漏洞标题 Couchdb 垂直权限绕过漏洞(CVE-2017-12635) 漏洞描述 （CVE-2017-12635）是由于Erlang和 JavaScript 对 JSON解析方式的不同，在语句执行时产生差异性导致的。该漏洞可使非管理员用户赋...

漏洞标题 CVE-2022-1390: WordPress Admin Word Count Column 2.2 - Local File Inclusion 漏洞描述 The plugin does not validate the path parameter given to readfile(), which could allow...

漏洞标题 CVE-2019-20224: Pandora FMS 7.0NG - Remote Command Injection 漏洞描述 Pandora FMS 7.0NG allows remote authenticated users to execute arbitrary OS commands via shell metach...

漏洞标题 CVE-2020-15895: D-Link DIR-816L 2.x - Cross-Site Scripting 漏洞描述 D-Link DIR-816L devices 2.x before 1.10b04Beta02 contains a cross-site scripting vulnerability. In the ...

漏洞标题 CVE-2015-2068: Magento Server Mass Importer - Cross-Site Scripting 漏洞描述 Magento Server Mass Importer plugin contains multiple cross-site scripting vulnerabilities whic...

漏洞标题 CVE-2022-23779: Zoho ManageEngine - Internal Hostname Disclosure 漏洞描述 Zoho ManageEngine Desktop Central before 10.1.2137.8 exposes the installed server name to anyone....

漏洞标题 CVE-2022-2599: WordPress Anti-Malware Security and Brute-Force Firewall <4.21.83 - Cross-Site Scripting 漏洞描述 WordPress Anti-Malware Security and Brute-Force Firewal...

漏洞标题 CVE-2015-4455: WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload 漏洞描述 Unrestricted file upload vulnerability in includes/up...

漏洞标题 CVE-2021-37415: Zoho ManageEngine ServiceDesk Plus - Authentication Bypass 漏洞描述 Zoho ManageEngine ServiceDesk Plus before 11302 is vulnerable to authentication bypass ...

漏洞标题 CVE-2023-35844: Lightdash Arbitrary File Read 漏洞描述 Lightdash是一款数据分析平台，它可以让数据团队和其他业务部门聚集在一起以做出更好的数据驱动决策 Lightdash 0.510.3之前...

漏洞标题 CVE-2020-8209: Citrix XenMobile Server - Local File Inclusion 漏洞描述 Citrix XenMobile Server 10.12 before RP2, Citrix XenMobile Server 10.11 before RP4, Citrix XenMobile...

漏洞标题 CVE-2023-0236: WordPress Tutor LMS <2.0.10 - Cross Site Scripting 漏洞描述 WordPress Tutor LMS plugin before 2.0.10 contains a cross-site scripting vulnerability. The p...

漏洞标题 CVE-2021-24750: WordPress Visitor Statistics (Real Time Traffic) <4.8 -SQL Injection 漏洞描述 WordPress Visitor Statistics (Real Time Traffic) plugin before 4.8 does no...

漏洞标题 CVE-2016-10976: Safe Editor Plugin < 1.2 - CSS/JS-injection 漏洞描述 The safe-editor plugin before 1.2 for WordPress has no se_save authentication, with resultant XSS. ...

漏洞标题 CVE-2022-4140: WordPress Welcart e-Commerce <2.8.5 - Arbitrary File Access 漏洞描述 WordPress Welcart e-Commerce plugin before 2.8.5 is susceptible to arbitrary file ac...

漏洞标题 CVE-2025-25291: GitLab - SAML Authentication Bypass 漏洞描述 ruby-saml provides security assertion markup language (SAML) single sign-on (SSO) for Ruby. An authentication ...