CVE-2018-10822: D-Link Routers – Local File Inclusion
漏洞标题 CVE-2018-10822: D-Link Routers - Local File Inclusion 漏洞描述 D-Link routers DWR-116 through 1.06, DIR-140L through 1.02, DIR-640L through 1.02,DWR-512 through 2.02,DWR-7...
CVE-2021-20792: WordPress Quiz and Survey Master <7.1.14 - Cross-Site Scripting
漏洞标题 CVE-2021-20792: WordPress Quiz and Survey Master <7.1.14 - Cross-Site Scripting 漏洞描述 WordPress Quiz and Survey Master plugin prior to 7.1.14 contains a cross-site s...
CVE-2025-54249: Adobe Experience Manager ≤ 6.5.23.0 – SSRF
漏洞标题 CVE-2025-54249: Adobe Experience Manager ≤ 6.5.23.0 – SSRF 漏洞描述 Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a Server-Side Request Forgery ...
CVE-2025-34141: ETQ Reliance – Reflected XSS via SQLConverterServlet
漏洞标题 CVE-2025-34141: ETQ Reliance - Reflected XSS via SQLConverterServlet 漏洞描述 A reflected cross-site scripting (XSS) vulnerability exists in ETQ Reliance CG (legacy) platf...
CVE-2018-8006: Apache ActiveMQ <=5.15.5 - Cross-Site Scripting
漏洞标题 CVE-2018-8006: Apache ActiveMQ <=5.15.5 - Cross-Site Scripting 漏洞描述 Apache ActiveMQ versions 5.0.0 to 5.15.5 are vulnerable to cross-site scripting via the web base...
CVE-2025-10211: ChanCMS <= 3.3.0 - Server-Side Request Forgery
漏洞标题 CVE-2025-10211: ChanCMS <= 3.3.0 - Server-Side Request Forgery 漏洞描述 yanyutao0402 ChanCMS 3.3.0 contains a server-side request forgery caused by manipulation of the ...
美国将卡巴斯基、中国电信、中国移动列入国家安全威胁名单
3月25日,美国联邦通信委员会(FCC)称俄罗斯网络安全公司卡巴斯基实验室(Kaspersky Lab)对美国国家安全构成了不可接受的风险,宣布将其列入“对美国国家安全构成威胁的通信设备和服务”名单...
CVE-2021-24838: WordPress AnyComment <0.3.5 - Open Redirect
漏洞标题 CVE-2021-24838: WordPress AnyComment <0.3.5 - Open Redirect 漏洞描述 WordPress AnyComment plugin before 0.3.5 contains an open redirect vulnerability via an API endpoin...
CVE-2024-4898: WordPress InstaWP Connect <= 0.1.0.38 - Unauthenticated User Creation
漏洞标题 CVE-2024-4898: WordPress InstaWP Connect <= 0.1.0.38 - Unauthenticated User Creation 漏洞描述 The InstaWP Connect – 1-click WP Staging & Migration plugin for WordP...
CVE-2025-49132: Pterodactyl Panel – Remote Code Execution
漏洞标题 CVE-2025-49132: Pterodactyl Panel - Remote Code Execution 漏洞描述 Pterodactyl is a free, open-source game server management panel. Using the /locales/locale.json with the...
CVE-2023-20888: VMware Aria Operations for Networks – Remote Code Execution
漏洞标题 CVE-2023-20888: VMware Aria Operations for Networks - Remote Code Execution 漏洞描述 Aria Operations for Networks contains an authenticated deserialization vulnerability. ...
CVE-2022-4301: WordPress Sunshine Photo Cart <2.9.15 - Cross-Site Scripting
漏洞标题 CVE-2022-4301: WordPress Sunshine Photo Cart <2.9.15 - Cross-Site Scripting 漏洞描述 WordPress Sunshine Photo Cart plugin before 2.9.15 contains a cross-site scripting ...
CVE-2023-27584: Dragonfly2 < 2.1.0-beta.1 - Hardcoded JWT Secret
漏洞标题 CVE-2023-27584: Dragonfly2 < 2.1.0-beta.1 - Hardcoded JWT Secret 漏洞描述 Dragonfly is an open source P2P-based file distribution and image acceleration system. It is h...
Atlassian Jira XSS(CVE-2018-20824)
漏洞标题 Atlassian Jira XSS(CVE-2018-20824) 漏洞描述 Jira7.13.1版本之前的WallboardServlet资源允许远程攻击者通过cyclePeriod参数中的跨站点脚本漏洞注入任意HTML或JavaScript。 PoC代码 ...
CVE-2020-5284: Next.js .next limited path traversal
漏洞标题 CVE-2020-5284: Next.js .next limited path traversal 漏洞描述 前端目录遍历浏览 fofa: "Next.js" PoC代码
CVE-2020-2551: Oracle WebLogic Server – Remote Code Execution
漏洞标题 CVE-2020-2551: Oracle WebLogic Server - Remote Code Execution 漏洞描述 Oracle WebLogic Server (Oracle Fusion Middleware (component: WLS Core Components) is susceptible to ...
