排序
CVE-2025-34085: WordPress Simple File List <=4.2.2 - Remote Code Execution
漏洞标题 CVE-2025-34085: WordPress Simple File List <=4.2.2 - Remote Code Execution 漏洞描述 An unrestricted file upload vulnerability in the WordPress Simple File List plugin b...
2025年1月7日 16:46CVE-2025-34085: WordPress Simple File List <=4.2.2 - Remote Code Execution
漏洞标题 CVE-2025-34085: WordPress Simple File List <=4.2.2 - Remote Code Execution 漏洞描述 An unrestricted file upload vulnerability in the WordPress Simple File List plugin b...
2025年1月7日 14:46CVE-2025-3102: SureTriggers – All-in-One Automation Platform ≤ 1.0.78 – Authentication Bypass
漏洞标题 CVE-2025-3102: SureTriggers – All-in-One Automation Platform ≤ 1.0.78 - Authentication Bypass 漏洞描述 The SureTriggers- All-in-One Automation Platform plugin for WordPr...
2025年1月6日 23:04CVE-2025-34035: EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 Root Remote Code Execution
漏洞标题 CVE-2025-34035: EnGenius EnShare IoT Gigabit Cloud Service 1.4.11 Root Remote Code Execution 漏洞描述 An OS command injection vulnerability exists in EnGenius EnShare Clou...
2025年1月6日 20:24CVE-2025-49029: WordPress Custom Login And Signup Widget Plugin <= 1.0 - Arbitrary Code Execution
漏洞标题 CVE-2025-49029: WordPress Custom Login And Signup Widget Plugin <= 1.0 - Arbitrary Code Execution 漏洞描述 Improper Control of Generation of Code ('Code Injection&...
2025年1月5日 19:08(CVE-2025-54123) Hoverfly 中间件API命令注入漏洞
漏洞标题 (CVE-2025-54123) Hoverfly 中间件API命令注入漏洞 漏洞描述 (CVE-2025-54123) Hoverfly 中间件API命令注入漏洞 PoC代码 暂无
2025年1月4日 10:17CVE-2025-27112: Navidrome <=0.54.5 - Authentication Bypass in Subsonic API
漏洞标题 CVE-2025-27112: Navidrome <=0.54.5 - Authentication Bypass in Subsonic API 漏洞描述 Navidrome is an open source web-based music collection server and streamer. Starting...
2025年1月4日 08:56(CVE-2025-54251)Adobe Experience Manager XML注入漏洞导致安全功能绕过
漏洞标题 (CVE-2025-54251)Adobe Experience Manager XML注入漏洞导致安全功能绕过 漏洞描述 (CVE-2025-54251)Adobe Experience Manager XML注入漏洞导致安全功能绕过 PoC代码 暂无
2025年1月4日 07:21CVE-2025-1974-k8s: Ingress-Nginx Controller – Unauthenticated Remote Code Execution
漏洞标题 CVE-2025-1974-k8s: Ingress-Nginx Controller - Unauthenticated Remote Code Execution 漏洞描述 A security issue was discovered in ingress-nginx where the `auth-tls-match-cn`...
2025年1月4日 02:00CVE-2025-25034: SugarCRM – Unauthenticated Remote Code Execution via PHP Object Injection
漏洞标题 CVE-2025-25034: SugarCRM - Unauthenticated Remote Code Execution via PHP Object Injection 漏洞描述 A PHP object injection vulnerability exists in SugarCRM versions prior t...
2025年1月3日 22:43CVE-2025-1302: JSONPath Plus < 10.3.0 - Remote Code Execution
漏洞标题 CVE-2025-1302: JSONPath Plus < 10.3.0 - Remote Code Execution 漏洞描述 Versions of the package jsonpath-plus before 10.3.0 are vulnerable to Remote Code Execution (RCE)...
2025年1月3日 20:00CVE-2025-49001: Dataease JWT 认证绕过漏洞
漏洞标题 CVE-2025-49001: Dataease JWT 认证绕过漏洞 漏洞描述 CVE-2025-49001 是由于JWT校验机制错误导致攻击者可伪造JWT令牌绕过身份验证流程 fofa: body="/js/index-0.0.0-dataease.js...
2025年1月3日 09:16CVE-2025-56819: Datart v1.0.0-rc.3 – Remote Code Execution
漏洞标题 CVE-2025-56819: Datart v1.0.0-rc.3 - Remote Code Execution 漏洞描述 Datart v1.0.0-rc.3 contains a vulnerability that allows remote attackers to execute arbitrary code via ...
2025年1月3日 01:47CVE-2025-34027: Versa Concerto API Path Based – Authentication Bypass
漏洞标题 CVE-2025-34027: Versa Concerto API Path Based - Authentication Bypass 漏洞描述 Authentication bypass in the Versa Concerto API, caused by URL decoding inconsistencies. It ...
2025年1月2日 15:17(CVE-2025-27817) Apache Kafka Client任意文件读取和SSRF漏洞
漏洞标题 (CVE-2025-27817) Apache Kafka Client任意文件读取和SSRF漏洞 漏洞描述 (CVE-2025-27817) Apache Kafka Client任意文件读取和SSRF漏洞 PoC代码 暂无
2025年1月2日 00:35CVE-2025-51586: PrestaShop – Information Disclosure
漏洞标题 CVE-2025-51586: PrestaShop - Information Disclosure 漏洞描述 User enumeration vulnerability in the AdminLogin controller in PrestaShop 1.7 through 8.2.2 allows remote atta...
2025年1月1日 07:41
