云记
CVE-2024-28987: SolarWinds Web Help Desk – Hardcoded Credential
漏洞标题 CVE-2024-28987: SolarWinds Web Help Desk - Hardcoded Credential 漏洞描述 The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, a...
CVE-2024-11680: ProjectSend <= r1605 - Improper Authorization
漏洞标题 CVE-2024-11680: ProjectSend <= r1605 - Improper Authorization 漏洞描述 An improper authorization check was identified within ProjectSend version r1605 that allows an at...
CVE-2024-6670: WhatsUp Gold HasErrors SQL Injection – Authentication Bypass
漏洞标题 CVE-2024-6670: WhatsUp Gold HasErrors SQL Injection - Authentication Bypass 漏洞描述 In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allow...
CVE-2024-24763: JumpServer < 3.10.0 - Open Redirect
漏洞标题 CVE-2024-24763: JumpServer < 3.10.0 - Open Redirect 漏洞描述 JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to ...
CVE-2024-5947: Deep Sea Electronics DSE855 – Authentication Bypass
漏洞标题 CVE-2024-5947: Deep Sea Electronics DSE855 - Authentication Bypass 漏洞描述 Deep Sea Electronics DSE855 Configuration Backup Missing Authentication Information Disclosure ...
CVE-2024-24328: TotoLink Router setMacFilterRules – Command Injection
漏洞标题 CVE-2024-24328: TotoLink Router setMacFilterRules - Command Injection 漏洞描述 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulner...
CVE-2024-2961: PHP – LFR to Remote Code Execution
漏洞标题 CVE-2024-2961: PHP - LFR to Remote Code Execution 漏洞描述 PHP Local File Read vulnerability leading to Remote Code Execution PoC代码
CVE-2024-0352: Likeshop userFormImage 文件上传漏洞
漏洞标题 CVE-2024-0352: Likeshop userFormImage 文件上传漏洞 漏洞描述 Likeshop up to 2.5.7.20210311 存在一处安全漏洞,被分类为严重级别。该漏洞影响 HTTP POST 请求处理组件的 file serv...
CVE-2024-51211: openSIS Classic v9.1 – SQL Injection
漏洞标题 CVE-2024-51211: openSIS Classic v9.1 - SQL Injection 漏洞描述 SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.ph...
CVE-2024-38653: Ivanti Avalanche SmartDeviceServer – XML External Entity
漏洞标题 CVE-2024-38653: Ivanti Avalanche SmartDeviceServer - XML External Entity 漏洞描述 XXE in SmartDeviceServer in Ivanti Avalanche 6.3.1 allows a remote unauthenticated attack...
CVE-2024-30269: DataEase <= 2.4.1 - Sensitive Information Exposure
漏洞标题 CVE-2024-30269: DataEase <= 2.4.1 - Sensitive Information Exposure 漏洞描述 DataEase, an open source data visualization and analysis tool, has a database configuration ...
Apache OFBiz CVE-2024-38856 未授权代码执行漏洞
漏洞标题 Apache OFBiz CVE-2024-38856 未授权代码执行漏洞 漏洞描述 Apache OFBiz存在未授权代码执行漏洞,该漏洞是由于ProgramExport接口对用户的权限校验不当导致的。 PoC代码 暂无
CVE-2024-1183: Gradio – Server Side Request Forgery
漏洞标题 CVE-2024-1183: Gradio - Server Side Request Forgery 漏洞描述 An SSRF (Server-Side Request Forgery) vulnerability exists in the gradio-app/gradio repository, allowing attac...
CVE-2024-28397: pyload-ng js2py – Remote Code Execution
漏洞标题 CVE-2024-28397: pyload-ng js2py - Remote Code Execution 漏洞描述 An issue in the component js2py.disable_pyimport() of js2py up to v0.74 allows attackers to execute arbitr...
CVE-2024-5522: WordPress HTML5 Video Player < 2.5.27 - SQL Injection
漏洞标题 CVE-2024-5522: WordPress HTML5 Video Player < 2.5.27 - SQL Injection 漏洞描述 The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a param...
CVE-2024-29931: WP Go Maps <= 9.0.29 - Cross-Site Scripting
漏洞标题 CVE-2024-29931: WP Go Maps <= 9.0.29 - Cross-Site Scripting 漏洞描述 WP Go Maps (formerly WP Google Maps) plugin for WordPress versions before 9.0.30 is vulnerable to R...
