漏洞标题 CVE-2021-24239: WordPress Pie Register <3.7.0.1 - Cross-Site Scripting 漏洞描述 WordPress Pie Register plugin before 3.7.0.1 is susceptible to cross-site scripting. The...

漏洞标题 CVE-2022-1058: Gitea <1.16.5 - Open Redirect 漏洞描述 Gitea before 1.16.5 is susceptible to open redirect via GitHub repository go-gitea/gitea. An attacker can redirect...

漏洞标题 CVE-2023-35158: XWiki - Cross-Site Scripting 漏洞描述 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are ab...

漏洞标题 CVE-2022-40083: Labstack Echo 4.8.0 - Open Redirect 漏洞描述 Labstack Echo 4.8.0 contains an open redirect vulnerability via the Static Handler component. An attacker can ...

漏洞标题 CVE-2025-28367: mojoPortal <=2.9.0.1 - Directory Traversal 漏洞描述 mojoPortal <=2.9.0.1 is vulnerable to Directory Traversal via BetterImageGallery API Controller -...

漏洞标题 CVE-2022-0928: Microweber < 1.2.12 - Stored Cross-Site Scripting 漏洞描述 Microweber prior to 1.2.12 contains a stored cross-site scripting vulnerability via the Type p...

漏洞标题 Apache Struts2-输入验证漏洞(S2-057)(CVE-2018-11776) 漏洞描述 【漏洞对象】Apache Struts 2 【涉及版本】2.3-2.3.34，2.5-2.5.16 【漏洞描述】软件存在输入验证漏洞，远程攻击者可...

漏洞标题 CVE-2023-22480: KubeOperator Foreground `kubeconfig` - File Download 漏洞描述 KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, d...

漏洞标题 CVE-2025-1974-k8s: Ingress-Nginx Controller - Unauthenticated Remote Code Execution 漏洞描述 A security issue was discovered in ingress-nginx where the `auth-tls-match-cn`...

漏洞报告 3500$的XSS http://hackerone.com/reports/1410459 导入文档处SSRF5000$ http://hackerone.com/reports/1409727 自动化挖洞捡到1500$ http://hackerone.com/reports/1380121 挖洞技巧 ...

漏洞标题 CVE-2023-42344: OpenCMS - XML external entity (XXE) 漏洞描述 users can execute code without authentication. An attacker can execute malicious requests on the OpenCms serve...

漏洞标题 CVE-2024-4348: osCommerce v4.0 - Cross-site Scripting 漏洞描述 A vulnerability, which was classified as problematic, was found in osCommerce 4. Affected is an unknown func...

漏洞标题 CVE-2018-17283: Zoho ManageEngine OpManager - SQL Injection 漏洞描述 Zoho ManageEngine OpManager before 12.3 Build 123196 does not require authentication for /oputilsServl...

漏洞标题 CVE-2022-36923: Zoho ManageEngine - getUserAPIKey Authentication Bypass 漏洞描述 Zoho ManageEngine OpManager, OpManager Plus, OpManager MSP, Network Configuration Manager,...

漏洞标题 CVE-2024-23917: JetBrains TeamCity > 2023.11.3 - Authentication Bypass 漏洞描述 In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible...

漏洞标题 CVE-2021-38647: Microsoft Open Management Infrastructure - Remote Code Execution 漏洞描述 Microsoft Open Management Infrastructure is susceptible to remote code execution ...