漏洞标题 CVE-2018-14933: NUUO NVRmini - Remote Command Execution 漏洞描述 NUUO NVRmini is vulnerable to unauthenticated remote command execution through the upgrade_handle.php file...

漏洞标题 CVE-2018-3238: Oracle Fusion Middleware WebCenter Sites 11.1.1.8.0 - Cross-Site Scripting 漏洞描述 The Oracle WebCenter Sites 11.1.1.8.0 component of Oracle Fusion Middlew...

漏洞标题 CVE-2024-13161: Ivanti EPM - Credential Coercion Vulnerability in GetHashForSingleFile 漏洞描述 A vulnerability in Ivanti Endpoint Manager (EPM) allows an unauthenticated ...

漏洞标题 CVE-2022-1952: WordPress eaSYNC Booking <1.1.16 - Arbitrary File Upload 漏洞描述 WordPress eaSync Booking plugin bundle for hotel, restaurant and car rental before 1.1....

漏洞标题 CVE-2023-29887: Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion 漏洞描述 A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote...

漏洞标题 CVE-2023-4114: PHP Jabbers Night Club Booking 1.0 - Cross Site Scripting 漏洞描述 A vulnerability was found in PHP Jabbers Night Club Booking Software 1.0. It has been rat...

漏洞标题 CVE-2018-19326: Zyxel VMG1312-B10D 5.13AAXA.8 - Local File Inclusion 漏洞描述 Zyxel VMG1312-B10D 5.13AAXA.8 is susceptible to local file inclusion. A remote unauthenticate...

漏洞标题 CVE-2022-25125: MCMS 5.2.4 - SQL Injection 漏洞描述 MCMS 5.2.4 contains a SQL injection vulnerability via search.do in the file /mdiy/dict/listExcludeApp. An attacker can ...

根据欧盟数据保护监管机构EDPS于1月10日发布的新闻稿，EDPS已于一周前下令欧洲刑警组织删除与犯罪活动没有明确关联的个人的数据，以减少对公民个人权力和自由的侵犯。 此前，欧洲刑警组织...

漏洞标题 CVE-2020-12256: rConfig 3.9.4 - Cross-Site Scripting 漏洞描述 The rConfig 3.9.4 is vulnerable to cross-site scripting. The devicemgmnt.php file improperly validates the re...

英文版：http://portswigger.net/research/cracking-the-lens-targeting-https-hidden-attack-surface 中文版： 针对HTTP的隐藏攻击面分析（上）http://www.anquanke.com/post/id/86578 针对HTT...

漏洞报告 Acronis #1070533 Acronis True Image 2021 (windows) does not validate server hostname on a login TLS connection Elastic #1218680 Improper authorization on /api/as/v1/creden...

漏洞标题 CVE-2025-4008: MeteoBridge <= 6.1 - Remote Code Execution 漏洞描述 The Meteobridge web interface let meteobridge administrator manage their weather station data collect...

漏洞标题 CVE-2022-36537: ZK Framework - Information Disclosure 漏洞描述 ZK Framework 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 is susceptible to information disclosure. An attac...

漏洞标题 CVE-2021-24876: Registrations for The Events Calendar < 2.7.5 - Authenticated Reflected Cross-Site Scripting 漏洞描述 The Registrations for the Events Calendar WordPres...

漏洞标题 CVE-2023-3306: 锐捷(ruijie)RG-EW1200G路由器 远程命令执行(需登录) 漏洞描述 Ruijie Networks RG-EW1200G是中国锐捷网络（Ruijie Networks）公司的一款无线路由器。 Ruijie Networks...