排序
CVE-2024-4040: CrushFTP VFS – Sandbox Escape LFR
漏洞标题 CVE-2024-4040: CrushFTP VFS - Sandbox Escape LFR 漏洞描述 VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers ...
2024年9月30日 12:13CVE-2024-0204: Fortra GoAnywhere MFT – Authentication Bypass
漏洞标题 CVE-2024-0204: Fortra GoAnywhere MFT - Authentication Bypass 漏洞描述 Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to c...
2024年9月30日 08:01CVE-2024-8484: REST API TO MiniProgram <= 4.7.1 - SQL Injection
漏洞标题 CVE-2024-8484: REST API TO MiniProgram <= 4.7.1 - SQL Injection 漏洞描述 The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'o...
2024年9月30日 05:12CVE-2024-2771: Contact Form Plugin by Fluent Forms < 5.1.17 - Unauthenticated Limited Privilege Escalation
漏洞标题 CVE-2024-2771: Contact Form Plugin by Fluent Forms < 5.1.17 - Unauthenticated Limited Privilege Escalation 漏洞描述 The plugin is vulnerable to privilege escalation due...
2024年9月30日 04:08CVE-2024-30269: DataEase <= 2.4.1 - Sensitive Information Exposure
漏洞标题 CVE-2024-30269: DataEase <= 2.4.1 - Sensitive Information Exposure 漏洞描述 DataEase, an open source data visualization and analysis tool, has a database configuration ...
2024年9月29日 18:27CVE-2024-6646: Netgear-WN604 downloadFile.php – Information Disclosure
漏洞标题 CVE-2024-6646: Netgear-WN604 downloadFile.php - Information Disclosure 漏洞描述 There is an information leakage vulnerability in the downloadFile.php interface of Netgear ...
2024年9月29日 16:47CVE-2024-30569: Netgear R6850 – Information Disclosure
漏洞标题 CVE-2024-30569: Netgear R6850 - Information Disclosure 漏洞描述 Netgear R6850 router firmware version V1.1.0.88 contains an information leakage vulnerability in the curren...
2024年9月29日 16:37CVE-2024-2473: WPS Hide Login <= 1.9.15.2 - Login Page Disclosure
漏洞标题 CVE-2024-2473: WPS Hide Login <= 1.9.15.2 - Login Page Disclosure 漏洞描述 The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all version...
2024年9月29日 05:45CVE-2024-4898: WordPress InstaWP Connect <= 0.1.0.38 - Unauthenticated User Creation
漏洞标题 CVE-2024-4898: WordPress InstaWP Connect <= 0.1.0.38 - Unauthenticated User Creation 漏洞描述 The InstaWP Connect – 1-click WP Staging & Migration plugin for WordP...
2024年9月29日 04:42CVE-2024-12760: BentoML v1.3.9 – Open Redirect
漏洞标题 CVE-2024-12760: BentoML v1.3.9 - Open Redirect 漏洞描述 An open redirect vulnerability exists in BentoML v1.3.9, where the file parameter in the /ui/gradio_api/file= endpo...
2024年9月28日 22:52CVE-2024-21485: Dash Framework – Cross-site Scripting
漏洞标题 CVE-2024-21485: Dash Framework - Cross-site Scripting 漏洞描述 Dash framework versions before 2.15.0 are vulnerable to Cross-site Scripting (XSS) via href attribute in anc...
2024年9月28日 14:59CVE-2024-21644: pyLoad Flask Config – Access Control
漏洞标题 CVE-2024-21644: pyLoad Flask Config - Access Control 漏洞描述 pyLoad is the free and open-source Download Manager written in pure Python. Any unauthenticated user can brow...
2024年9月28日 14:26CVE-2024-35627: TileServer API – Cross Site Scripting
漏洞标题 CVE-2024-35627: TileServer API - Cross Site Scripting 漏洞描述 tileserver-gl up to v4.4.10 was discovered to contain a cross-site scripting (XSS) vulnerability via the com...
2024年9月28日 13:25CVE-2024-10783: WordPress Plugin MainWP Child – Authentication Bypass
漏洞标题 CVE-2024-10783: WordPress Plugin MainWP Child - Authentication Bypass 漏洞描述 The plugin is vulnerable to an authentication bypass that allows an unauthenticated user to ...
2024年9月28日 07:25CVE-2024-12356: Privileged Remote Access & Remote Support – Command Injection
漏洞标题 CVE-2024-12356: Privileged Remote Access & Remote Support - Command Injection 漏洞描述 A critical vulnerability has been discovered in Privileged Remote Access (PRA) a...
2024年9月28日 06:28CVE-2024-39887: Apache Superset < 4.0.2 - SQL Injection
漏洞标题 CVE-2024-39887: Apache Superset < 4.0.2 - SQL Injection 漏洞描述 An SQL Injection vulnerability in Apache Superset exists due to improper neutralization of special elem...
2024年9月27日 22:29
