漏洞标题 CVE-2021-43734: kkFileview v4.0.0 - Local File Inclusion 漏洞描述 kkFileview v4.0.0 is vulnerable to local file inclusion which may lead to a sensitive file leak on a rela...

漏洞标题 CVE-2018-12998: Zoho manageengine - Cross-Site Scripting 漏洞描述 Zoho manageengine is vulnerable to reflected cross-site scripting. This impacts Zoho ManageEngine Netflow...

漏洞标题 Apache Nifi 信息泄露漏洞（CVE-2024-56512) 漏洞描述 ApacheNiFi是一款用于提取、转换和加载数据的软件工具。NiFi通过内置处理器集成了许多不同的数据类型和文件格式。通过集成FTL、S...

漏洞标题 CVE-2010-1878: Joomla! Component OrgChart 1.0.0 - Local File Inclusion 漏洞描述 A directory traversal vulnerability in the OrgChart (com_orgchart) component 1.0.0 for Joom...

漏洞标题 CVE-2017-9841: PHPUnit - Remote Code Execution 漏洞描述 PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data...

漏洞标题 CVE-2014-4558: WooCommerce Swipe <= 2.7.1 - Cross-Site Scripting 漏洞描述 A cross-site scripting vulnerability in test-plugin.php in the Swipe Checkout for WooCommerce ...

漏洞标题 CVE-2018-14013: Synacor Zimbra Collaboration Suite Collaboration <8.8.11 - Cross-Site Scripting 漏洞描述 Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 ...

漏洞标题 CData Sync CVE-2024-31851 路径遍历漏洞 漏洞描述 CData sync存在路径遍历漏洞，此漏洞是由于/ui/接口对用户的请求验证不当造成的。 PoC代码 暂无

漏洞标题 CVE-2013-2251: Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution (S2-016) 漏洞描述 In Struts 2 before 2.3.15.1 the information following "action:&quo...

漏洞标题 CVE-2021-41349: Microsoft Exchange Server Pre-Auth POST Based Cross-Site Scripting 漏洞描述 Microsoft Exchange Server is vulnerable to a spoofing vulnerability. Be aware t...

漏洞报告 【Shopify 1,600 USD】Staff who only have apps and channels permission can do a takeover account at the wholesale store (Bypass get invitation link) http://hackerone.com/re...

漏洞标题 CVE-2021-24946: WordPress Modern Events Calendar <6.1.5 - Blind SQL Injection 漏洞描述 WordPress Modern Events Calendar plugin before 6.1.5 is susceptible to blind SQL ...

漏洞标题 CVE-2024-24328: TotoLink Router setMacFilterRules - Command Injection 漏洞描述 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulner...

漏洞标题 CVE-2024-10486: Google for WooCommerce <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File 漏洞描述 The Google for WooCommerce plugin for WordPress ...

漏洞标题 Apache Cocoon XML 外部实体注入漏洞（CVE-2020-11991） 漏洞描述 9月11日 Apache 软件基金会发布安全公告，修复了 Apache Cocoonxml外部实体注入漏洞（CVE-2020-11991）。\n\nApache ...

漏洞标题 CVE-2023-20889: VMware Aria Operations for Networks - Code Injection Information Disclosure Vulnerability 漏洞描述 Aria Operations for Networks contains an information dis...