最新漏洞情报
- 2026-02-03用友U8Cloud openapi SQL注入漏洞
- 2026-02-03金和OA EpassInitTakenSnExec.aspx XXE漏洞
- POC 2026-02-03CVE-2019-13608: Citrix StoreFront Server - XML External Entity
- POC 2026-02-03CVE-2021-24139: 10Web Photo Gallery < 1.5.55 - SQL Injection
- POC 2026-02-03CVE-2021-24786: Download Monitor < 4.4.5 - SQL Injection
- POC 2026-02-03CVE-2021-41097: Aurelia-Path < 1.1.7 - Prototype Pollution
- POC 2026-02-03CVE-2022-28987: Zoho ManageEngine ADSelfService Plus 6121 - Username Enumeration
- POC 2026-02-03CVE-2024-43283: Contest Gallery - Broken Access Control
- POC 2026-02-03CVE-2024-5333: WordPress Events Calendar 6.8.2.1 - Information Disclosure
- POC 2026-02-03CVE-2024-6250: LOLLMS WebUI - Absolute Path Traversal
- POC 2026-02-03CVE-2025-24786: WhoDB < 0.45.0 - Path Traversal
- POC 2026-02-03CVE-2026-21877: n8n >= 0.123.0 and < 1.121.3 - Remote Code Execution
- POC 2026-02-03CVE-2026-24128: XWiki Platform Distribution Flavor Main - Cross-Site Scripting
- POC 2026-02-03gude-default-login: GUDE - Default Login
- POC 2026-02-03rails-admin-dashboard-exposure: RailsAdmin Dashboard Exposure
- POC 2026-02-03freshrss-fever-api: FreshRSS Fever API - Exposure
- POC 2026-02-03dockerrun-aws-json-exposure: AWS Elastic Beanstalk Dockerrun.aws.json - Exposure
- POC 2026-02-03craftcms-debug-exposure: CraftCMS Debug Methods Exposed
- POC 2026-02-03craftcms-install-exposure: Craft CMS Installation Wizard Exposure
- POC 2026-02-03wordpress-joinchat-fpd: WordPress Joinchat - Full Path Disclosure
- POC 2026-02-03wordpress-rocket-lazy-load-fpd: WordPress LazyLoad Plugin - Full Path Disclosure
- POC 2026-02-03wp-h5vp-fpd: WordPress H5VP Plugin - Full Path Disclosure
- POC 2026-02-03cisco-ucm-cluster-enum: Cisco Unified Communications Manager - Cluster Enumeration
- POC 2026-02-03confluence-xslt-macro-ssrf: Atlassian Confluence XSLT Macro - Server-Side Request Forgery
- 2026-02-02用友U8 CRM changebgflag.php SQL注入漏洞
- 2026-02-02fnOS app-center-static 目录遍历漏洞
- 2026-01-30Expert Net Control 存在弱口令登录
- 2026-01-30泛微OA E-Cology /rest/ofs/ReceiveTodoRequestByXml XML 外部实体注入漏洞
- 2026-01-30Kaltura 视频平台 /html5/html5lib/v2.34/simplePhpXMLProxy.php 服务器端请求伪造漏洞
- 2026-01-30孚盟云 CRM /m/Dingding/Ajax/AjaxFormDefault.ashx SQL 注入漏洞
- 2026-01-30孚盟云 CRM /m/Dingding/Ajax/AjaxCustomerInfoAtion.ashx SQL 注入漏洞
- 2026-01-30孚盟云 CRM /m/Dingding/Ajax/AjaxMailList.ashx SQL 注入漏洞
- 2026-01-30孚盟云 CRM /m/Dingding/Ajax/AjaxMailInSend.ashx SQL 注入漏洞
- 2026-01-30孚盟云CRM /m/Dingding/Ajax/AjaxMailSetup.ashx SQL 注入漏洞
- 2026-01-30SCMS /download.jsp 目录遍历漏洞
- 2026-01-30东胜物流软件 /SeaiInfoLCL/SeaiFeeLCLGridSource.aspx SQL 注入漏洞
- 2026-01-30东胜物流软件 /Account/Chfee_payapplication/FileUpload 文件上传漏洞
- 2026-01-30深信服运维安全管理系统 /fort/trust/version/common/common.jsp 文件上传漏洞(CVE-2025-15503)
- 2026-01-30天锐绿盾审批系统 /trwfe/login.jsp/.%2e/rest/ext/mergeQuery 命令执行漏洞
- 2026-01-30悟空CRM /adminUser/queryUserList///;name=/v2/api-docs 权限绕过漏洞
- 2026-01-30ICTBroadcast /login.php 命令执行漏洞(CVE-2025-2611)
- 2026-01-30Monsta FTP /application/api/api.php 文件上传漏洞(CVE-2025-34299)
- 2026-01-30孚盟云CRM /m/Dingding/Ajax/AjaxReadMail.ashx SQL 注入漏洞
- 2026-01-30PandoraNext-TokensTool /api/selectSetting;login 权限绕过漏洞(CVE-2024-50641)
- 2026-01-30FOG Project /fog/service/getversion.php 文件读取漏洞(CVE-2026-24138)
- 2026-01-30Avid Nexis Agent / 目录遍历漏洞(CVE-2024-26293)
- 2026-01-30孚盟云CRM /m/Dingding/Ajax/AjaxProviderList.ashx SendMessage SQL 注入漏洞
- 2026-01-30金和OA CrmSystemSet XXE漏洞
- 2026-01-30金和OA Departments-XmlHttp XXE漏洞
- 2026-01-30金和OA dossier-XMLHttp XXE漏洞