排序
CVE-2025-49001: Dataease JWT 认证绕过漏洞
漏洞标题 CVE-2025-49001: Dataease JWT 认证绕过漏洞 漏洞描述 CVE-2025-49001 是由于JWT校验机制错误导致攻击者可伪造JWT令牌绕过身份验证流程 fofa: body="/js/index-0.0.0-dataease.js...
2025年1月3日 09:16CVE-2025-49029: WordPress Custom Login And Signup Widget Plugin <= 1.0 - Arbitrary Code Execution
漏洞标题 CVE-2025-49029: WordPress Custom Login And Signup Widget Plugin <= 1.0 - Arbitrary Code Execution 漏洞描述 Improper Control of Generation of Code ('Code Injection&...
2025年1月5日 19:08CVE-2025-49844: Redis Lua Parser < 8.2.2 - Use After Free
漏洞标题 CVE-2025-49844: Redis Lua Parser < 8.2.2 - Use After Free 漏洞描述 Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an ...
2025年10月30日 06:23CVE-2025-4388: Liferay Portal – Cross-Site Scripting
漏洞标题 CVE-2025-4388: Liferay Portal - Cross-Site Scripting 漏洞描述 A reflected cross-site scripting (XSS) vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Lifer...
2025年1月1日 06:54CVE-2025-53770: Microsoft SharePoint Server – Remote Code Execution (ToolShell)
漏洞标题 CVE-2025-53770: Microsoft SharePoint Server - Remote Code Execution (ToolShell) 漏洞描述 Deserialization of untrusted data in on-premises Microsoft SharePoint Server allow...
2025年7月17日 14:16CVE-2025-61757: Oracle Identity Manager REST WebServices – Authentication Bypass
漏洞标题 CVE-2025-61757: Oracle Identity Manager REST WebServices - Authentication Bypass 漏洞描述 Vulnerability in the Identity Manager product of Oracle Fusion Middleware (compon...
2025年11月27日 02:38CVE-2025-2748: Kentico Xperience CMS – Unauthenticated Stored XSS
漏洞标题 CVE-2025-2748: Kentico Xperience CMS - Unauthenticated Stored XSS 漏洞描述 The Kentico Xperience application does not fully validate or filter files uploaded via the multi...
2025年2月19日 22:29CVE-2025-5086: Dassault Systèmes DELMIA Apriso (up to 2025) – Insecure Deserialization
漏洞标题 CVE-2025-5086: Dassault Systèmes DELMIA Apriso (up to 2025) - Insecure Deserialization 漏洞描述 A deserialization of untrusted data vulnerability affecting DELMIA Apriso ...
2025年6月7日 22:19CVE-2025-11833: Post SMTP <= 3.6.0 - Email Log Disclosure
漏洞标题 CVE-2025-11833: Post SMTP <= 3.6.0 - Email Log Disclosure 漏洞描述 Post SMTP WordPress plugin <= 3.6.0 contains an unauthorized data access vulnerability caused by m...
2025年9月14日 08:02CVE-2025-58434: Flowise <= 3.0.5 - Account Takeover
漏洞标题 CVE-2025-58434: Flowise <= 3.0.5 - Account Takeover 漏洞描述 Flowise versions 3.0.5 and earlier had a vulnerability in the forgot-password endpoint, which returned vali...
2025年9月11日 07:49CVE-2025-1974-k8s: Ingress-Nginx Controller – Unauthenticated Remote Code Execution
漏洞标题 CVE-2025-1974-k8s: Ingress-Nginx Controller - Unauthenticated Remote Code Execution 漏洞描述 A security issue was discovered in ingress-nginx where the `auth-tls-match-cn`...
2025年9月17日 17:57CVE-2025-1974-k8s: Ingress-Nginx Controller – Unauthenticated Remote Code Execution
漏洞标题 CVE-2025-1974-k8s: Ingress-Nginx Controller - Unauthenticated Remote Code Execution 漏洞描述 A security issue was discovered in ingress-nginx where the `auth-tls-match-cn`...
2025年11月19日 06:23CVE-2025-49113: Roundcube Webmail – Remote Code Execution
漏洞标题 CVE-2025-49113: Roundcube Webmail - Remote Code Execution 漏洞描述 Roundcube Webmail before 1.5.10 and 1.6.x before 1.6.11 allows remote code execution by authenticated us...
2025年2月1日 01:40CVE-2025-30567: WordPress WP01 – Path Traversal
漏洞标题 CVE-2025-30567: WordPress WP01 - Path Traversal 漏洞描述 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wp01ru W...
2025年8月1日 03:07CVE-2025-31131: Yeswiki < 4.5.2 - Unauthenticated Path Traversal
漏洞标题 CVE-2025-31131: Yeswiki < 4.5.2 - Unauthenticated Path Traversal 漏洞描述 YesWiki is a wiki system written in PHP. The squelette parameter is vulnerable to path travers...
2025年9月21日 05:45(CVE-2025-4123) Grafana 路径遍历与开放重定向导致的跨站脚本漏洞
漏洞标题 (CVE-2025-4123) Grafana 路径遍历与开放重定向导致的跨站脚本漏洞 漏洞描述 (CVE-2025-4123) Grafana 路径遍历与开放重定向导致的跨站脚本漏洞 PoC代码 暂无
2025年7月11日 06:28
