漏洞标题 Apache Superset Cookie 权限绕过漏洞（CVE-2023-27524） 漏洞描述 Apache Superset 是一个开源的现代数据探索和可视化平台。Apache Superset Cookie 存在权限绕过漏洞，攻击者可通过...

漏洞标题 CVE-2014-5111: Fonality trixbox - Local File Inclusion 漏洞描述 Multiple local file inclusion vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary ...

漏洞标题 CVE-2025-30220: GeoServer WFS - XXE Processing Vulnerability 漏洞描述 GeoServer Web Feature Service (WFS) is vulnerable to an XML External Entity (XXE) processing attack d...

漏洞标题 CVE-2025-1323: WP-Recall – Plugin <= 16.26.10 - Unauthenticated SQL Injection 漏洞描述 The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress...

漏洞标题 CVE-2025-1595: EasyCVR <=2.1.2 - Information Disclosure 漏洞描述 A vulnerability has been found in Anhui Xufan Information Technology EasyCVR up to 2.7.0 and classified...

漏洞标题 CVE-2022-1391: WordPress Cab fare calculator < 1.0.4 - Local File Inclusion 漏洞描述 The Cab fare calculator WordPress plugin before 1.0.4 does not validate the control...

漏洞标题 CVE-2022-22963: Spring Cloud - Remote Code Execution 漏洞描述 Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions are susceptible to remote code exe...

打开题目就是一段代码，我们稍微美化一下，看的清楚点 I put something in F12 for you include 'flag.php'; $flag='MRCTF{xxxxxxxxxxxxxxxxxxxxxxxxx}'; if(isset($_GET['gg'])&&isset...

漏洞标题 CVE-2011-3600: Apache OFBiz - XML External Entity Injection 漏洞描述 The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Inj...

漏洞标题 CVE-2021-3374: Rstudio Shiny Server <1.5.16 - Local File Inclusion 漏洞描述 Rstudio Shiny Server prior to 1.5.16 is vulnerable to local file inclusion and source code l...

漏洞标题 CVE-2021-25003: WordPress WPCargo Track & Trace <6.9.0 - Remote Code Execution 漏洞描述 WordPress WPCargo Track & Trace plugin before 6.9.0 is susceptible to re...

漏洞标题 CVE-2024-3273: D-Link Network Attached Storage - Command Injection and Backdoor Account 漏洞描述 UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as crit...

漏洞标题 CVE-2022-4050: WordPress JoomSport <5.2.8 - SQL Injection 漏洞描述 WordPress JoomSport plugin before 5.2.8 contains a SQL injection vulnerability. The plugin does not p...

漏洞标题 CVE-2021-42013: Apache 2.4.49/2.4.50 - Path Traversal and Remote Code Execution 漏洞描述 A flaw was found in a change made to path normalization in Apache HTTP Server 2.4....

漏洞报告 【Reddit 500刀】第三方应用程序可以使用 inAppBrowser 窃取访问令牌以及受保护的文件 http://hackerone.com/reports/1122177 【Reddit 500刀】在端点 http://oauth.reddit.com/api/v2...

漏洞标题 CVE-2019-9762: PHPSHE 1.7 - SQL Injection 漏洞描述 A SQL Injection was discovered in PHPSHE 1.7 in include/plugin/payment/alipay/pay.php with the parameter id. The vulnera...