漏洞标题 CVE-2017-9841: PHPUnit - Remote Code Execution 漏洞描述 PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data...

漏洞标题 CVE-2024-30194: Sunshine Photo Cart <= 3.1.1 - Reflected Cross-Site Scripting 漏洞描述 WP Sunshine Sunshine Photo Cart versions up to 3.1.1 contain a cross-site scripti...

漏洞标题 CVE-2024-43917: WordPress TI WooCommerce Wishlist Plugin <= 2.8.2 - SQL Injection 漏洞描述 In the latest version (2.8.2 as of writing the article) and below, the plugin...

漏洞标题 CVE-2023-34362: MOVEit Transfer - Remote Code Execution 漏洞描述 In Progress MOVEit Transfer before 2021.0.6 (13.0.6), 2021.1.4 (13.1.4), 2022.0.4 (14.0.4), 2022.1.5 (14.1...

漏洞标题 CVE-2018-3238: Oracle Fusion Middleware WebCenter Sites 11.1.1.8.0 - Cross-Site Scripting 漏洞描述 The Oracle WebCenter Sites 11.1.1.8.0 component of Oracle Fusion Middlew...

漏洞标题 CVE-2024-4439: WordPress Core <6.5.2 - Cross-Site Scripting 漏洞描述 WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar bl...

漏洞标题 CVE-2009-4679: Joomla! Portfolio Nexus - Remote File Inclusion 漏洞描述 Joomla! Portfolio Nexus 1.5 contains a remote file inclusion vulnerability in the inertialFATE iF (...

漏洞标题 CVE-2022-4117: WordPress IWS Geo Form Fields <=1.0 - SQL Injection 漏洞描述 WordPress IWS Geo Form Fields plugin through 1.0 contains a SQL injection vulnerability. The...

漏洞标题 CVE-2025-24514: Ingress-Nginx Controller - Configuration Injection via Unsanitized `auth-url` Annotation 漏洞描述 A security issue was discovered in ingress-nginx https-//...

漏洞标题 CVE-2016-3081: Apache S2-032 Struts - Remote Code Execution 漏洞描述 Apache Struts 2.3.19 to 2.3.20.2, 2.3.21 to 2.3.24.1, and 2.3.25 to 2.3.28, when dynamic method invoca...

漏洞标题 CVE-2024-56331: Uptime-Kuma - Local File Inclusion (LFI) 漏洞描述 Uptime Kuma has an Improper URL Handling vulnerability that can be exploited through the "real-brows...

漏洞标题 CVE-2023-4911: Looney Tunables Linux - Local Privilege Escalation 漏洞描述 A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processi...

漏洞标题 CVE-2021-24746: WordPress Sassy Social Share Plugin <3.3.40 - Cross-Site Scripting 漏洞描述 WordPress plugin Sassy Social Share < 3.3.40 contains a reflected cross-s...

漏洞标题 CVE-2023-29919: SolarView Compact <= 6.00 - Local File Inclusion 漏洞描述 There is an arbitrary read file vulnerability in SolarView Compact 6.00 and below, attackers c...

前言 针对小程序和公众号的渗透测试，咱们都知道只要拿到开发者ID(AppID)和开发者密码(AppSecret)，咱们即可结束此次测试。拿到 Appid和Appsecret之后咱们大概率可以直接实现账号接管。 记录一...

漏洞标题 CVE-2020-9376: D-Link DIR-610 Devices - Information Disclosure 漏洞描述 D-Link DIR-610 devices allow information disclosure via SERVICES=DEVICE.ACCOUNT%0AAUTHORIZED_GROUP=...