漏洞标题 CVE-2024-0986: Issabel Authenticated - Remote Code Execution 漏洞描述 A vulnerability was found in Issabel PBX 4.0.0. It has been rated as critical. This issue affects som...

漏洞标题 CVE-2025-3605: WordPress Frontend Login and Registration Blocks Plugin 1.0.7 - Privilege Escalation 漏洞描述 Privilege escalation vulnerability exists in the Frontend Logi...

漏洞标题 CVE-2015-8350: WordPress Calls to Action <=2.4.3 - Authenticated Reflected XSS 漏洞描述 Calls to Action plugin before 2.5.1 for WordPress contains stored XSS caused by ...

漏洞标题 CVE-2023-24489: Citrix ShareFile StorageZones Controller - Unauthenticated Remote Code Execution 漏洞描述 A vulnerability has been discovered in the customer-managed Share...

漏洞标题 CVE-2022-0653: Wordpress Profile Builder Plugin Cross-Site Scripting 漏洞描述 The Profile Builder User Profile & User Registration Forms WordPress plugin is vulnerable...

相关阅读 简介 Kage是Metasploit RPC 服务器的GUI 工具，它可以帮助初学者更好的理解和学习Metasploit。该工具还处于开发中，支持的功能有限，要使用它需要安装Metasploit和npm。 Kage具有Windo...

漏洞标题 CVE-2020-24312: WordPress Plugin File Manager (wp-file-manager) Backup Disclosure 漏洞描述 mndpsingh287 WP File Manager v6.4 and lower fails to restrict external access to...

漏洞标题 CVE-2022-33901: WordPress MultiSafepay for WooCommerce <=4.13.1 - Arbitrary File Read 漏洞描述 WordPress MultiSafepay for WooCommerce plugin through 4.13.1 contains an ...

进入题目链接 直接就是一段代码需要审计 <?php $text = $_GET['text']; $file = $_GET['file']; $password = $_GET['password']; if(isset($text)&&(file_get_contents($text,'r')==...

漏洞标题 CVE-2023-35078: Ivanti Endpoint Manager Mobile (EPMM) - Authentication Bypass 漏洞描述 Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, through 11.10 allow...

漏洞标题 CVE-2025-27225: TRUfusion Enterprise <= 7.10.4.0 - Admin Contact Portal 漏洞描述 TRUfusion Enterprise versions 7.10.4.0 and earlier contained a vulnerability that allow...

漏洞标题 CVE-2017-9791: Apache Struts2 S2-053 - Remote Code Execution 漏洞描述 Apache Struts 2.1.x and 2.3.x with the Struts 1 plugin might allow remote code execution via a malici...

漏洞标题 CVE-2020-14864: Oracle Fusion - Directory Traversal/Local File Inclusion 漏洞描述 Oracle Business Intelligence Enterprise Edition 5.5.0.0.0, 12.2.1.3.0, and 12.2.1.4.0 are...

漏洞标题 CVE-2023-44012: mojoPortal v.2.7.0.0 - Cross-Site Scripting 漏洞描述 Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitra...

VK，全称VKontakte，是俄罗斯及独联体国家最流行的社交媒体平台，拥有超过6.5亿用户。VK已决定在其服务中引入2FA（two-factor authentication，双因素身份认证）。从明年二月开始，所有订阅人数...

漏洞标题 CVE-2022-37061: FLIR AX8 1.46.16 - Remote Command Injection 漏洞描述 FLIR AX8 version 1.46.16 and below is susceptible to an unauthenticated remote command injection vulne...