漏洞标题 CVE-2019-17233: WordPress Ultimate FAQs <= 1.8.24 – Unauthenticated HTML Content Injection 漏洞描述 Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1...

漏洞标题 CVE-2021-3110: PrestaShop 1.7.7.0 - SQL Injection 漏洞描述 PrestaShop 1.7.7.0 contains a SQL injection vulnerability via the store system. It allows time-based boolean SQL...

漏洞标题 CVE-2021-24891: WordPress Elementor Website Builder <3.1.4 - Cross-Site Scripting 漏洞描述 WordPress Elementor Website Builder plugin before 3.1.4 contains a DOM cross-...

漏洞标题 CVE-2022-31161: Roxy-WI - Remote Code Execution 漏洞描述 Roxy-WI before 6.1.1.0 is susceptible to remote code execution. System commands can be run remotely via the delcer...

漏洞标题 CVE-2014-2323: Lighttpd 1.4.34 SQL Injection and Path Traversal 漏洞描述 A SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attacke...

漏洞标题 CVE-2020-25864: HashiCorp Consul/Consul Enterprise <=1.9.4 - Cross-Site Scripting 漏洞描述 HashiCorp Consul and Consul Enterprise up to version 1.9.4 are vulnerable to ...

漏洞标题 CVE-2021-25112: WordPress WHMCS Bridge <6.4b - Cross-Site Scripting 漏洞描述 WordPress WHMCS Bridge plugin before 6.4b contains a reflected cross-site scripting vulnera...

漏洞标题 CVE-2021-26085: Atlassian Confluence Server - Local File Inclusion 漏洞描述 Atlassian Confluence Server allows remote attackers to view restricted resources via local file...

漏洞标题 CVE-2020-29395: Wordpress EventON Calendar 3.0.5 - Cross-Site Scripting 漏洞描述 Wordpress EventON Calendar 3.0.5 is vulnerable to cross-site scripting because it allows a...

漏洞标题 CVE-2023-1177: MLflow get-artifact 任意文件读取漏洞 漏洞描述 使用 MLflow 模型注册表托管 MLflow 开源项目的用户 mlflow server或者 mlflow ui使用早于 MLflow 2.2.1 的 MLflow 版...

漏洞标题 CVE-2021-24762: WordPress Perfect Survey <1.5.2 - SQL Injection 漏洞描述 Perfect Survey WordPress plugin before 1.5.2 does not validate and escape the question_id GET p...

漏洞标题 CVE-2020-35848: Agentejo Cockpit <0.12.0 - NoSQL Injection 漏洞描述 Agentejo Cockpit prior to 0.12.0 is vulnerable to NoSQL Injection via the newpassword method of the ...

漏洞标题 CVE-2016-10924: Wordpress Zedna eBook download <1.2 - Local File Inclusion 漏洞描述 Wordpress Zedna eBook download prior to version 1.2 was affected by a filedownload.p...

漏洞标题 CVE-2022-4059: Cryptocurrency Widgets Pack < 2.0 - SQL Injection 漏洞描述 The plugin does not sanitise and escape some parameter before using it in a SQL statement via ...

漏洞标题 CVE-2021-34624: WordPress ProfilePress 3.0-3.1.3 - Arbitrary File Upload 漏洞描述 A vulnerability in the file uploader component found in the ~/src/Classes/FileUploader.ph...

漏洞标题 CVE-2024-50623: Cleo Synchronization 任意文件读取 漏洞描述 Cleo Synchronization 存在任意文件读取漏洞，攻击者可通过构造恶意请求获取服务器上的任意文件内容。 fofa: server=&qu...