漏洞标题 CVE-2012-0392: Apache Struts2 S2-008 RCE 漏洞描述 The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, which allows r...

漏洞标题 CVE-2021-25085: WOOF WordPress plugin - Cross-Site Scripting 漏洞描述 The WOOF WordPress plugin does not sanitize or escape the woof_redraw_elements parameter before refle...

漏洞标题 CVE-2025-48954: Discourse OAuth Social Login - Cross-site Scripting 漏洞描述 Discourse versions prior to 3.5.0.beta6 contain a stored Cross-Site Scripting (XSS) vulnerabil...

漏洞标题 CVE-2021-39433: BIQS IT Biqs-drive v1.83 Local File Inclusion 漏洞描述 A local file inclusion vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sendi...

漏洞标题 CVE-2025-2748: Kentico Xperience CMS - Unauthenticated Stored XSS 漏洞描述 The Kentico Xperience application does not fully validate or filter files uploaded via the multi...

漏洞标题 CVE-2019-9632: ESAFENET CDG - Arbitrary File Download 漏洞描述 ESAFENET CDG V3 and V5 has an arbitrary file download vulnerability via the fileName parameter in download.j...

漏洞标题 CVE-2017-9841: PHPUnit - Remote Code Execution 漏洞描述 PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data...

漏洞标题 CVE-2017-8046: Spring Data Rest RCE 漏洞描述 SpringDataREST是一个构建在SpringData之上，为了帮助开发者更加容易地开发REST风格的Web服务。在RESTAPI的Patch方法中（实现RFC6902）...

漏洞标题 CVE-2018-12613: PhpMyAdmin 4.8.1 Remote File Inclusion 漏洞描述 An issue was discovered in phpMyAdmin 4.8.x before 4.8.2, in which an attacker can include (view and potent...

漏洞标题 CVE-2021-24370: WordPress Fancy Product Designer <4.6.9 - Arbitrary File Upload 漏洞描述 WordPress Fancy Product Designer plugin before 4.6.9 is susceptible to an arbit...

漏洞标题 CVE-2022-31798: Nortek Linear eMerge E3-Series - Cross-Site Scripting 漏洞描述 There is a local session fixation vulnerability that, when chained with cross-site scripting...

漏洞标题 CVE-2018-19365: Wowza Streaming Engine Manager 4.7.4.01 - Directory Traversal 漏洞描述 Wowza Streaming Engine 4.7.4.01 allows traversal of the directory structure and retr...

漏洞标题 CVE-2019-16469: Adobe Experience Manager - Expression Language Injection 漏洞描述 Adobe Experience Manager versions 6.5, 6.4, 6.3, 6.2, 6.1, and 6.0 has an expression lang...

漏洞标题 CVE-2022-4305: Login as User or Customer < 3.3 - Privilege Escalation 漏洞描述 The plugin lacks authorization checks to ensure that users are allowed to log in as anoth...

老用户重磅福利：加量不加价！存量境内地域「2核-4G内存-8M带宽-1200G流量包」通用型套餐实例可免费升级至「4核-4G内存-8M带宽-1200G流量包」，续费价不变！在本页面中选择对应目标套餐即可升级...

漏洞标题 CVE-2021-24213: GiveWP <= 2.9.7 - Cross-Site Scripting 漏洞描述 GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress versions before 2.10.0 is vulner...