漏洞标题 CVE-2023-27639: PrestaShop TshirteCommerce - Directory Traversal 漏洞描述 The Custom Product Designer (tshirtecommerce) module for PrestaShop allows HTTP requests to be fo...

漏洞标题 CVE-2017-5638: Apache Struts 2 - Remote Command Execution S2-045 S2-046 漏洞描述 Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 is vulnerable to remote comm...

漏洞标题 CVE-2022-1390: WordPress Admin Word Count Column 2.2 - Local File Inclusion 漏洞描述 The plugin does not validate the path parameter given to readfile(), which could allow...

漏洞标题 CVE-2016-10960: WordPress wSecure Lite < 2.4 - Remote Code Execution 漏洞描述 WordPress wsecure plugin before 2.4 is susceptible to remote code execution via shell meta...

漏洞标题 Cisco IOS XE ebui_wsma_http 接口权限绕过漏洞（CVE-2023-20198） 漏洞描述 Cisco IOS XE 是一个开放灵活的操作系统，针对未来的工作进行了优化。作为适用于企业有线和无线接入、聚合...

漏洞标题 CVE-2022-0783: Multiple Shipping Address Woocommerce < 2.0 - SQL Injection 漏洞描述 The Multiple Shipping Address Woocommerce plugin before 2.0 does not properly saniti...

漏洞标题 CVE-2013-5528: Cisco Unified Communications Manager 7/8/9 - Directory Traversal 漏洞描述 A directory traversal vulnerability in the Tomcat administrative web interface in ...

概览 本文你将看到： 基于 HTTP 的前端鉴权背景cookie 为什么是最方便的存储方案，有哪些操作 cookie 的方式session 方案是如何实现的，存在哪些问题token 方案是如何实现的，如何进行编码和防...

Nginx配置可以过滤什么？ 恶意IP（黑/白名单） 首先，Nginx可以过滤恶意IP，你可以加入下面的配置，譬如恶意IP地址为8.215.34.190、42.59.101.116，那我们可以直接 location / { deny 8.215.34....

漏洞标题 CVE-2017-12637: SAP NetWeaver Application Server Java 7.5 - Local File Inclusion 漏洞描述 SAP NetWeaver Application Server Java 7.5 is susceptible to local file inclusion ...

漏洞标题 CVE-2020-6308: SAP BusinessObjects Business Intelligence Platform - Blind Server-Side Request Forgery 漏洞描述 SAP BusinessObjects Business Intelligence Platform (Web Serv...

漏洞标题 CVE-2022-28032: Atom CMS v2.0 - SQL Injection 漏洞描述 AtomCMS 2.0 is vulnerable to SQL Injection via Atom.CMS_admin_ajax_pages.php PoC代码

漏洞标题 CVE-2020-28188: TerraMaster TOS - Unauthenticated Remote Command Execution 漏洞描述 TerraMaster TOS <= 4.2.06 is susceptible to a remote code execution vulnerability wh...

漏洞标题 CVE-2025-54253: Adobe Experience Manager Forms - Insecure Deserialization 漏洞描述 Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration ...

微软在近日发布的一篇关于ACTINIUM黑客组织的研究报告中表示，在过去的六个月中，微软威胁情报中心MSTIC观察到ACTINIUM针对乌克兰的政府、军事、司法、执法、非政府组织和非营利组织的一系列行...

漏洞标题 CVE-2022-41840: Welcart eCommerce <= 2.7.7 - Unauth Directory Traversal 漏洞描述 Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on Wo...