漏洞标题 CVE-2024-28986: SolarWinds Web Help Desk < 12.8.3 - Insecure Deserialization 漏洞描述 SolarWinds Web Help Desk before version 12.8.3 contain a critical Java deserializa...

漏洞标题 CVE-2024-0012: Palo Alto Networks PAN-OS身份认证绕过导致RCE漏洞(CVE-2024-0012) 漏洞描述 PAN-OS 设备管理 Web 界面中存在身份认证绕过漏洞，未经身份验证的远程攻击者可以通过网...

漏洞标题 CVE-2024-39646: WordPress Custom 404 Pro <= 3.11.1 - Reflected XSS 漏洞描述 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripti...

漏洞标题 CVE-2024-32640: Mura/Masa CMS - SQL Injection 漏洞描述 The Mura/Masa CMS is vulnerable to SQL Injection. PoC代码

漏洞标题 CVE-2024-36401: GeoServer RCE in Evaluating Property Name Expressions 漏洞描述 In the GeoServer version prior to 2.25.1, 2.24.3 and 2.23.5 of GeoServer, multiple OGC reque...

漏洞标题 CVE-2024-30568: Netgear R6850 V1.1.0.88 - Command Injection 漏洞描述 Netgear R6850 router firmware version V1.1.0.88 suffers from a command injection vulnerability in the ...

漏洞标题 CVE-2024-0337: Travelpayouts <= 1.1.16 - Open Redirect 漏洞描述 The plugin is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect v...

漏洞标题 CVE-2024-4577: PHP CGI - Argument Injection 漏洞描述 PHP CGI - Argument Injection (CVE-2024-4577) is a critical argument injection flaw in PHP. PoC代码

漏洞标题 CVE-2024-7591: Kemp LoadMaster Load Balancer - Unauthenticated Command Injection 漏洞描述 Improper Input Validation vulnerability in Progress LoadMaster allows OS Command ...

漏洞标题 Adobe ColdFusion CVE-2024-20767 任意文件读取漏洞 漏洞描述 Adobe ColdFusion中存在任意文件读取漏洞，此漏洞是由于未充分验证用户输入file_name参数的数据所导致的。 PoC代码 暂无

漏洞标题 CVE-2024-4455: YITH WooCommerce Ajax Search <= 2.4.0 - Cross-Site Scripting 漏洞描述 The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross...

漏洞标题 CVE-2024-39250: EfroTech Timetrax v8.3 - Sql Injection 漏洞描述 EfroTech Timetrax v8.3 was discovered to contain an unauthenticated SQL injection vulnerability via the q p...

漏洞标题 CVE-2024-6753: Social Auto Poster <= 5.3.14 - Stored Cross-Site Scripting 漏洞描述 Social Auto Poster plugin for WordPress versions up to 5.3.14 contains a stored cross...

漏洞标题 CVE-2024-46938: Sitecore Experience Platform <= 10.4 - Arbitrary File Read 漏洞描述 An issue was discovered in Sitecore Experience Platform (XP), Experience Manager (XM...

漏洞标题 CVE-2024-5910: Palo Alto Expedition - Admin Account Takeover 漏洞描述 Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedi...

漏洞标题 AcuToWeb 存在 XSS 漏洞（CVE-2024-42852） 漏洞描述 AcuToWeb v.10.5.0.7577C8b 版本存在 XSS 漏洞，该漏洞源于容易受到反射型跨站脚本攻击，允许远程攻击者通过 index.php组件执行任...