漏洞标题 CVE-2021-39146: XStream 1.4.18 - Arbitrary Code Execution 漏洞描述 XStream 1.4.18 is susceptible to remote code execution. An attacker can execute commands of the host by ...

漏洞标题 CVE-2024-10486: Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File 漏洞描述 The Google for WooCommerce plugin for WordPress ...

漏洞标题 CVE-2021-43062: Fortinet FortiMail 7.0.1 - Cross-Site Scripting 漏洞描述 A cross-site scripting vulnerability in FortiMail may allow an unauthenticated attacker to perform...

漏洞标题 CVE-2024-35584: openSIS < 9.1 - SQL Injection 漏洞描述 SQL injection vulnerability in Ajax.php, ForWindow.php, ForExport.php, Modules.php, functions/HackingLogFnc.php i...

漏洞标题 CVE-2010-1314: Joomla! Component Highslide 1.5 - Local File Inclusion 漏洞描述 A directory traversal vulnerability in the Highslide JS (com_hsconfig) component 1.5 and 2.0...

下载地址：http://i0x0fy4ibf.feishu.cn/file/boxcnJsXfAJvIp5RLViAqXQ2rSg 简介： 01 常规性资产收集 子域名枚举、端口扫描、路径扫描、旁站c段查询 02 巧用搜索引擎 关注页面内容、关注目录、...

漏洞标题 CVE-2023-40755: PHPJabbers Callback Widget v1.0 - Cross-Site Scripting 漏洞描述 There is a Cross Site Scripting (XSS) vulnerability in the "theme" parameter of p...

漏洞标题 CVE-2023-43472: MLFlow < 2.8.1 - Sensitive Information Disclosure 漏洞描述 An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive inf...

漏洞标题 CVE-2018-6605: Joomla! Component Zh BaiduMap 3.0.0.1 - SQL Injection 漏洞描述 SQL Injection exists in the Zh BaiduMap 3.0.0.1 component for Joomla! via the id parameter in...

漏洞标题 CVE-2021-43574: Atmail 6.5.0 - Cross-Site Scripting 漏洞描述 Atmail 6.5.0 contains a cross-site scripting vulnerability in WebAdmin Control Pane via the format parameter t...

漏洞标题 CVE-2024-58136: Yii2 PHP Framework < 2.0.52 - Remote Code Execution 漏洞描述 Yii2 PHP Framework before 2.0.52 is vulnerable to remote code execution via improper valida...

漏洞标题 CVE-2024-28986: SolarWinds Web Help Desk < 12.8.3 - Insecure Deserialization 漏洞描述 SolarWinds Web Help Desk before version 12.8.3 contain a critical Java deserializa...

漏洞标题 Adobe Commerce CVE-2024-34102 XML外部实体注入漏洞 漏洞描述 Adobe Commerce 存在XML外部实体注入漏洞，此漏洞是由于程序未充分验证用户输入estimate-shipping-methods的数据所导致...

漏洞标题 CVE-2023-50719: XWiki < 4.10.15 - Sensitive Information Disclosure 漏洞描述 XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions...

漏洞标题 CVE-2020-15415: DrayTek Vigor - Command Injection 漏洞描述 DrayTek Vigor devices contain a command injection vulnerability in the cvmcfgupload functionality. The vulnerabi...

漏洞标题 CVE-2013-4117: WordPress Plugin Category Grid View Gallery 2.3.1 - Cross-Site Scripting 漏洞描述 A cross-site scripting vulnerability in includes/CatGridPost.php in the Ca...