漏洞标题 CVE-2021-24274: WordPress Supsystic Ultimate Maps <1.2.5 - Cross-Site Scripting 漏洞描述 WordPress Supsystic Ultimate Maps plugin before 1.2.5 contains an unauthenticat...

漏洞标题 CVE-2022-44957: WebTareas 2.4p5 - Cross-Site Scripting 漏洞描述 webtareas 2.4p5 was discovered to contain a cross-site scripting (XSS) vulnerability in the component /clie...

背景： 得到一个Android的CrackMe来考察逆向知识，分析后发现其关键函数位于native so库中，并且在函数开始时启动了线程进行TracerPid检测的反调试，当发现程序被调试时会直接杀死应用。虽然题...

漏洞标题 CVE-2024-7332: TOTOLINK CP450 v4.1.0cu.747_B20191224 - Hard-Coded Password Vulnerability 漏洞描述 A critical vulnerability has been discovered in TOTOLINK CP450 version 4....

漏洞标题 CVE-2021-24554: WordPress Paytm Donation <=1.3.2 - Authenticated SQL Injection 漏洞描述 WordPress Paytm Donation plugin through 1.3.2 is susceptible to authenticated SQ...

漏洞标题 CVE-2010-1308: Joomla! Component SVMap 1.1.1 - Local File Inclusion 漏洞描述 A directory traversal vulnerability in the SVMap (com_svmap) component 1.1.1 for Joomla! allow...

漏洞标题 CVE-2021-21351: XStream <1.4.16 - Remote Code Execution 漏洞描述 XStream before 1.4.16 is susceptible to remote code execution. An attacker can load and execute arbitra...

漏洞报告 【Gitlab 1,800 USD】[Java] CWE-502: Unsafe deserialization with three JSON frameworks http://hackerone.com/reports/1368720 【Gitlab 1,800 USD】[Python]: CWE-117 Log Inject...

漏洞标题 CVE-2016-2389: SAP xMII 15.0 for SAP NetWeaver 7.4 - Local File Inclusion 漏洞描述 SAP xMII 15.0 for SAP NetWeaver 7.4 is susceptible to a local file inclusion vulnerabili...

漏洞标题 CVE-2022-0786: WordPress KiviCare <2.3.9 - SQL Injection 漏洞描述 WordPress KiviCare plugin before 2.3.9 contains a SQL injection vulnerability. The plugin does not san...

漏洞标题 CVE-2010-2682: Joomla! Component Realtyna Translator 1.0.15 - Local File Inclusion 漏洞描述 A directory traversal vulnerability in the Realtyna Translator (com_realtyna) c...

漏洞标题 CVE-2022-22242: Juniper Networks Junos OS 错误页面反射 XSS 漏洞 漏洞描述 CVE-2022-22242它是位于出错页面 (“error.php”) 上的预认证反射型XSS漏洞，可导致远程攻击者嗅探 Junos...

漏洞标题 CVE-2024-48307: JeecgBoot v3.7.1 - SQL Injection 漏洞描述 The JeecgBoot application is vulnerable to SQL Injection via the `getTotalData` endpoint. An attacker can exploit...

web漏洞挖掘指南 CSRF跨站请求伪造 一、CSRF的漏洞原理以及攻击过程 顾名思义，CSRF跨站请求伪造是一种伪造受害者的请求以达成某种目的的攻击手法，本质上我将其理解为攻击者像操控木偶一样让受...

漏洞标题 Citrix ADC and Gateway CVE-2023-4966 信息泄露漏洞 - 1 漏洞描述 Citrix ADC and Gateway CVE-2023-4966 信息泄露漏洞 - 1 日期: 2024-02-07 | 影响软件: Citrix ADC | PoC代码 暂无

漏洞标题 CVE-2021-36356: Kramer VIAware - Remote Code Execution 漏洞描述 KRAMER VIAware through August 2021 allows remote attackers to execute arbitrary code because ajaxPages/writ...