漏洞标题 CVE-2021-27748: IBM WebSphere HCL Digital Experience - Server-Side Request Forgery 漏洞描述 IBM WebSphere HCL Digital Experience is vulnerable to server-side request forge...

漏洞标题 Astro Web Framework Cloudflare /_image 服务器端请求伪造漏洞（CVE-2025-58179） 漏洞描述 Astro 是一个用于内容驱动网站的网络框架。在11.0.3至12.6.5版本中，当使用Astro的Cloudfl...

漏洞标题 CVE-2022-1020: WordPress WooCommerce <3.1.2 - Arbitrary Function Call 漏洞描述 WordPress WooCommerce plugin before 3.1.2 does not have authorisation and CSRF checks in ...

漏洞标题 CVE-2024-2928: MLflow < 2.11.3 - Path Traversal 漏洞描述 MLflow versions prior to 2.11.3 are vulnerable to a Path Traversal attack due to improper URI fragment parsing....

漏洞标题 CVE-2021-32789: WooCommerce Blocks 2.5 to 5.5 - Unauthenticated SQL Injection 漏洞描述 woocommerce-gutenberg-products-block is a feature plugin for WooCommerce Gutenberg B...

漏洞标题 CVE-2017-11512: ManageEngine ServiceDesk 9.3.9328 - Arbitrary File Retrieval 漏洞描述 ManageEngine ServiceDesk 9.3.9328 is vulnerable to an arbitrary file retrieval due to...

漏洞标题 CVE-2016-1000152: WordPress Tidio-form <=1.0 - Cross-Site Scripting 漏洞描述 WordPress tidio-form1.0 contains a reflected cross-site scripting vulnerability which allow...

漏洞标题 CVE-2024-8517: SPIP BigUp Plugin - Remote Code Execution 漏洞描述 SPIP before 4.3.2, 4.2.16, and 4.1.18 is vulnerable to a command injection issue. A remote and unauthenti...

漏洞标题 CVE-2016-1000142: WordPress MW Font Changer <=4.2.5 - Cross-Site Scripting 漏洞描述 WordPress MW Font Changer plugin 4.2.5 and before contains a cross-site scripting vu...

漏洞标题 CVE-2019-11869: WordPress Yuzo <5.12.94 - Cross-Site Scripting 漏洞描述 WordPress Yuzo Related Posts plugin before 5.12.94 is vulnerable to cross-site scripting because...

漏洞标题 CVE-2025-6970: WordPress Events Manager <= 7.0.3 - SQL Injection 漏洞描述 The Events Manager - Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable...

漏洞标题 CVE-2021-24750: WordPress Visitor Statistics (Real Time Traffic) <4.8 -SQL Injection 漏洞描述 WordPress Visitor Statistics (Real Time Traffic) plugin before 4.8 does no...

漏洞标题 CVE-2021-24155: WordPress BackupGuard <1.6.0 - Authenticated Arbitrary File Upload 漏洞描述 WordPress Backup Guard plugin before 1.6.0 is susceptible to authenticated a...

漏洞标题 CVE-2023-6875: WordPress POST SMTP Mailer <= 2.8.7 - Authorization Bypass 漏洞描述 The POST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP ...

漏洞标题 CVE-2021-34622: WordPress ProfilePress <= 3.1.3 - Privilege Escalation 漏洞描述 ProfilePress plugin before 3.1.4 allows privilege escalation. Due to insufficient valida...

漏洞标题 CVE-2023-22952: SugarCRM Unauthenticated - Remote Code Execution 漏洞描述 In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the E...