CVE-2021-31589: BeyondTrust Secure Remote Access Base <=6.0.1 - Cross-Site Scripting
漏洞标题 CVE-2021-31589: BeyondTrust Secure Remote Access Base <=6.0.1 - Cross-Site Scripting 漏洞描述 BeyondTrust Secure Remote Access Base through 6.0.1 contains a cross-site ...
Apache APISIX 默认密钥漏洞(CVE-2020-13945)
漏洞标题 Apache APISIX 默认密钥漏洞(CVE-2020-13945) 漏洞描述 Apache APISIX是一个高性能API网关。在用户未指定管理员Token或使用了默认配置文件的情况下,ApacheAPISIX将使用默认的管理员...
CVE-2013-2621: Telaen => v1.3.1 – Open Redirect
漏洞标题 CVE-2013-2621: Telaen => v1.3.1 - Open Redirect 漏洞描述 Open Redirection Vulnerability in the redir.php script in Telaen before 1.3.1 allows remote attackers to redire...
CVE-2023-39650: PrestaShop Theme Volty CMS Blog – SQL Injection
漏洞标题 CVE-2023-39650: PrestaShop Theme Volty CMS Blog - SQL Injection 漏洞描述 In the module 'Theme Volty CMS Blog' (tvcmsblog) up to versions 4.0.1 from Theme Volty f...
CVE-2017-15647: FiberHome Routers – Local File Inclusion
漏洞标题 CVE-2017-15647: FiberHome Routers - Local File Inclusion 漏洞描述 FiberHome routers are susceptible to local file inclusion in /cgi-bin/webproc via the getpage parameter i...
CVE-2022-25082: TOTOLink – Unauthenticated Command Injection
漏洞标题 CVE-2022-25082: TOTOLink - Unauthenticated Command Injection 漏洞描述 TOTOLink A950RG V5.9c.4050_B20190424 and V4.1.2cu.5204_B20210112 were discovered to contain a command...
Caucho Resin 目录遍历漏洞(CVE-2021-44138)
漏洞标题 Caucho Resin 目录遍历漏洞(CVE-2021-44138) 漏洞描述 Resin V4.0.52~4.0.56 中存在目录遍历漏洞,允许远程攻击者通过 HTTP 请求中的路径, 读取任意目录中的文件 PoC代码 暂无
CVE-2020-35774: twitter-server Cross-Site Scripting
漏洞标题 CVE-2020-35774: twitter-server Cross-Site Scripting 漏洞描述 twitter-server before 20.12.0 is vulnerable to cross-site scripting in some configurations. The vulnerability ...
CVE-2025-2711: Yonyou UFIDA ERP-NC V5.0 – Cross-Site Scripting
漏洞标题 CVE-2025-2711: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting 漏洞描述 Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting (XSS) via the langcode par...
CVE-2024-5765: WpStickyBar <= 2.1.0 - SQL Injection
漏洞标题 CVE-2024-5765: WpStickyBar <= 2.1.0 - SQL Injection 漏洞描述 The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX...
CVE-2023-5558: LearnPress < 4.2.5.5 - Cross-Site Scripting
漏洞标题 CVE-2023-5558: LearnPress < 4.2.5.5 - Cross-Site Scripting 漏洞描述 The LearnPress WordPress plugin before 4.2.5.5 does not sanitise and escape user input before output...
CVE-2023-38194: SuperWebMailer – Cross-Site Scripting
漏洞标题 CVE-2023-38194: SuperWebMailer - Cross-Site Scripting 漏洞描述 An issue was discovered in SuperWebMailer 9.00.0.01710 that allows keepalive.php XSS via a GET parameter. Po...
CVE-2021-24436: WordPress W3 Total Cache <2.1.4 - Cross-Site Scripting
漏洞标题 CVE-2021-24436: WordPress W3 Total Cache <2.1.4 - Cross-Site Scripting 漏洞描述 WordPress W3 Total Cache plugin before 2.1.4 is susceptible to cross-site scripting with...
CVE-2022-34049: WAVLINK WN530HG4 – Improper Access Control
漏洞标题 CVE-2022-34049: WAVLINK WN530HG4 - Improper Access Control 漏洞描述 Wavlink WN530HG4 M30HG4.V5030.191116 is susceptible to improper access control. An attacker can downloa...
CVE-2024-8484: REST API TO MiniProgram <= 4.7.1 - SQL Injection
漏洞标题 CVE-2024-8484: REST API TO MiniProgram <= 4.7.1 - SQL Injection 漏洞描述 The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'o...
CVE-2020-24579: D-Link DSL 2888a – Authentication Bypass/Remote Command Execution
漏洞标题 CVE-2020-24579: D-Link DSL 2888a - Authentication Bypass/Remote Command Execution 漏洞描述 D-Link DSL-2888A devices with firmware prior to AU_2.31_V1.1.47ae55 are vulnerab...
