漏洞标题 CVE-2021-25055: WordPress FeedWordPress < 2022.0123 - Authenticated Cross-Site Scripting 漏洞描述 The plugin is affected by a cross-site scripting vulnerability within ...

漏洞标题 CVE-2022-38637: Hospital Management System 1.0 - SQL Injection 漏洞描述 Hospital Management System 1.0 contains a SQL injection vulnerability via the editid parameter in /...

漏洞标题 CVE-2024-50498: WP Query Console <= 1.0 - Remote Code Execution 漏洞描述 Improper Control of Generation of Code ('Code Injection') vulnerability in LUBUS WP Q...

漏洞标题 CVE-2025-27218: Sitecore Experience Manager (XM)/Experience Platform (XP) 10.4 - Insecure Deserialization 漏洞描述 Sitecore Experience Manager (XM) and Experience Platform...

漏洞标题 CVE-2021-26084: Confluence Server - Remote Code Execution 漏洞描述 Confluence Server and Data Center contain an OGNL injection vulnerability that could allow an authentica...

漏洞标题 CVE-2016-1000136: WordPress heat-trackr 1.0 - Cross-Site Scripting 漏洞描述 WordPress heat-trackr 1.0 contains a cross-site scripting vulnerability via heat-trackr_abtest_...

漏洞标题 CVE-2025-25034: SugarCRM - Unauthenticated Remote Code Execution via PHP Object Injection 漏洞描述 A PHP object injection vulnerability exists in SugarCRM versions prior t...

漏洞标题 CVE-2021-20123: Draytek VigorConnect 1.6.0-B - Local File Inclusion 漏洞描述 Draytek VigorConnect 1.6.0-B3 is susceptible to local file inclusion in the file download func...

漏洞标题 CVE-2021-42551: NetBiblio WebOPAC - Cross-Site Scripting 漏洞描述 NetBiblio WebOPAC before 4.0.0.320 is affected by a reflected cross-site scripting vulnerability in its W...

漏洞标题 CVE-2023-30777: Advanced Custom Fields < 6.1.6 - Cross-Site Scripting 漏洞描述 Advanced Custom Fields beofre 6.1.6 is susceptible to cross-site scripting via the post_s...

漏洞标题 CVE-2024-48248: NAKIVO Backup & Replication任意文件读取漏洞 漏洞描述 NAKIVO Backup & Replication 是一款专注于虚拟化、云端及混合环境的备份与灾难恢复的解决方案。攻击...

漏洞标题 CVE-2021-4462: Employee Records System 1.0 - Unauthenticated File Upload RCE 漏洞描述 Employee Records System version 1.0 contains an unrestricted file upload vulnerabilit...

漏洞标题 CVE-2021-45046-DAST: Apache Log4j2 - Remote Code Injection 漏洞描述 Apache Log4j2 Thread Context Lookup Pattern is vulnerable to remote code execution in certain non-defau...

前言 文章制作技术分享，请勿用于其他地方，产生的相关责任由使用者负全责。 相关阅读 实验流程 实验环境：一台kali（为×××机 NAT模式） 一台物理机（靶机），要想外网访问，需要做内网穿透 ...

漏洞标题 CVE-2017-7855: IceWarp WebMail 11.3.1.5 - Cross-Site Scripting 漏洞描述 IceWarp WebMail 11.3.1.5 is vulnerable to cross-site scripting via the language parameter. PoC代码

漏洞标题 CVE-2025-27218: Sitecore Experience Manager (XM)/Experience Platform (XP) 10.4 - Insecure Deserialization 漏洞描述 Sitecore Experience Manager (XM) and Experience Platform...