云记
CVE-2024-2473: WPS Hide Login <= 1.9.15.2 - Login Page Disclosure
漏洞标题 CVE-2024-2473: WPS Hide Login <= 1.9.15.2 - Login Page Disclosure 漏洞描述 The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all version...
CVE-2024-4898: WordPress InstaWP Connect <= 0.1.0.38 - Unauthenticated User Creation
漏洞标题 CVE-2024-4898: WordPress InstaWP Connect <= 0.1.0.38 - Unauthenticated User Creation 漏洞描述 The InstaWP Connect – 1-click WP Staging & Migration plugin for WordP...
CVE-2024-12760: BentoML v1.3.9 – Open Redirect
漏洞标题 CVE-2024-12760: BentoML v1.3.9 - Open Redirect 漏洞描述 An open redirect vulnerability exists in BentoML v1.3.9, where the file parameter in the /ui/gradio_api/file= endpo...
CVE-2024-21485: Dash Framework – Cross-site Scripting
漏洞标题 CVE-2024-21485: Dash Framework - Cross-site Scripting 漏洞描述 Dash framework versions before 2.15.0 are vulnerable to Cross-site Scripting (XSS) via href attribute in anc...
CVE-2024-21644: pyLoad Flask Config – Access Control
漏洞标题 CVE-2024-21644: pyLoad Flask Config - Access Control 漏洞描述 pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can brow...
CVE-2024-35627: TileServer API – Cross Site Scripting
漏洞标题 CVE-2024-35627: TileServer API - Cross Site Scripting 漏洞描述 tileserver-gl up to v4.4.10 was discovered to contain a cross-site scripting (XSS) vulnerability via the com...
CVE-2024-10783: WordPress Plugin MainWP Child – Authentication Bypass
漏洞标题 CVE-2024-10783: WordPress Plugin MainWP Child - Authentication Bypass 漏洞描述 The plugin is vulnerable to an authentication bypass that allows an unauthenticated user to ...
CVE-2024-12356: Privileged Remote Access & Remote Support – Command Injection
漏洞标题 CVE-2024-12356: Privileged Remote Access & Remote Support - Command Injection 漏洞描述 A critical vulnerability has been discovered in Privileged Remote Access (PRA) a...
CVE-2024-39887: Apache Superset < 4.0.2 - SQL Injection
漏洞标题 CVE-2024-39887: Apache Superset < 4.0.2 - SQL Injection 漏洞描述 An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elem...
Apache OFBiz CVE-2024-38856 未授权代码执行漏洞
漏洞标题 Apache OFBiz CVE-2024-38856 未授权代码执行漏洞 漏洞描述 Apache OFBiz存在未授权代码执行漏洞,该漏洞是由于ProgramExport接口对用户的权限校验不当导致的。 PoC代码 暂无
CVE-2024-0305: Ncast busiFacade – Remote Command Execution
漏洞标题 CVE-2024-0305: Ncast busiFacade - Remote Command Execution 漏洞描述 The Ncast Yingshi high-definition intelligent recording and playback system is a newly developed audio ...
CVE-2024-31621: Flowise 1.6.5 – Authentication Bypass
漏洞标题 CVE-2024-31621: Flowise 1.6.5 - Authentication Bypass 漏洞描述 The flowise version <= 1.6.5 is vulnerable to authentication bypass vulnerability. PoC代码
CVE-2024-12209: WP Umbrella Update Backup Restore & Monitoring <= 2.17.0 - Local File Inclusion
漏洞标题 CVE-2024-12209: WP Umbrella Update Backup Restore & Monitoring <= 2.17.0 - Local File Inclusion 漏洞描述 The WP Umbrella: Update Backup Restore & Monitoring plu...
CData Sync CVE-2024-31851 路径遍历漏洞
漏洞标题 CData Sync CVE-2024-31851 路径遍历漏洞 漏洞描述 CData sync存在路径遍历漏洞,此漏洞是由于/ui/接口对用户的请求验证不当造成的。 PoC代码 暂无
CVE-2024-28255: OpenMetadata – Authentication Bypass
漏洞标题 CVE-2024-28255: OpenMetadata - Authentication Bypass 漏洞描述 OpenMetadata is a unified platform for discovery, observability, and governance powered by a central metadata...
CVE-2024-7954: SPIP Porte Plume Plugin rce
漏洞标题 CVE-2024-7954: SPIP Porte Plume Plugin rce 漏洞描述 在4.30-alpha2、4.2.13和4.1.16之前的SPIP中使用的porte_plume插件存在任意代码执行漏洞。远程且未经认证的攻击者可以通过发送...
