漏洞标题 CVE-2025-49113: Roundcube Webmail - Remote Code Execution 漏洞描述 Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated us...

漏洞标题 CVE-2025-68645: Zimbra Collaboration - Local File Inclusion 漏洞描述 Zimbra Collaboration (ZCS) 10.0 and 10.1 contain a local file inclusion caused by improper handling of...

漏洞标题 CVE-2021-32819: Nodejs Squirrelly - Remote Code Execution 漏洞描述 Nodejs Squirrelly is susceptible to remote code execution. Squirrelly is a template engine implemented i...

漏洞标题 CVE-2019-17228: Motors Car Dealer & Classified Ads <= 1.4.0 - Unauthenticated settings import/export 漏洞描述 includes/options.php in the motors-car-dealership-clas...

漏洞标题 CVE-2020-7318: McAfee ePolicy Orchestrator <5.10.9 Update 9 - Cross-Site Scripting 漏洞描述 McAfee ePolicy Orchestrator before 5.10.9 Update 9 is vulnerable to a cross-...

漏洞标题 CVE-2024-44849: Qualitor <= 8.24 - Remote Code Execution 漏洞描述 Qualitor up to 8.24 is vulnerable to Remote Code Execution (RCE) via Arbitrary File Upload in checkAce...

漏洞标题 CVE-2024-5827: Vanna - SQL injection 漏洞描述 Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject mal...

漏洞标题 CVE-2014-4561: Ultimate Weather Plugin <= 1.0 - Cross-Site Scripting 漏洞描述 The ultimate-weather plugin 1.0 for WordPress contains a cross-site scripting vulnerabilit...

漏洞标题 CVE-2025-1974: CVE-2025-1974 漏洞描述 shodan: ssl:"ingress-nginx" port:8443 Kubernetes ingress-nginx是云原生计算基金会（Cloud Native Computing Foundation）开源...

漏洞标题 CVE-2015-8399: Atlassian Confluence configuration files read 漏洞描述 Atlassian Confluence before 5.9.1 allows remote attackers to read arbitrary files via a crafted reque...

漏洞标题 CVE-2020-19283: Jeesns 1.4.2 - Cross-Site Scripting 漏洞描述 Jeesns 1.4.2 is vulnerable to reflected cross-site scripting in the /newVersion component and allows attackers...

1 通过updatexml取数据从页面发现有一个提示如果加上?tips=1的话，通过burpsuite发包可以通过updatexml来查看回显，可以通过这个取到数据下面是通过updatexml来注入，这时4步中用到语句 name=ad...

漏洞标题 CVE-2017-5868: OpenVPN Access Server 2.1.4 - CRLF Injection 漏洞描述 CRLF injection vulnerability in the web interface in OpenVPN Access Server 2.1.4 allows remote attacke...

漏洞标题 CVE-2019-11886: Yellow Pencil Visual Theme Customizer < 7.2.1 - Privilege Escalation 漏洞描述 The WaspThemes Visual CSS Style Editor (aka yellow-pencil-visual-theme-cus...

漏洞标题 CVE-2010-1540: Joomla! Component com_blog - Directory Traversal 漏洞描述 A directory traversal vulnerability in index.php in the MyBlog (com_myblog) component 3.0.329 for ...

漏洞标题 CVE-2023-27639: PrestaShop TshirteCommerce - Directory Traversal 漏洞描述 The Custom Product Designer (tshirtecommerce) module for PrestaShop allows HTTP requests to be fo...