排序
CVE-2024-0352: Likeshop userFormImage 文件上传漏洞
漏洞标题 CVE-2024-0352: Likeshop userFormImage 文件上传漏洞 漏洞描述 Likeshop up to 2.5.7.20210311 存在一处安全漏洞,被分类为严重级别。该漏洞影响 HTTP POST 请求处理组件的 file serv...
2024年11月1日 12:06CVE-2024-6926: Viral Signup <= 2.1 - SQL Injection
漏洞标题 CVE-2024-6926: Viral Signup <= 2.1 - SQL Injection 漏洞描述 The Viral Signup limited opt-in with viral referral sharing plugin for WordPress is vulnerable to SQL Inject...
2024年11月1日 00:02CVE-2024-13624: WordPress WPMovieLibrary Plugin <= 2.1.4.8 - Cross-Site Scripting
漏洞标题 CVE-2024-13624: WordPress WPMovieLibrary Plugin <= 2.1.4.8 - Cross-Site Scripting 漏洞描述 The WPMovieLibrary WordPress plugin through version 2.1.4.8 contains a reflec...
2024年10月31日 16:56CVE-2024-2879: WordPress Plugin LayerSlider 7.9.11-7.10.0 – SQL Injection
漏洞标题 CVE-2024-2879: WordPress Plugin LayerSlider 7.9.11-7.10.0 - SQL Injection 漏洞描述 The LayerSlider plugin for WordPress is vulnerable to SQL Injection via the ls_get_popup...
2024年10月31日 16:00CVE-2024-2389: Progress Flowmon rce
漏洞标题 CVE-2024-2389: Progress Flowmon rce 漏洞描述 Progress Flowmon 11.1.14之前的11.x版本和12.3.5之前的12.x版本存在命令执行漏洞,可执行系统命令获取主机权限。 PoC代码
2024年10月31日 03:23CVE-2024-48766: NetAlert X – Arbitary File Read
漏洞标题 CVE-2024-48766: NetAlert X - Arbitary File Read 漏洞描述 A directory traversal vulnerability has been identified in NetAlertX versions v24.7.18 - v24.9.12. PoC代码
2024年10月31日 02:05CVE-2024-40711: Veeam Backup & Replication – Unauthenticated
漏洞标题 CVE-2024-40711: Veeam Backup & Replication - Unauthenticated 漏洞描述 A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthent...
2024年10月31日 00:25CVE-2024-38472: Apache HTTPd Windows UNC – Server-Side Request Forgery
漏洞标题 CVE-2024-38472: Apache HTTPd Windows UNC - Server-Side Request Forgery 漏洞描述 SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to a malicious...
2024年10月30日 19:08CVE-2024-29973: Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - Command Injection
漏洞标题 CVE-2024-29973: Zyxel NAS326 Firmware < V5.21(AAZF.17)C0 - Command Injection 漏洞描述 The command injection vulnerability in the “setCookie” parameter in Zyxel NAS326...
2024年10月30日 15:09CVE-2024-6220: WordPress Keydatas ≤ 2.5.2 – Arbitrary File Upload
漏洞标题 CVE-2024-6220: WordPress Keydatas ≤ 2.5.2 - Arbitrary File Upload 漏洞描述 The Keydatas plugin for WordPress (known in Chinese as "简数采集器") is vulnerable to...
2024年10月30日 00:04CVE-2024-8425: WooCommerce Ultimate Gift Card ≤ 2.6.0 – Arbitrary File Upload
漏洞标题 CVE-2024-8425: WooCommerce Ultimate Gift Card ≤ 2.6.0 - Arbitrary File Upload 漏洞描述 The WooCommerce Ultimate Gift Card plugin for WordPress is vulnerable to arbitrary ...
2024年10月29日 22:46CVE-2024-8963: Ivanti Cloud Services Appliance – Path Traversal
漏洞标题 CVE-2024-8963: Ivanti Cloud Services Appliance - Path Traversal 漏洞描述 Path Traversal in the Ivanti CSA before 4.6 Patch 519 allows a remote unauthenticated attacker to ...
2024年10月29日 18:52CVE-2024-30570: Netgear R6850 – Information Disclosure
漏洞标题 CVE-2024-30570: Netgear R6850 - Information Disclosure 漏洞描述 Netgear R6850 router firmware version V1.1.0.88 contains an information leakage vulnerability in the debugi...
2024年10月29日 13:59CVE-2024-1061: WordPress HTML5 Video Player – SQL Injection
漏洞标题 CVE-2024-1061: WordPress HTML5 Video Player - SQL Injection 漏洞描述 WordPress HTML5 Video Player plugin is vulnerable to SQL injection. An unauthenticated attacker can ex...
2024年10月29日 09:44CVE-2024-7714: AI Assistant with ChatGPT by AYS <= 2.0.9 - Unauthenticated AJAX Calls
漏洞标题 CVE-2024-7714: AI Assistant with ChatGPT by AYS <= 2.0.9 - Unauthenticated AJAX Calls 漏洞描述 The plugin lacks sufficient access controls allowing an unauthenticated u...
2024年10月29日 03:10CVE-2024-23692: HTTP File Server Template_injection
漏洞标题 CVE-2024-23692: HTTP File Server Template_injection 漏洞描述 Rejetto HTTP文件服务器,直到并包括2.3m版本,都存在模板注入漏洞。此漏洞允许远程、未经认证的攻击者通过发送特制的...
2024年10月28日 16:19
