: 1Panel SQL Injection – Authenticated
漏洞标题 CVE-2024-39907: 1Panel SQL Injection - Authenticated 漏洞描述 1Panel is a web-based linux server management control panel. There are many sql injections in the project, an...
CVE-2019-5129: YouPHPTube Encoder 2.3 – Command Injection
漏洞标题 CVE-2019-5129: YouPHPTube Encoder 2.3 - Command Injection 漏洞描述 Exploitable unauthenticated command injections exist in YouPHPTube Encoder 2.3 a plugin for providing en...
CVE-2024-9796: WordPress WP-Advanced-Search <= 3.3.9 - SQL Injection
漏洞标题 CVE-2024-9796: WordPress WP-Advanced-Search <= 3.3.9 - SQL Injection 漏洞描述 The WordPress WP-Advanced-Search plugin for WordPress is vulnerable to SQL Injection in al...
CVE-2010-2122: Joomla! Component simpledownload <=0.9.5 - Arbitrary File Retrieval
漏洞标题 CVE-2010-2122: Joomla! Component simpledownload <=0.9.5 - Arbitrary File Retrieval 漏洞描述 A directory traversal vulnerability in the SimpleDownload (com_simpledownloa...
