最新漏洞情报
- 2026-02-05博硕BGM Upload.ashx 任意文件上传漏洞
- 2026-02-05SolarWinds Web Help Desk 代码执行漏洞(CVE-2025-40536/CVE-2025-40551)
- 2026-02-05金和OA AjaxForDepartmentCollect.ashx SQL注入漏洞
- POC 2026-02-05CVE-2021-22017: vCenter Server - Improper Access Control
- POC 2026-02-05CVE-2023-35708: MOVEit Transfer - SQL Injection
- POC 2026-02-05CVE-2024-30490: ProfileGrid <= 5.7.8 - SQL Injection
- POC 2026-02-05CVE-2025-10353: Melis Technology Melis Platform - Unrestricted File Upload & Remote Code Execution
- 2026-02-04金和OA EpassInitTakenSnInva.aspx XXE漏洞
- 2026-02-04金和OA EpassValidate.aspx XXE漏洞
- POC 2026-02-04CVE-2022-31678: VMWare Cloud Foundation NSX-V - XML External Entity (XXE)
- POC 2026-02-04CVE-2024-37259: WP Extended < 3.0.0 - Stored Cross-Site Scripting
- POC 2026-02-04CVE-2024-6671: WhatsUp Gold GetStatisticalMonitorList SQL Injection - Authentication Bypass
- POC 2026-02-04CVE-2024-8911: LatePoint <= 5.0.11 - SQL Injection
- POC 2026-02-04CVE-2025-54068: Laravel Livewire v3 - Remote Command Execution
- POC 2026-02-04CVE-2026-22812: OpenCode < 1.0.216 - Unauthenticated Remote Code Execution
- POC 2026-02-04rustdesk-webclient-default-login: RustDesk Web Client - Default login
- 2026-02-04北京朗新天霁软件技术有限公司朗新天霁人力资源管理系统存在信息泄露漏洞
- 2026-02-04Yearning存在弱口令
- 2026-02-04杭州新中大科技股份有限公司netcallServer管理控制台存在未授权访问漏洞
- 2026-02-04指挥调度管理平台api/reportgis.php存在未授权SQL注入漏洞
- POC 2026-02-03用友U8Cloud openapi SQL注入漏洞
- 2026-02-03金和OA EpassInitTakenSnExec.aspx XXE漏洞
- POC 2026-02-03CVE-2019-13608: Citrix StoreFront Server - XML External Entity
- POC 2026-02-03CVE-2021-24139: 10Web Photo Gallery < 1.5.55 - SQL Injection
- POC 2026-02-03CVE-2021-24786: Download Monitor < 4.4.5 - SQL Injection
- POC 2026-02-03CVE-2021-41097: Aurelia-Path < 1.1.7 - Prototype Pollution
- POC 2026-02-03CVE-2022-28987: Zoho ManageEngine ADSelfService Plus 6121 - Username Enumeration
- POC 2026-02-03CVE-2024-43283: Contest Gallery - Broken Access Control
- POC 2026-02-03CVE-2024-5333: WordPress Events Calendar 6.8.2.1 - Information Disclosure
- POC 2026-02-03CVE-2024-6250: LOLLMS WebUI - Absolute Path Traversal
- POC 2026-02-03CVE-2025-24786: WhoDB < 0.45.0 - Path Traversal
- POC 2026-02-03CVE-2026-21877: n8n >= 0.123.0 and < 1.121.3 - Remote Code Execution
- POC 2026-02-03CVE-2026-24128: XWiki Platform Distribution Flavor Main - Cross-Site Scripting
- POC 2026-02-03gude-default-login: GUDE - Default Login
- POC 2026-02-03rails-admin-dashboard-exposure: RailsAdmin Dashboard Exposure
- POC 2026-02-03freshrss-fever-api: FreshRSS Fever API - Exposure
- POC 2026-02-03dockerrun-aws-json-exposure: AWS Elastic Beanstalk Dockerrun.aws.json - Exposure
- POC 2026-02-03craftcms-debug-exposure: CraftCMS Debug Methods Exposed
- POC 2026-02-03craftcms-install-exposure: Craft CMS Installation Wizard Exposure
- POC 2026-02-03wordpress-joinchat-fpd: WordPress Joinchat - Full Path Disclosure
- POC 2026-02-03wordpress-rocket-lazy-load-fpd: WordPress LazyLoad Plugin - Full Path Disclosure
- POC 2026-02-03wp-h5vp-fpd: WordPress H5VP Plugin - Full Path Disclosure
- POC 2026-02-03cisco-ucm-cluster-enum: Cisco Unified Communications Manager - Cluster Enumeration
- POC 2026-02-03confluence-xslt-macro-ssrf: Atlassian Confluence XSLT Macro - Server-Side Request Forgery
- 2026-02-03南大通用 gbase8s 存在弱口令漏洞
- 2026-02-03WhoDB < 0.45.0存在路径遍历漏洞(CVE-2025-24786)
- POC 2026-02-03飞牛fnOS 存在目录遍历漏洞
- 2026-02-03佛山市杜特软件科技有限公司网上订单系统存在弱口令
- 2026-02-03金和OA LstGroupXml.aspx XXE漏洞
- 2026-02-03Ceph分布式文件系统存在默认口令