漏洞标题 Apache Struts2(S2-012)远程代码执行漏洞(CVE-2013-1965) 漏洞描述 S2-012中，包含特制请求参数的请求可用于将任意 OGNL代码注入属性，然后用作重定向地址的请求参数，这将导致进一步...

漏洞标题 CVE-2021-43421: Studio-42 elFinder <2.1.60 - Arbitrary File Upload 漏洞描述 Studio-42 elFinder 2.0.4 to 2.1.59 is vulnerable to unauthenticated file upload via connecto...

漏洞标题 CVE-2019-10758: mongo-express Remote Code Execution 漏洞描述 mongo-express before 0.54.0 is vulnerable to remote code execution via endpoints that uses the `toBSON` method...

漏洞标题 Apache OFBiz CVE-2024-36104 鉴权绕过漏洞 漏洞描述 Apache OFBiz 存在鉴权绕过漏洞，此漏洞是由于ProgramExport未充分验证用户输入的数据所导致的。 PoC代码 暂无

漏洞标题 Atlassian Confluence Data Center and Server CVE-2024-21683 远程代码执行漏洞 漏洞描述 Atlassian Confluence Data Center and Server存在远程代码执行漏洞，此漏洞是程序对用户输...

漏洞标题 CVE-2025-6934: The Opal Estate Pro – Property Management <= 1.7.5 - Unauthenticated Privilege Escalation 漏洞描述 The Opal Estate Pro plugin (≤ 1.7.5) is vulnerable t...

漏洞标题 CVE-2024-31621: Flowise 1.6.5 - Authentication Bypass 漏洞描述 The flowise version <= 1.6.5 is vulnerable to authentication bypass vulnerability. PoC代码

漏洞标题 CVE-2025-2748: Kentico Xperience CMS - Unauthenticated Stored XSS 漏洞描述 The Kentico Xperience application does not fully validate or filter files uploaded via the multi...

漏洞标题 CVE-2025-6174: WordPress Qwizcards < 3.95 - Cross-Site Scripting (Reflected) 漏洞描述 The WordPress Qwizcards plugin before version 3.95 does not sanitise and escape th...

漏洞标题 CVE-2022-22963: Spring Cloud Function SPEL 远程命令执行漏洞 漏洞描述 Spring Cloud Function 是基于Spring Boot 的函数计算框架，它抽象出所有传输细节和基础架构，允许开发人员保...

漏洞标题 CVE-2024-48360: Qualitor <= v8.24 - Server-Side Request Forgery 漏洞描述 Qualitor v8.24 was discovered to contain a Server-Side Request Forgery (SSRF) via the component...

漏洞标题 CVE-2023-6895: Hikvision IP ping.php - Command Execution 漏洞描述 A vulnerability was found in Hikvision Intercom Broadcasting System 3.0.3_20201113_RELEASE(HIK). It has b...

漏洞标题 CVE-2021-24389: WordPress FoodBakery <2.2 - Cross-Site Scripting 漏洞描述 WordPress FoodBakery before 2.2 contains an unauthenticated reflected cross-site scripting vul...

漏洞标题 CVE-2023-20864: VMware Aria Operations for Logs - Unauthenticated Remote Code Execution 漏洞描述 VMware Aria Operations for Logs contains a deserialization vulnerability. ...

漏洞标题 CVE-2023-44012: mojoPortal v.2.7.0.0 - Cross-Site Scripting 漏洞描述 Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitra...

漏洞标题 CVE-2019-14950: WP Live Chat Support <= 8.0.27 — Stored Cross-Site Scripting 漏洞描述 wp-live-chat-support plugin before 8.0.27 for WordPress contains a reflected cros...