漏洞标题 CVE-2024-38472: Apache HTTPd Windows UNC - Server-Side Request Forgery 漏洞描述 SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to a malicious...

漏洞标题 CVE-2024-4455: YITH WooCommerce Ajax Search <= 2.4.0 - Cross-Site Scripting 漏洞描述 The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross...

漏洞标题 CData Sync CVE-2024-31851 路径遍历漏洞 漏洞描述 CData sync存在路径遍历漏洞，此漏洞是由于/ui/接口对用户的请求验证不当造成的。 PoC代码 暂无

漏洞标题 CVE-2024-55218: IceWarp Server 10.2.1 - Cross-Site Scripting 漏洞描述 IceWarp Server 10.2.1 is vulnerable to Cross Site Scripting (XSS) via the meta parameter. PoC代码

漏洞标题 CVE-2024-39887: Apache Superset < 4.0.2 - SQL Injection 漏洞描述 An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elem...

漏洞标题 CVE-2024-45309: OneDev.io < 11.0.9 - Arbitrary File Read 漏洞描述 Files on the host computer can be accessed by directory traversal. PoC代码

漏洞标题 CVE-2024-4399: WordPress CAS Theme <= 1.0.0 - Server-Side Request Forgery 漏洞描述 The CAS WordPress theme through version 1.0.0 is vulnerable to Server-Side Request Fo...

漏洞标题 CVE-2024-27348: Apache HugeGraph-Server - Remote Command Execution 漏洞描述 Apache HugeGraph-Server is an open-source graph database that provides a scalable and high-perf...

漏洞标题 CVE-2024-4439: WordPress Core <6.5.2 - Cross-Site Scripting 漏洞描述 WordPress Core is vulnerable to Stored Cross-Site Scripting via user display names in the Avatar bl...

漏洞标题 CVE-2024-22927: eyoucms v.1.6.5 - Cross-Site Scripting 漏洞描述 Cross Site Scripting (XSS) vulnerability in the func parameter in eyoucms v.1.6.5 allows a remote attacker ...

漏洞标题 CVE-2024-4956: Nexus Repository Manager 文件读取漏洞 漏洞描述 Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read system files. Fixed ...

漏洞标题 CVE-2024-0799: Arcserve Unified Data Protection - Authentication Bypass 漏洞描述 An authentication bypass vulnerability exists in Arcserve Unified Data Protection 9.2 and ...

漏洞标题 CVE-2024-13126: WordPress Download Manager < 3.3.07 - Unauthenticated Data Exposure 漏洞描述 The WordPress Download Manager plugin before version 3.3.07 does not preven...

漏洞标题 CVE-2024-10486: Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File 漏洞描述 The Google for WooCommerce plugin for WordPress ...

漏洞标题 Apache OFBiz StatsSinceStart 远程代码执行漏洞（CVE-2024-45507） 漏洞描述 Apache OFBiz 18.12.16 之前的版本在 Linux 和 Windows 系统上存在未经身份验证的远程代码执行漏洞。 PoC...

漏洞标题 CVE-2024-32651: Change Detection - Server Side Template Injection 漏洞描述 A Server Side Template Injection in changedetection.io caused by usage of unsafe functions of Ji...