排序
CVE-2024-21633: MobSF – Path Traversal
漏洞标题 CVE-2024-21633: MobSF - Path Traversal 漏洞描述 MobSF is vulnerable to an issue with apktool (CVE-2024-21633) that allows for RCE or arbitrary file writing. It does this t...
2024年1月9日 00:53Apache OFBiz CVE-2024-38856 未授权代码执行漏洞
漏洞标题 Apache OFBiz CVE-2024-38856 未授权代码执行漏洞 漏洞描述 Apache OFBiz存在未授权代码执行漏洞,该漏洞是由于ProgramExport接口对用户的权限校验不当导致的。 PoC代码 暂无
2024年6月8日 18:00CVE-2024-6517: Contact Form 7 Math Captcha <= 2.0.1 - Cross-site Scripting
漏洞标题 CVE-2024-6517: Contact Form 7 Math Captcha <= 2.0.1 - Cross-site Scripting 漏洞描述 The Contact Form 7 Math Captcha WordPress plugin through 2.0.1 does not sanitise and...
2024年3月12日 12:37CVE-2024-29198: GeoServer Demo Request Endpoint – Server Side Request Forgery
漏洞标题 CVE-2024-29198: GeoServer Demo Request Endpoint - Server Side Request Forgery 漏洞描述 It is possible to achieve Server Side Request Forgery (SSRF) via the Demo request en...
2024年11月22日 03:04CVE-2024-28253: OpenMetaData – SpEL Injection in PUT /api/v1/policies
漏洞标题 CVE-2024-28253: OpenMetaData - SpEL Injection in PUT /api/v1/policies 漏洞描述 OpenMetadata is a unified platform for discovery, observability, and governance powered by a...
2024年1月23日 15:50CVE-2024-6586: Lightdash v0.1024.6 – Server-Side Request Forgery
漏洞标题 CVE-2024-6586: Lightdash v0.1024.6 - Server-Side Request Forgery 漏洞描述 Server-Side Request Forgery (“SSRF”) in the export dashboard functionality of Lightdash version...
2024年11月4日 06:16CVE-2024-36857: Jan v0.4.12 ‘readFileSync’ – Path Traversal
漏洞标题 CVE-2024-36857: Jan v0.4.12 'readFileSync' - Path Traversal 漏洞描述 Jan v0.4.12 was discovered to contain an arbitrary file read vulnerability via the /v1/app/r...
2024年7月3日 10:02CVE-2024-38472: Apache HTTPd Windows UNC – Server-Side Request Forgery
漏洞标题 CVE-2024-38472: Apache HTTPd Windows UNC - Server-Side Request Forgery 漏洞描述 SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to a malicious...
2024年1月21日 18:46CVE-2024-24329: TotoLink Router setPortForwardRules – Command Injection
漏洞标题 CVE-2024-24329: TotoLink Router setPortForwardRules - Command Injection 漏洞描述 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vuln...
2024年5月9日 02:04CVE-2024-48651: ProFTPD ≤ 1.3.8b – Privilege Escalation via mod_sql
漏洞标题 CVE-2024-48651: ProFTPD ≤ 1.3.8b - Privilege Escalation via mod_sql 漏洞描述 ProFTPD versions through 1.3.8b (before commit cec01cc) contain a vulnerability in the mod_sq...
2024年3月9日 16:30CVE-2024-43917: WordPress TI WooCommerce Wishlist Plugin <= 2.8.2 - SQL Injection
漏洞标题 CVE-2024-43917: WordPress TI WooCommerce Wishlist Plugin <= 2.8.2 - SQL Injection 漏洞描述 In the latest version (2.8.2 as of writing the article) and below, the plugin...
2024年8月2日 11:23CVE-2024-23917: JetBrains TeamCity > 2023.11.3 – Authentication Bypass
漏洞标题 CVE-2024-23917: JetBrains TeamCity > 2023.11.3 - Authentication Bypass 漏洞描述 In JetBrains TeamCity before 2023.11.3 authentication bypass leading to RCE was possible...
2024年5月31日 20:58CVE-2024-8698: Keycloak – SAML Core Package Signature Validation Flaw
漏洞标题 CVE-2024-8698: Keycloak - SAML Core Package Signature Validation Flaw 漏洞描述 A flaw exists in the SAML signature validation method within the Keycloak XMLSignatureUtil c...
2024年8月27日 05:47CVE-2024-51211: openSIS Classic v9.1 – SQL Injection
漏洞标题 CVE-2024-51211: openSIS Classic v9.1 - SQL Injection 漏洞描述 SQL injection vulnerability exists in OS4ED openSIS-Classic Version 9.1, specifically in the resetuserinfo.ph...
2024年11月11日 03:32CVE-2024-57049: TP-Link Archer C20 – Authentication Bypass
漏洞标题 CVE-2024-57049: TP-Link Archer C20 - Authentication Bypass 漏洞描述 A vulnerability in the TP-Link Archer C20 router with firmware version V6.6_230412 and earlier permits ...
2024年4月24日 16:44CVE-2024-3552: Web Directory Free < 1.7.0 - SQL Injection
漏洞标题 CVE-2024-3552: Web Directory Free < 1.7.0 - SQL Injection 漏洞描述 The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX ac...
2024年2月21日 21:58
