漏洞标题 CVE-2021-25120: Easy Social Feed < 6.2.7 - Cross-Site Scripting 漏洞描述 Easy Social Feed < 6.2.7 is susceptible to reflected cross-site scripting because the plugin...

漏洞标题 CVE-2014-100004: Sitecore CMS - Cross-Site Scripting 漏洞描述 Sitecore CMS contains a cross-site scripting vulnerability via the "special way" of displaying XML ...

漏洞标题 CVE-2022-0786: WordPress KiviCare <2.3.9 - SQL Injection 漏洞描述 WordPress KiviCare plugin before 2.3.9 contains a SQL injection vulnerability. The plugin does not san...

漏洞标题 CVE-2025-54249: Adobe Experience Manager ≤ 6.5.23.0 – SSRF 漏洞描述 Adobe Experience Manager versions 6.5.23.0 and earlier are affected by a Server-Side Request Forgery ...

漏洞标题 CVE-2015-4694: WordPress Zip Attachments <= 1.1.4 - Arbitrary File Retrieval 漏洞描述 WordPress zip-attachments plugin allows arbitrary file retrieval as it does not ch...

本文转载于公众号：融云攻防实验室，原文地址： 漏洞复现-Struts2-016 远程命令执行漏洞 Struts是Apache软件基金会（ASF）赞助的一个开源项目。它最初是Jakarta项目中的一个子项目，并在2004年3...

漏洞标题 CVE-2024-4455: YITH WooCommerce Ajax Search <= 2.4.0 - Cross-Site Scripting 漏洞描述 The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross...

漏洞标题 CVE-2023-35155: XWiki - Cross-Site Scripting 漏洞描述 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are ab...

漏洞标题 CVE-2024-6651: WordPress File Upload Plugin < 4.24.8 - Cross-Site Scripting 漏洞描述 The WordPress File Upload plugin before version 4.24.8 contains a reflected cross-s...

漏洞标题 CVE-2022-37122: Carel pCOWeb HVAC BACnet Gateway 2.1.0 - Path Traversal 漏洞描述 Carel pCOWeb HVAC BACnet Gateway 2.1.0 contains an unauthenticated arbitrary file disclosu...

漏洞标题 CVE-2020-15148: Yii 2 < 2.0.38 - Remote Code Execution 漏洞描述 Yii 2 (yiisoft/yii2) before version 2.0.38 is vulnerable to remote code execution if the application cal...

漏洞标题 CVE-2023-28121: WooCommerce Payments - Unauthorized Admin Access 漏洞描述 An issue in WooCommerce Payments plugin for WordPress (versions 5.6.1 and lower) allows an unauth...

漏洞标题 CVE-2022-38467: CRM Perks Forms < 1.1.1 - Cross Site Scripting 漏洞描述 The plugin does not sanitise and escape some parameters from a sample file before outputting the...

漏洞标题 CVE-2019-12725: Zeroshell 3.9.0 - Remote Command Execution 漏洞描述 Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs b...

漏洞标题 CVE-2024-5522: WordPress HTML5 Video Player < 2.5.27 - SQL Injection 漏洞描述 The HTML5 Video Player WordPress plugin before 2.5.27 does not sanitize and escape a param...

漏洞标题 CVE-2016-1000139: WordPress Infusionsoft Gravity Forms <=1.5.11 - Cross-Site Scripting 漏洞描述 WordPress plugin Infusionsoft 1.5.11 and before contains a reflected cro...