漏洞标题 CVE-2025-52970: Fortinet FortiWeb - Authentication Bypass to Admin Privilege 漏洞描述 A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, vers...

漏洞标题 CVE-2024-39887: Apache Superset < 4.0.2 - SQL Injection 漏洞描述 An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elem...

漏洞标题 CVE-2020-3187: Cisco Adaptive Security Appliance Software/Cisco Firepower Threat Defense - Directory Traversal 漏洞描述 Cisco Adaptive Security Appliance (ASA) Software an...

漏洞标题 CVE-2023-7164: WordPress BackWPup < 4.0.4 - Backup File Disclosure 漏洞描述 BackWPup WordPress plugin < 4.0.4 contains a directory listing vulnerability caused by la...

漏洞标题 CVE-2022-37191: Cuppa CMS v1.0 - Authenticated Local File Inclusion 漏洞描述 The component "cuppa/api/index.php" of CuppaCMS v1.0 is Vulnerable to LFI. An authen...

漏洞标题 CVE-2024-25608: Liferay Portal - Open Redirect 漏洞描述 HtmlUtil.escapeRedirect in Liferay Portal 7.2.0 through 7.4.3.18, and older unsupported versions, and Liferay DXP 7...

漏洞标题 CVE-2021-41773: Apache 2.4.49 - Path Traversal and Remote Code Execution 漏洞描述 A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An ...

漏洞标题 CVE-2023-1671: Sophos Web Appliance - Remote Code Execution 漏洞描述 A pre-auth command injection vulnerability in the warn-proceed handler of Sophos Web Appliance older t...

漏洞标题 CentreStack 存在反序列化漏洞（CVE-2025-30406） 漏洞描述 CVE-2025-30406 是由 CentreStack 门户的硬编码 machineKey使用导致的反序列化漏洞。攻击者可以通过该漏洞获取服务器权限，...

漏洞标题 CVE-2022-43016: OpenCATS 0.9.6 - Cross-Site Scripting 漏洞描述 OpenCATS 0.9.6 contains a cross-site scripting vulnerability via the callback component. An attacker can inj...

漏洞标题 CVE-2022-23881: ZZZCMS zzzphp 2.1.0 - Remote Code Execution 漏洞描述 ZZZCMS zzzphp v2.1.0 is susceptible to a remote command execution vulnerability via danger_key() at zz...

漏洞标题 CVE-2023-0527: Online Security Guards Hiring System - Cross-Site Scripting 漏洞描述 A vulnerability was found in PHPGurukul Online Security Guards Hiring System 1.0 and cl...

漏洞标题 CVE-2024-3300: Delmia Apriso - Pre-Authentication Unsafe .NET Object Deserialization 漏洞描述 An unsafe .NET object deserialization vulnerability in DELMIA Apriso Release ...

Try to find out source file! 意思就是要进行目录扫描，获取源文件呗、 利用dirsearch进行扫描，可以获取到一堆.bak的备份文件，我们打开这个index.php.bak，可以发现一个简单的代码审计 <?...

漏洞标题 CVE-2023-37728: IceWarp Webmail Server v10.2.1 - Cross Site Scripting 漏洞描述 Icewarp Icearp v10.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability ...

漏洞标题 CVE-2025-34143: ETQ Reliance - Authentication Bypass via Trailing Space 漏洞描述 An authentication bypass vulnerability exists in ETQ Reliance on the CG (legacy) platform....