漏洞标题 Apache Tomcat CVE-2023-46589 请求走私漏洞 漏洞描述 Apache Tomcat存在请求走私漏洞，该漏洞是由于应用程序对chunck传输的异常数据缺乏验证导致的。 PoC代码 暂无

漏洞标题 CVE-2022-0963: Microweber <1.2.12 - Stored Cross-Site Scripting 漏洞描述 Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability. It allows unre...

漏洞标题 CVE-2023-32563: Ivanti Avalanche - Remote Code Execution 漏洞描述 An unauthenticated attacker could achieve the code execution through a RemoteControl server. PoC代码

漏洞标题 CVE-2023-22480: KubeOperator Foreground `kubeconfig` - File Download 漏洞描述 KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, d...

漏洞标题 CVE-2009-2100: Joomla! JoomlaPraise Projectfork 2.0.10 - Local File Inclusion 漏洞描述 Joomla! JoomlaPraise Projectfork (com_projectfork) 2.0.10 allows remote attackers to...

漏洞标题 CVE-2025-1974-k8s: Ingress-Nginx Controller - Unauthenticated Remote Code Execution 漏洞描述 A security issue was discovered in ingress-nginx where the `auth-tls-match-cn`...

漏洞报告 【QIWI 300刀】api.flocktory.com存在HTTP请求走私，导致XSS http://hackerone.com/reports/955170 【U.S. Dept Of Defense】美国国防部某站点存在信息泄露漏洞(CVE-2020-14179) http:...

漏洞标题 CVE-2023-42344: OpenCMS - XML external entity (XXE) 漏洞描述 users can execute code without authentication. An attacker can execute malicious requests on the OpenCms serve...

漏洞标题 CVE-2024-4348: osCommerce v4.0 - Cross-site Scripting 漏洞描述 A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown func...

漏洞标题 CVE-2018-17283: Zoho ManageEngine OpManager - SQL Injection 漏洞描述 Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServl...

漏洞标题 CVE-2022-36923: Zoho ManageEngine - getUserAPIKey Authentication Bypass 漏洞描述 Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager,...

漏洞标题 CVE-2021-38647: Microsoft Open Management Infrastructure - Remote Code Execution 漏洞描述 Microsoft Open Management Infrastructure is susceptible to remote code execution ...

漏洞标题 CVE-2021-43734: kkFileView getCorsFile 任意文件读取漏洞 漏洞描述 kkFileView getCorsFile 3.6.0 版本以下存在任意文件读取漏洞，攻击者通过漏洞可以获取服务器中的任意文件，获取...

漏洞标题 CVE-2023-3843: mooDating 1.2 - Cross-site scripting 漏洞描述 A vulnerability was found in mooSocial mooDating 1.2. It has been classified as problematic. Affected is an un...

漏洞标题 CVE-2020-36731: Flexible Checkout Fields for WooCommerce <= 2.3.1 - Unauthenticated Arbitrary Plugin Settings Update 漏洞描述 The Flexible Checkout Fields for WooCommer...

漏洞标题 CVE-2023-3306: 锐捷(ruijie)RG-EW1200G路由器 远程命令执行(需登录) 漏洞描述 Ruijie Networks RG-EW1200G是中国锐捷网络（Ruijie Networks）公司的一款无线路由器。 Ruijie Networks...