漏洞标题 Apache OFBiz RMI反序列化前台命令执行(CVE-2021-26295) 漏洞描述 OFBiz是基于Java的Web框架，包括实体引擎，服务引擎和基于小部件的UI。近日，Apache OFBiz官方发布安全更新。Apache ...

漏洞标题 CVE-2021-24342: WordPress JNews Theme <8.0.6 - Cross-Site Scripting 漏洞描述 WordPress JNews theme before 8.0.6 contains a reflected cross-site scripting vulnerability....

漏洞标题 CVE-2021-24436: WordPress W3 Total Cache <2.1.4 - Cross-Site Scripting 漏洞描述 WordPress W3 Total Cache plugin before 2.1.4 is susceptible to cross-site scripting with...

漏洞标题 CVE-2021-24910: WordPress Transposh Translation <1.0.8 - Cross-Site Scripting 漏洞描述 WordPress Transposh Translation plugin before 1.0.8 contains a reflected cross-si...

漏洞标题 CVE-2021-36260: Hikvision IP camera/NVR - Remote Command Execution 漏洞描述 Certain Hikvision products contain a command injection vulnerability in the web server due to t...

漏洞标题 CVE-2021-24510: WordPress MF Gig Calendar <=1.1 - Cross-Site Scripting 漏洞描述 WordPress MF Gig Calendar plugin 1.1 and prior contains a reflected cross-site scripting...

漏洞标题 CVE-2021-45092: Thinfinity Iframe Injection 漏洞描述 A vulnerability exists in Thinfinity VirtualUI in a function located in /lab.html reachable which by default could all...

漏洞标题 CVE-2021-20792: WordPress Quiz and Survey Master <7.1.14 - Cross-Site Scripting 漏洞描述 WordPress Quiz and Survey Master plugin prior to 7.1.14 contains a cross-site s...

漏洞标题 CVE-2021-33044: Dahua IPC/VTH/VTO devices Authentication Bypass 漏洞描述 The identity authentication bypass vulnerability found in some Dahua products during the login pro...

漏洞标题 CVE-2021-34640: WordPress Securimage-WP-Fixed <=3.5.4 - Cross-Site Scripting 漏洞描述 WordPress Securimage-WP-Fixed plugin 3.5.4 and prior contains a cross-site scripti...

漏洞标题 CVE-2021-34622: WordPress ProfilePress <= 3.1.3 - Privilege Escalation 漏洞描述 ProfilePress plugin before 3.1.4 allows privilege escalation. Due to insufficient valida...

漏洞标题 CVE-2021-27561: YeaLink DM 3.6.0.20 - Remote Command Injection 漏洞描述 Yealink Device Management (DM) 3.6.0.20 allows command injection as root via the /sm/api/v1/firewal...

漏洞标题 CVE-2021-24876: Registrations for The Events Calendar < 2.7.5 - Authenticated Reflected Cross-Site Scripting 漏洞描述 The Registrations for the Events Calendar WordPres...

漏洞标题 CVE-2021-21985: VMware vSphere Client (HTML5) - Remote Code Execution 漏洞描述 The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of inp...

漏洞标题 CVE-2021-32172: Maian Cart <=3.8 - Remote Code Execution 漏洞描述 Maian Cart 3.0 to 3.8 via the elFinder file manager plugin contains a remote code execution vulnerabil...

漏洞标题 CVE-2021-44529: Ivanti EPM Cloud Services Appliance Code Injection 漏洞描述 Ivanti EPM Cloud Services Appliance (CSA) before version 4.6.0-512 is susceptible to a code inj...