排序
CVE-2024-7029: AVTECH IP Camera – Command Injection
漏洞标题 CVE-2024-7029: AVTECH IP Camera - Command Injection 漏洞描述 The endpoint `/cgi-bin/supervisor/Factory.cgi` is vulnerable to command injection via the `action` parameter, ...
2024年7月11日 16:06CVE-2024-38353: CodiMD <2.5.4 - Insecure Filename Randomization
漏洞标题 CVE-2024-38353: CodiMD <2.5.4 - Insecure Filename Randomization 漏洞描述 CodiMD does not require valid authentication to access uploaded images or to upload new image d...
2024年7月11日 13:54CData Sync CVE-2024-31851 路径遍历漏洞
漏洞标题 CData Sync CVE-2024-31851 路径遍历漏洞 漏洞描述 CData sync存在路径遍历漏洞,此漏洞是由于/ui/接口对用户的请求验证不当造成的。 PoC代码 暂无
2024年7月11日 11:57CVE-2024-2961: PHP – LFR to Remote Code Execution
漏洞标题 CVE-2024-2961: PHP - LFR to Remote Code Execution 漏洞描述 PHP Local File Read vulnerability leading to Remote Code Execution PoC代码
2024年7月11日 04:26CVE-2024-8425: WooCommerce Ultimate Gift Card ≤ 2.6.0 – Arbitrary File Upload
漏洞标题 CVE-2024-8425: WooCommerce Ultimate Gift Card ≤ 2.6.0 - Arbitrary File Upload 漏洞描述 The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary ...
2024年7月10日 19:14CVE-2024-24328: TotoLink Router setMacFilterRules – Command Injection
漏洞标题 CVE-2024-24328: TotoLink Router setMacFilterRules - Command Injection 漏洞描述 TOTOLINK A3300R V17.0.0cu.557_B20221024 was discovered to contain a command injection vulner...
2024年7月10日 17:17CVE-2024-10783: WordPress Plugin MainWP Child – Authentication Bypass
漏洞标题 CVE-2024-10783: WordPress Plugin MainWP Child - Authentication Bypass 漏洞描述 The plugin is vulnerable to an authentication bypass that allows an unauthenticated user to ...
2024年7月10日 14:43CVE-2024-6646: Netgear-WN604 downloadFile.php – Information Disclosure
漏洞标题 CVE-2024-6646: Netgear-WN604 downloadFile.php - Information Disclosure 漏洞描述 There is an information leakage vulnerability in the downloadFile.php interface of Netgear ...
2024年7月10日 11:20CVE-2024-23897: Jenkins < 2.441 - Arbitrary File Read
漏洞标题 CVE-2024-23897: Jenkins < 2.441 - Arbitrary File Read 漏洞描述 Jenkins 2.441 and earlier, LTS 2.426.2 and earlier does not disable a feature of its CLI command parser t...
2024年7月10日 06:19CVE-2024-4956: Sonatype Nexus Repository Manager 3 – Local File Inclusion
漏洞标题 CVE-2024-4956: Sonatype Nexus Repository Manager 3 - Local File Inclusion 漏洞描述 Path Traversal in Sonatype Nexus Repository 3 allows an unauthenticated attacker to read...
2024年7月10日 04:24CVE-2024-4434: LearnPress WordPress LMS Plugin <= 4.2.6.5 - SQL Injection
漏洞标题 CVE-2024-4434: LearnPress WordPress LMS Plugin <= 4.2.6.5 - SQL Injection 漏洞描述 The LearnPress WordPress LMS Plugin plugin for WordPress is vulnerable to time-based ...
2024年7月9日 20:02CVE-2024-0200: Github Enterprise Authenticated Remote Code Execution
漏洞标题 CVE-2024-0200: Github Enterprise Authenticated Remote Code Execution 漏洞描述 An unsafe reflection vulnerability was identified in GitHub Enterprise Server that could lead...
2024年7月9日 15:32CVE-2024-54385: Radio Player <= 2.0.82 - Server-Side Request Forgery
漏洞标题 CVE-2024-54385: Radio Player <= 2.0.82 - Server-Side Request Forgery 漏洞描述 The Radio Player Live Shoutcast, Icecast and Any Audio Stream Player for WordPress plugin ...
2024年7月9日 03:32CVE-2024-11680: ProjectSend <= r1605 - Improper Authorization
漏洞标题 CVE-2024-11680: ProjectSend <= r1605 - Improper Authorization 漏洞描述 An improper authorization check was identified within ProjectSend version r1605 that allows an at...
2024年7月8日 21:13CVE-2024-7332: TOTOLINK CP450 v4.1.0cu.747_B20191224 – Hard-Coded Password Vulnerability
漏洞标题 CVE-2024-7332: TOTOLINK CP450 v4.1.0cu.747_B20191224 - Hard-Coded Password Vulnerability 漏洞描述 A critical vulnerability has been discovered in TOTOLINK CP450 version 4....
2024年7月8日 17:55CVE-2024-2782: WordPress FluentForms <= 5.1.16 - Broken Access Control
漏洞标题 CVE-2024-2782: WordPress FluentForms <= 5.1.16 - Broken Access Control 漏洞描述 The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Bu...
2024年7月8日 16:16
