漏洞标题 CVE-2025-58360: GeoServer - XML External Entity Injection 漏洞描述 GeoServer 2.26.0 to 2.26.2 and 2.25.6 contains an XML External Entity (XXE) injection caused by insuffic...

漏洞标题 CVE-2022-4050: WordPress JoomSport <5.2.8 - SQL Injection 漏洞描述 WordPress JoomSport plugin before 5.2.8 contains a SQL injection vulnerability. The plugin does not p...

漏洞标题 CVE-2021-27310: Clansphere CMS 2011.4 - Cross-Site Scripting 漏洞描述 Clansphere CMS 2011.4 contains an unauthenticated reflected cross-site scripting vulnerability via th...

漏洞标题 CVE-2021-27310: Clansphere CMS 2011.4 - Cross-Site Scripting 漏洞描述 Clansphere CMS 2011.4 contains an unauthenticated reflected cross-site scripting vulnerability via th...

漏洞报告 简单改ID越权250$ http://hackerone.com/reports/1124974 TikTok XSS 6000$ http://hackerone.com/reports/1452375 CVE-2022-21703，grafana跨站请求伪造(CSRF) http://jub0bs.com/pos...

漏洞标题 CVE-2021-24320: WordPress Bello Directory & Listing Theme <1.6.0 - Cross-Site Scripting 漏洞描述 WordPress Bello Directory & Listing theme before 1.6.0 contains...

漏洞标题 (CVE-2010-1603) Joomla! ZiMB Core组件目录遍历漏洞 漏洞描述 (CVE-2010-1603) Joomla! ZiMB Core组件目录遍历漏洞 PoC代码 暂无

漏洞标题 CVE-2020-35846: Agentejo Cockpit < 0.11.2 - NoSQL Injection 漏洞描述 Agentejo Cockpit before 0.11.2 allows NoSQL injection via the Controller/Auth.php check function. T...

漏洞标题 CVE-2024-54764: ipTIME A2004 - Unauthorized Access 漏洞描述 An access control issue exists in the component /login/hostinfo2.cgi of ipTIME A2004 v12.17.0 that allows attac...

漏洞标题 CVE-2021-35394: RealTek AP Router SDK - Arbitrary Command Injection 漏洞描述 The SDK exposes a UDP server that allows remote execution of arbitray commands. PoC代码

漏洞标题 CVE-2022-3766: phpMyFAQ < 3.1.8 - Cross-Site Scripting 漏洞描述 phpMyFAQ versions prior to 3.1.8 contain a reflected cross-site scripting vulnerability in the search fu...

漏洞标题 CVE-2024-3822: Base64 Encoder/Decoder <= 0.9.2 - Cross-Site Scripting 漏洞描述 The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not sanitise and escape a ...

漏洞标题 CVE-2010-20103: ProFTPd-1.3.3c - Backdoor Command Execution 漏洞描述 ProFTPD 1.3.3c contains a command injection backdoor caused by a hidden FTP command trigger in the sou...

漏洞标题 CVE-2017-14186: FortiGate FortiOS SSL VPN Web Portal - Cross-Site Scripting 漏洞描述 FortiGate FortiOS through SSL VPN Web Portal contains a cross-site scripting vulnerabi...

漏洞标题 CVE-2025-2776: SysAid On-Prem <= 23.3.40 - XML External Entity 漏洞描述 SysAid On-Prem versions <= 23.3.40 are vulnerable to an unauthenticated XML External Entity (...

漏洞标题 CVE-2024-38473: Apache HTTP Server - ACL Bypass 漏洞描述 Encoding problem in mod_proxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding...