漏洞标题 CVE-2023-24489: Citrix ShareFile StorageZones Controller - Unauthenticated Remote Code Execution 漏洞描述 A vulnerability has been discovered in the customer-managed Share...

前言：一直以来在挖掘xss时总是被各种过滤，各种实体化转义。是真滴很难受，敢想连着几天兴冲冲奔着表单去，看着被过滤，转义的payload，用尽办法都过不去的心情。最后似乎有个声音在跟我说，能...

漏洞标题 Apache OFBiz CVE-2018-8033 XML外部实体注入漏洞 漏洞描述 Apache OFBiz存在XML外部实体注入漏洞，此漏洞是由于httpService接口对用户的请求验证不当导致的。 PoC代码 暂无

漏洞标题 CVE-2022-1910: WordPress Shortcodes and Extra Features for Phlox <2.9.8 - Cross-Site Scripting 漏洞描述 WordPress Shortcodes and extra features plugin for the Phlox the...

漏洞报告 【 Gener8】点击劫持更改电子邮件地址 http://hackerone.com/reports/783191 【Nord Security】csrf修改密码 http://hackerone.com/reports/204703 【Zenly】通过 SMS 身份验证流程接...

漏洞标题 CVE-2010-1429: Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure 漏洞描述 Red Hat JBoss Enterprise Application Platform 4.2 before 4.2.0.CP0...

漏洞标题 CVE-2007-4504: Joomla! RSfiles <=1.0.2 - Local File Inclusion 漏洞描述 Joomla! RSfiles 1.0.2 and earlier is susceptible to local file inclusion in index.php in the RSfi...

漏洞标题 CVE-2020-36708: WordPress Epsilon Framework Themes <=2.4.8 - Remote Code Execution 漏洞描述 WordPress themes including Shapely <= 1.2.7, NewsMag <= 2.4.1, Activel...

漏洞标题 CVE-2023-27639: PrestaShop TshirteCommerce - Directory Traversal 漏洞描述 The Custom Product Designer (tshirtecommerce) module for PrestaShop allows HTTP requests to be fo...

漏洞标题 CVE-2022-31101: Prestashop Blockwishlist 2.1.0 SQL Injection 漏洞描述 Prestashop Blockwishlist module version 2.1.0 suffers from a remote authenticated SQL injection vulne...

漏洞标题 CVE-2023-20889: VMware Aria Operations for Networks - Code Injection Information Disclosure Vulnerability 漏洞描述 Aria Operations for Networks contains an information dis...

漏洞标题 CVE-2022-31845: WAVLINK WN535 G3 - Information Disclosure 漏洞描述 WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to information disclosure in live_check.shtml. An at...

漏洞标题 CVE-2025-41243: Spring Cloud Gateway Server Webflux - Broken Access Control 漏洞描述 Spring Cloud Gateway Server Webflux contains a vulnerability caused by unsecured and e...

漏洞标题 CVE-2022-29455-headless: WordPress Elementor Website Builder <= 3.5.5 - DOM Cross-Site Scripting 漏洞描述 WordPress Elementor Website Builder plugin 3.5.5 and prior con...

漏洞标题 CVE-2017-9791: Apache Struts2 S2-053 - Remote Code Execution 漏洞描述 Apache Struts 2.1.x and 2.3.x with the Struts 1 plugin might allow remote code execution via a malici...

针对外挂横行的环境，《使命召唤》制作发行商动视Activision外挂打击行动再次升级，于前不久起诉了最热门的外挂网站之一EngineOwning。动视的诉求除永久关闭该外挂网站外，还要求外挂开发人员、...