漏洞标题 (CVE-2025-29927) Next.js 中间件授权检查绕过漏洞 漏洞描述 (CVE-2025-29927) Next.js 中间件授权检查绕过漏洞 PoC代码 暂无

漏洞标题 CVE-2025-2710: Yonyou UFIDA ERP-NC V5.0 - Cross-Site Scripting 漏洞描述 Yonyou UFIDA ERP-NC V5.0 is vulnerable to reflected cross-site scripting (XSS) via the flag paramet...

漏洞标题 CVE-2019-2725: Oracle WebLogic Remote Code Execution 漏洞描述 Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services...

漏洞标题 CVE-2022-39960: Jira Netic Group Export <1.0.3 - Missing Authorization 漏洞描述 Jira Netic Group Export add-on before 1.0.3 contains a missing authorization vulnerabili...

漏洞标题 CVE-2023-3368: Chamilo LMS <= v1.11.20 Unauthenticated Command Injection 漏洞描述 Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <...

漏洞标题 CVE-2022-37042: Zimbra Collaboration Suite 8.8.15/9.0 - Remote Code Execution 漏洞描述 Zimbra Collaboration Suite (ZCS) 8.8.15 and 9.0 has mboximport functionality that re...

漏洞标题 CVE-2014-3206: Seagate BlackArmor NAS - Command Injection 漏洞描述 Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to lo...

漏洞标题 CVE-2023-22952: SugarCRM Unauthenticated - Remote Code Execution 漏洞描述 In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the E...

漏洞标题 CVE-2022-2462: WordPress Transposh <=1.0.8.1 - Information Disclosure 漏洞描述 WordPress Transposh plugin through is susceptible to information disclosure via the AJAX ...

漏洞标题 CVE-2023-43261: Milesight Routers - Information Disclosure 漏洞描述 A critical security vulnerability has been identified in Milesight Industrial Cellular Routers, comprom...

漏洞标题 CVE-2021-26247: Cacti - Cross-Site Scripting 漏洞描述 Cacti contains a cross-site scripting vulnerability via "http://<CACTI_SERVER>/auth_changepassword.php?ref...

漏洞标题 CVE-2017-9791: Apache Struts2 S2-053 - Remote Code Execution 漏洞描述 Apache Struts 2.1.x and 2.3.x with the Struts 1 plugin might allow remote code execution via a malici...

漏洞标题 CVE-2019-10758: mongo-express Remote Code Execution 漏洞描述 mongo-express before 0.54.0 is vulnerable to remote code execution via endpoints that uses the `toBSON` method...

漏洞标题 CVE-2019-19822: TOTOLINK/Realtek Routers - Information Disclosure 漏洞描述 A certain router administration interface using Realtek APMIB (e.g., on TOTOLINK models) allows ...

漏洞标题 CVE-2022-41840: Welcart eCommerce <= 2.7.7 - Unauth Directory Traversal 漏洞描述 Unauth. Directory Traversal vulnerability in Welcart eCommerce plugin <= 2.7.7 on Wo...

漏洞标题 CVE-2012-1835: WordPress Plugin All-in-One Event Calendar 1.4 - Cross-Site Scripting 漏洞描述 Multiple cross-site scripting vulnerabilities in the All-in-One Event Calenda...