漏洞标题 CVE-2023-1496: Imgproxy < 3.14.0 - Cross-site Scripting (XSS) 漏洞描述 Cross-site Scripting (XSS) - Reflected in GitHub repository imgproxy/imgproxy prior to 3.14.0. Po...

漏洞标题 CVE-2016-1000139: WordPress Infusionsoft Gravity Forms <=1.5.11 - Cross-Site Scripting 漏洞描述 WordPress plugin Infusionsoft 1.5.11 and before contains a reflected cro...

漏洞标题 CVE-2019-16313: ifw8 Router ROM v4.31 - Credential Discovery 漏洞描述 ifw8 Router ROM v4.31 is vulnerable to credential disclosure via action/usermanager.htm HTML source c...

漏洞标题 CVE-2010-1312: Joomla! Component News Portal 1.5.x - Local File Inclusion 漏洞描述 A directory traversal vulnerability in the iJoomla News Portal (com_news_portal) compone...

漏洞标题 CVE-2017-9791: Apache Struts2 S2-053 - Remote Code Execution 漏洞描述 Apache Struts 2.1.x and 2.3.x with the Struts 1 plugin might allow remote code execution via a malici...

漏洞标题 CVE-2021-24245: WordPress Stop Spammers <2021.9 - Cross-Site Scripting 漏洞描述 WordPress Stop Spammers plugin before 2021.9 contains a reflected cross-site scripting v...

挖洞技巧 Full account takeover through referral code http://hector0x.medium.com/broken-authentication-through-referral-code-25cd0e8bccc2 SecurityMB's October 2021 Prototype Polluti...

漏洞标题 CVE-2022-29014: Razer Sila Gaming Router 2.0.441_api-2.0.418 - Local File Inclusion 漏洞描述 Razer Sila Gaming Router 2.0.441_api-2.0.418 is vulnerable to local file inclu...

漏洞标题 CVE-2023-35813: Sitecore - Remote Code Execution 漏洞描述 Multiple Sitecore products allow remote code execution. This affects Experience Manager, Experience Platform, and...

漏洞标题 CVE-2018-20985: WordPress Payeezy Pay <=2.97 - Local File Inclusion 漏洞描述 WordPress Plugin WP Payeezy Pay is prone to a local file inclusion vulnerability because it...

漏洞标题 CVE-2021-22205: GitLab CE/EE - Remote Code Execution 漏洞描述 GitLab CE/EE starting from 11.9 does not properly validate image files that were passed to a file parser, res...

漏洞标题 CVE-2024-41667: OpenAM<=15.0.3 FreeMarker - Template Injection 漏洞描述 OpenAM is an open access management solution. In versions 15.0.3 and prior, the `getCustomLoginU...

漏洞标题 CVE-2021-39501: EyouCMS 1.5.4 Open Redirect 漏洞描述 EyouCMS 1.5.4 is vulnerable to an Open Redirect vulnerability. An attacker can redirect a user to a malicious url via ...

漏洞标题 CVE-2024-7714: AI Assistant with ChatGPT by AYS <= 2.0.9 - Unauthenticated AJAX Calls 漏洞描述 The plugin lacks sufficient access controls allowing an unauthenticated u...

漏洞标题 Copyparty1.8.6存在XSS漏洞(CVE-2025-54589) 漏洞描述 Copyparty1.8.6存在XSS漏洞，攻击者可以获取用户敏感信息。 PoC代码 暂无

漏洞标题 CVE-2021-41467: JustWriting - Cross-Site Scripting 漏洞描述 A cross-site scripting vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allo...