漏洞标题 CVE-2018-9206: Blueimp jQuery-File-Upload v9.22.0 - Unrestricted File Upload 漏洞描述 Blueimp jQuery-File-Upload v9.22.0 contains an unauthenticated arbitrary file upload ...

漏洞标题 CVE-2012-0392: Apache Struts2 S2-008 RCE 漏洞描述 The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows r...

漏洞标题 CVE-2018-7422: WordPress Site Editor <=1.1.1 - Local File Inclusion 漏洞描述 WordPress Site Editor through 1.1.1 allows remote attackers to retrieve arbitrary files via...

漏洞标题 CVE-2023-2437: UserPro <= 5.1.1 - Authentication Bypass 漏洞描述 The UserPro plugin for WordPress through 5.1.1 allows authentication bypass via the userpro_fbconnect A...

漏洞标题 CVE-2016-1000146: WordPress Pondol Form to Mail <=1.1 - Cross-Site Scripting 漏洞描述 WordPress Pondol Form to Mail 1.1 and before contains a reflected cross-site scrip...

漏洞标题 CVE-2021-21973: VMware vSphere - Server-Side Request Forgery 漏洞描述 VMware vSphere (HTML5) is susceptible to server-side request forgery due to improper validation of UR...

漏洞标题 CVE-2023-35844: Lightdash Arbitrary File Read 漏洞描述 Lightdash是一款数据分析平台，它可以让数据团队和其他业务部门聚集在一起以做出更好的数据驱动决策 Lightdash 0.510.3之前...

打开连接，只有一个输入框，测试了半天sql，并没有什么鸟用 使用burp抓包，查看报文头发现有信息隐藏在hint里面 select * from 'admin' where password=md5($pass,true) md5($pass,true)知识补...

漏洞标题 CVE-2020-6308: SAP BusinessObjects Business Intelligence Platform - Blind Server-Side Request Forgery 漏洞描述 SAP BusinessObjects Business Intelligence Platform (Web Serv...

漏洞标题 CVE-2019-9922: Joomla! Harmis Messenger 1.2.2 - Local File Inclusion 漏洞描述 Joomla! Harmis Messenger 1.2.2 is vulnerable to local file inclusion which could give an atta...

漏洞标题 CVE-2020-2103: Jenkins <=2.218 - Information Disclosure 漏洞描述 Jenkins through 2.218, LTS 2.204.1 and earlier, is susceptible to information disclosure. An attacker c...

漏洞标题 CVE-2020-16139: Cisco Unified IP Conference Station 7937G - Denial-of-Service 漏洞描述 Cisco Unified IP Conference Station 7937G 1-4-4-0 through 1-4-5-7 allows attackers t...

漏洞标题 CVE-2023-6786: Payment Gateway for Telcell < 2.0.4 - Open Redirect 漏洞描述 The plugin does not validate the api_url parameter before redirecting the user to its value,...

漏洞标题 CVE-2025-49001: Dataease JWT 认证绕过漏洞 漏洞描述 CVE-2025-49001 是由于JWT校验机制错误导致攻击者可伪造JWT令牌绕过身份验证流程 fofa: body="/js/index-0.0.0-dataease.js...

漏洞标题 CVE-2025-51501: Microweber CMS2.0 - Cross-Site Scripting 漏洞描述 Reflected Cross-Site Scripting (XSS) in the `id` parameter of the `live_edit.module_settings` API endpoin...

漏洞标题 CVE-2023-29919: SolarView Compact <= 6.00 - Local File Inclusion 漏洞描述 There is an arbitrary read file vulnerability in SolarView Compact 6.00 and below, attackers c...