漏洞标题 Anyscale Ray CVE-2023-48022 远程代码执行漏洞 漏洞描述 Anyscale Ray 是一个开源的分布式计算框架，可以轻松扩展 AI 和 Python 工作。该框架中存在远程代码执行漏洞，此漏洞是程序对...

漏洞标题 CVE-2021-25297: Nagios 5.5.6-5.7.5 - Authenticated Remote Command Injection 漏洞描述 Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection...

漏洞标题 CVE-2023-3380: WAVLINK WN579X3 - Remote Command Execution 漏洞描述 Remote Command Execution vulnerability in WAVLINK WN579X3 routers via pingIp parameter in /cgi-bin/adm.c...

漏洞标题 CVE-2023-1020: Steveas WP Live Chat Shoutbox <= 1.4.2 - SQL Injection 漏洞描述 The Steveas WP Live Chat Shoutbox WordPress plugin through 1.4.2 does not sanitise and es...

漏洞标题 CVE-2025-3415: Grafana - Exposes DingDing API Keys 漏洞描述 An incident occurred where the DingDing alerting integration URL was inadvertently exposed to viewers due to a ...

漏洞标题 CVE-2018-7653: YzmCMS v3.6 - Cross-Site Scripting 漏洞描述 In YzmCMS 3.6, index.php has XSS via the a, c, or m parameter. PoC代码

漏洞标题 CVE-2021-24287: WordPress Select All Categories and Taxonomies <1.3.2 - Cross-Site Scripting 漏洞描述 WordPress Select All Categories and Taxonomies plugin before 1.3.2...

漏洞标题 CVE-2019-19825: TOTOLINK/Realtek Routers - CAPTCHA Bypass 漏洞描述 On certain TOTOLINK Realtek SDK based routers, the CAPTCHA text can be retrieved via a POST request to t...

漏洞标题 CVE-2018-6910: DedeCMS 5.7 - Path Disclosure 漏洞描述 DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc...

漏洞标题 CVE-2021-37704: phpfastcache - phpinfo Resource Exposure 漏洞描述 phpinfo() is susceptible to resource exposure in unprotected composer vendor folders via phpfastcache/php...

漏洞标题 CVE-2020-25078: DLink Account Disclosure 漏洞描述 An issue was discovered on D-Link DCS-2530L before 1.06.01 Hotfix and DCS-2670L through 2.02 devices. The unauthenticated...

漏洞标题 CVE-2024-12987: DrayTek Vigor - Command Injection 漏洞描述 DrayTek Gateway devices (Vigor2960, Vigor300B, etc.) are vulnerable to command injection via the session paramet...

漏洞标题 CVE-2018-19287: WordPress Ninja Forms <3.3.18 - Cross-Site Scripting 漏洞描述 WordPress Ninja Forms plugin before 3.3.18 contains a cross-site scripting vulnerability. ...

漏洞标题 CVE-2020-8615: Wordpress Plugin Tutor LMS 1.5.3 - Cross-Site Request Forgery 漏洞描述 A CSRF vulnerability in the Tutor LMS plugin before 1.5.3 for WordPress can result in...

漏洞标题 CVE-2021-33851: WordPress Customize Login Image <3.5.3 - Cross-Site Scripting 漏洞描述 WordPress Customize Login Image plugin prior to 3.5.3 contains a cross-site scrip...

漏洞标题 CVE-2024-6670: WhatsUp Gold HasErrors SQL Injection - Authentication Bypass 漏洞描述 In WhatsUp Gold versions released before 2024.0.0, a SQL Injection vulnerability allow...