T+ 漏洞列表
共找到 1000 个与 T+ 相关的漏洞
- 2026-01-14Apache Struts XWork组件 XML外部实体注入漏洞(CVE-2025-68493)
- 2026-01-09Cisco Any Router and Switch 默认口令漏洞
- 2026-01-09畅捷通-TPlus /tplus/ajaxpro/ASP_sm_setupaccount_versionupdate_selectbackupfileonserver_aspx App_Web_selectbackupfileonserver.aspx.1cbd2a00.ashx 目录遍历漏洞
- 2026-01-09Saturn /console/dashboard/domainCount SQL 注入漏洞
- 2026-01-09Saturn /console/dashboard/jobCount SQL 注入漏洞
- 2026-01-09Saturn /console/dashboard/executorCount SQL 注入漏洞
- POC 2026-01-09CVE-2024-24882: Masteriyo LMS <= 1.7.2 - Unauthenticated Privilege Escalation
- POC 2026-01-09CVE-2024-29138: WordPress Restrict User Access <= 2.5 - Cross-Site Scripting
- POC 2026-01-09CVE-2025-52691: SmarterMail - Unrestricted File Upload
- POC 2026-01-09CVE-2025-60188: Atarim < 4.2.2 - Sensitive Information Exposure
- POC 2026-01-09drupal-directory-listing: Drupal Directory Listing
- POC 2026-01-09wordpress-elementor-fpd: WordPress Elementor Page Builder - Full Path Disclosure
- POC 2026-01-09wp-jetpack-ssrf: Wordpress Jetpack plugin - Server Side Request Forgery
- 2026-01-09JeecgBoot积木报表getDataSourceByPage接口存在敏感信息泄露漏洞
- POC 2026-01-08CVE-2015-8350: WordPress Calls to Action <=2.4.3 - Authenticated Reflected XSS
- POC 2026-01-08CVE-2016-15043: WP Mobile Detector <= 3.5 - Unrestricted File Upload
- POC 2026-01-08CVE-2017-18580: WordPress Shortcodes Ultimate <= 5.0.0 - Authenticated Remote Code Execution
- POC 2026-01-08CVE-2018-10245: AWStats <= 7.5 - Full Path Disclosure
- POC 2026-01-08CVE-2019-11253: Kubernetes API Server - YAML Parsing DoS (Billion Laughs)
- POC 2026-01-08CVE-2019-5591: FortiOS - Insecure LDAP Configuration Detection
- POC 2026-01-08CVE-2019-9082: ThinkPHP < 3.2.4 - Remote Code Execution
- POC 2026-01-08CVE-2020-12832: WordPress Simple File List - Path Traversal
- POC 2026-01-08CVE-2020-13125: Ultimate Addons for Elementor <= 1.24.1 - Registration Bypass
- POC 2026-01-08CVE-2020-25200: Pritunl VPN Server 1.29.2145.25 - Username Enumeration
- POC 2026-01-08CVE-2021-22175: GitLab CI Lint API - Server-Side Request Forgery
- POC 2026-01-08CVE-2021-24681: Duplicate Page WordPress - Stored Cross-Site Scripting
- POC 2026-01-08CVE-2021-3007: Laminas Project laminas-http - Remote Code Execution
- POC 2026-01-08CVE-2021-33829: Drupal 7 CKEditor XSS
- POC 2026-01-08CVE-2022-0765: WordPress Loco Translate < 2.6.1 - Cross-Site Scripting
- POC 2026-01-08CVE-2022-0873: WordPress Gmedia Photo Gallery Plugin < 1.20.0 - Cross-Site Scripting
- POC 2026-01-08CVE-2022-1029: Limit Login Attempts - Stored Cross-Site Scripting
- POC 2026-01-08CVE-2022-27924: Zimbra Collaboration Suite - Memcached Command Injection
- POC 2026-01-08CVE-2022-34305: Apache Tomcat Examples Web Application - Cross-Site Scripting
- POC 2026-01-08CVE-2022-38130: KeySight RF - smsRestoreDatabaseZip UNC path to Remote Code Execution
- POC 2026-01-08CVE-2023-27351: PaperCut NG - Authentication Bypass
- POC 2026-01-08CVE-2023-27624: WordPress Redirect After Login <= 0.1.9 - Admin Stored XSS
- POC 2026-01-08CVE-2023-38952: ZKTeco BioTime <= 9.0.1 - Privilege Escalation
- POC 2026-01-08CVE-2023-6266: WordPress Backup Migration <= 1.3.6 - Path Traversal
- POC 2026-01-08CVE-2024-25608: Liferay Portal - Open Redirect
- POC 2026-01-08CVE-2024-28200: N-able N-central < 2024.2 - Authentication Bypass Detection
- POC 2026-01-08CVE-2024-2862: LG LED Assistant - Unauthenticated Password Reset
- POC 2026-01-08CVE-2024-2863: LG LED Assistant - Thumbnail Path Traversal File Upload
- POC 2026-01-08CVE-2024-30194: Sunshine Photo Cart <= 3.1.1 - Reflected Cross-Site Scripting
- POC 2026-01-08CVE-2024-33939: Masteriyo LMS <= 1.7.3 - Insecure Direct Object Reference
- POC 2026-01-08CVE-2024-43971: Sunshine Photo Cart <= 3.2.5 - Reflected Cross-Site Scripting
- POC 2026-01-08CVE-2024-4455: YITH WooCommerce Ajax Search <= 2.4.0 - Cross-Site Scripting
- POC 2026-01-08CVE-2024-5057: WordPress Easy Digital Downloads <= 3.2.12 - SQL Injection
- POC 2026-01-08CVE-2024-6753: Social Auto Poster <= 5.3.14 - Stored Cross-Site Scripting
- POC 2026-01-08CVE-2025-12139: Integrate Google Drive <= 1.5.3 - Information Disclosure
- POC 2026-01-08CVE-2025-13486: Advanced Custom Fields Extended < 0.9.2 - Remote Code Execution
- POC 2026-01-08CVE-2025-14611: Gladinet CentreStack & Triofox - Hardcoded Credentials
- POC 2026-01-08CVE-2025-52970: Fortinet FortiWeb - Authentication Bypass to Admin Privilege
- POC 2026-01-08CVE-2025-55184: React Server Components - Denial of Service
- POC 2026-01-08CVE-2025-56819: Datart v1.0.0-rc.3 - Remote Code Execution
- POC 2026-01-08CVE-2025-62522: Vite - Information Disclosure
- POC 2026-01-08CVE-2025-68645: Zimbra Collaboration - Local File Inclusion
- POC 2026-01-08CVE-2025-8848: LibreChat <= 0.7.9 - HTML Injection via Accept-Language Header
- POC 2026-01-08CVE-2025-9808: The Events Calendar <= 6.15.2 - Information Disclosure
- POC 2026-01-08ambassador-api-diagnostics-exposure: Ambassador API Gateway Diagnostics - Exposure
- POC 2026-01-08codekit-config-exposure: CodeKit Configuration Exposure
- POC 2026-01-08exposed-gitmodules: .gitmodules File Exposed
- POC 2026-01-08glimpse-data-exposure: Glimpse Diagnostics - Sensitive Data Exposure
- POC 2026-01-08grafana-metrics-exposure: Grafana Metrics Endpoint - Information Disclosure
- POC 2026-01-08jfrog-artifactory-build-exposure: JFrog Artifactory Build - Exposure
- POC 2026-01-08python-setup-config: Python Setup Configuration - Exposure
- POC 2026-01-08smtp-credentials-exposure: SMTP Credentials Exposure - Detection
- POC 2026-01-08postgres-credentials-exposure: PostgreSQL Credentials - Exposure
- POC 2026-01-08python-history-disclosure: Python History File Disclosure
- POC 2026-01-08python-requirements-disclosure: Python Requirements File Disclosure
- POC 2026-01-08rails-history-exposure: Rails/Ruby Console History - Exposure
- POC 2026-01-08wp-w3-total-cache-exposure: WordPress W3 Total Cache - Cache Files Exposure
- POC 2026-01-08wp-newsletter-log-exposure: WordPress Newsletter - Log File Exposure
- POC 2026-01-08wp-pretty-link-log-disclosure: WordPress Pretty Link - Error Log Disclosure
- POC 2026-01-08apache-mod-negotiation-listing: Apache mod_negotiation - Pseudo Directory Listing
- POC 2026-01-08bitrix-fpd: Bitrix Path Disclosure
- POC 2026-01-08gcs-bucket-listing: Google Cloud Storage - Public Bucket Listing
- POC 2026-01-08roundcube-installer-exposure: Roundcube Webmail Installer - Exposure
- POC 2026-01-08jetty-directory-listing: Eclipse Jetty - Directory Listing Enabled
- POC 2026-01-08vscode-slnx-sqlite-disclosure: Visual Studio Code - Slnx.SQLite File Disclosure
- POC 2026-01-08nextgen-gallery-pro-error-log: WordPress NextGEN Gallery Pro - Error Log Disclosure
- POC 2026-01-08wordpress-imsanity-fpd: WordPress Plugin Imsanity - Full Path Disclosure
- POC 2026-01-08wordpress-storefront-fpd: WordPress Storefront Theme - Full Path Disclosure
- POC 2026-01-08wordpress-twentynineteen-fpd: WordPress Twenty Nineteen - Full Path Disclosure
- POC 2026-01-08wp-add-to-any-fpd: WordPress AddToAny Share Buttons Plugin - Full Path Disclosure
- POC 2026-01-08wp-astra-sites-fpd: WordPress Astra Sites - Full Path Disclosure
- POC 2026-01-08wp-image-widget-fpd: Image Widget - Full Path Disclosure
- POC 2026-01-08wp-iwp-client-fpd: WordPress Plugin InfiniteWP Client - Full Path Disclosure
- POC 2026-01-08wp-maintenance-mode-fpd: WordPress WP Maintenance Mode - Full Path Disclosure
- POC 2026-01-08wp-migrate-db-fpd: WordPress WP Migrate DB - Full Path Disclosure
- POC 2026-01-08wp-pretty-links-fpd: WordPress Pretty Links - Full Path Disclosure
- POC 2026-01-08wp-rank-math-seo-fpd: WordPress SEO Plugin Rank Math - Full Path Disclosure
- POC 2026-01-08wp-simple-301-redirects-fpd: Simple 301 Redirects - Full Path Disclosure
- POC 2026-01-08wp-smushit-fpd: WP Smushit - Full Path Disclosure
- POC 2026-01-08wp-svg-support-fpd: WordPress SVG Support - Full Path Disclosure
- POC 2026-01-08wp-table-of-contents-plus-fpd: WordPress Table of Contents Plus - Full Path Disclosure
- POC 2026-01-08wp-the-events-calendar-fpd: WordPress The Events Calendar - Full Path Disclosure
- POC 2026-01-08wp-toc-plus-fpd: WordPress Plugin Table of Contents Plus - Full Path Disclosure
- POC 2026-01-08wp-wp-mail-smtp-fpd: WordPress WP Mail SMTP - Full Path Disclosure
- POC 2026-01-08wp-yith-woocommerce-wishlist-fpd: WordPress YITH WooCommerce Wishlist - Full Path Disclosure
- POC 2026-01-08wp-yoast-seo-fpd: WordPress Yoast SEO - Full Path Disclosure
- POC 2026-01-08acme-challenge-path-xss: ACME Challenge Path - Reflected Cross-Site Scripting
- POC 2026-01-08cross-site-tracing-xss: Cross Site Tracing - Cross-Site Scripting
- POC 2026-01-08magento-downloader-fpd: Magento Downloader - Full Path Disclosure
- POC 2026-01-08jetpack-stored-xss: Jetpack < 6.5 - Stored Cross-Site Scripting
- POC 2026-01-08wordpress-meta-box-fpd: WordPress Meta Box - Full Path Disclosure
- POC 2026-01-08wp-admin-menu-editor-fpd: Admin Menu Editor - Full Path Disclosure
- POC 2026-01-08wp-all-in-one-wp-security-and-firewall-fpd: All In One WP Security & Firewall - Full Path Disclosure
- POC 2026-01-08wp-astra-fpd: WordPress Astra - Full Path Disclosure
- POC 2026-01-08wp-better-wp-security-fpd: WordPress Plugin iThemes Security - Full Path Disclosure
- POC 2026-01-08wp-better-wp-security-login-disclosure: WordPress Solid Security < 9.0.1 - Unauthenticated Login Page Disclosure
- POC 2026-01-08wp-contact-form-7-fpd: WordPress Contact Form 7 - Full Path Disclosure
- POC 2026-01-08wp-contact-form-fpd: WordPress Contact Form - Full Path Disclosure
- POC 2026-01-08wp-custom-post-type-ui-fpd: WordPress Custom Post Type UI - Full Path Disclosure
- POC 2026-01-08wp-duplicate-post-fpd: Duplicate Post - Full Path Disclosure
- POC 2026-01-08wp-duracelltomi-google-tag-manager-fpd: WordPress Plugin Google Tag Manager - Full Path Disclosure
- POC 2026-01-08wp-googlecaptcha-fpd: WordPress Plugin reCaptcha by BestWebSoft (google-captcha) - Full Path Disclosure
- POC 2026-01-08wp-instagram-feed-xss: Instagram Feed < 1.6 - Cross-Site Scripting
- POC 2026-01-08wp-intuitive-custom-post-order-fpd: WordPress Plugin Intuitive Custom Post Order - Full Path Disclosure
- POC 2026-01-08wp-jetpack-fpd: JetPack - Full Path Disclosure
- POC 2026-01-08wp-newsletter-fpd: WordPress Plugin Newsletter - Full Path Disclosure
- POC 2026-01-08wp-simple-custom-css-fpd: WordPress Simple Custom CSS Plugin - Full Path Disclosure
- POC 2026-01-08wp-ssl-insecure-content-fixer-fpd: WordPress Plugin SSL Insecure Content Fixer - Full Path Disclosure
- POC 2026-01-08wp-user-role-editor-fpd: User Role Editor - Full Path Disclosure
- POC 2026-01-08wp-widget-logic-fpd: WordPress Widget Logic - Full Path Disclosure
- 2026-01-07帆软报表 export/excel 存在SQL注入漏洞
- 2026-01-06易宝OA-StockTake/IsPartNumber-存在SQL注入漏洞
- 2026-01-06金和OA QuickMatch.aspx 存在XML注入漏洞
- 2026-01-05帆软报表后台默认口令漏洞
- 2026-01-05Smartadmin 简致微信管理系统默认口令漏洞
- 2026-01-05WordPress Time Clock 插件 /wp-admin/admin-ajax.php 代码执行漏洞 (CVE-2024-9593)
- 2026-01-05FileGator / 默认口令漏洞
- 2026-01-05Yealink T53 Phone /api/auth/login 默认口令漏洞
- 2025-12-31Tinycontrol LAN Controller 安全漏洞
- 2025-12-31Ateme Flamingo XL 安全漏洞
- 2025-12-31JM-DATA ONU JF511-TV 安全漏洞
- 2025-12-31Ksenia Security Lares 4.0 Home Automation 安全漏洞
- 2025-12-31JM-DATA ONU JF511-TV 跨站请求伪造漏洞
- 2025-12-31ETAP Safety Manager 跨站脚本漏洞
- 2025-12-31JM-DATA ONU JF511-TV 跨站脚本漏洞
- 2025-12-31Zimbra Collaboration 存在本地文件包含漏洞(CVE-2025-68645)
- POC 2025-12-30Zimbra Collaboration Suite /h javax.servlet.include.path_info 文件包含漏洞(CVE-2025-68645)
- 2025-12-30Tenda CH22 安全漏洞
- 2025-12-30SohuTV CacheCloud 跨站脚本漏洞 (CVE-2025-15221)
- 2025-12-30Code-Projects Refugee Food Management System SQL注入漏洞
- 2025-12-30CampCodes Supplier Management System SQL注入漏洞
- 2025-12-30Code-Projects College Notes Uploading System SQL注入漏洞
- 2025-12-30Code-Projects Assessment Management SQL注入漏洞
- 2025-12-29Tenda WH450 安全漏洞
- 2025-12-29PbootCMS 安全漏洞
- 2025-12-29PX4 Autopilot栈溢出漏洞(CVE-2025-15150)
- 2025-12-29Tenda WH450栈溢出漏洞(CVE-2025-15178)
- 2025-12-29Tenda WH450 缓冲区溢出漏洞(CVE-2025-15164)
- 2025-12-29itsourcecode在线蛋糕系统SQL注入漏洞(CVE-2025-15166)
- 2025-12-26UTT 512W 安全漏洞
- 2025-12-26TOZED ZLT M30S 访问控制错误漏洞
- 2025-12-26UTT进取512W strcpy漏洞(CVE-2025-15092)
- 2025-12-26深圳市易宇通科技有限公司kingtrans物流管理系统ClientInfo serialids参数存在SQL注入漏洞
- 2025-12-26深圳市易宇通科技有限公司kingtrans物流管理系统CUesrRegister userid参数存在SQL注入漏洞
- 2025-12-26深圳市易宇通科技有限公司kingtrans物流管理系统WeChatServlet clientid参数存在SQL注入漏洞
- 2025-12-25Tenda CH22 路径遍历漏洞(CVE-2025-15076)
- 2025-12-25itsourcecode学生管理系统SQL注入漏洞(CVE-2025-15077)
- 2025-12-25itsourcecode Online Frozen Foods Ordering System SQL注入漏洞
- 2025-12-25Verisay Titarus 跨站脚本漏洞
- 2025-12-22(CVE-2025-15008)Tenda WH450 1.0.0.18 HTTP请求处理组件堆栈缓冲区溢出漏洞
- 2025-12-22(CVE-2025-15011)Simple Stock System 1.0 logout.php SQL注入漏洞
- 2025-12-22(CVE-2025-15006)Tenda WH450 1.0.0.18 HTTP请求处理器栈缓冲区溢出漏洞
- 2025-12-22(CVE-2025-15005)CouchCMS reCAPTCHA组件硬编码加密密钥漏洞
- 2025-12-20Angeljudesuarez Student_management_system注入漏洞(CVE-2025-14967)
- 2025-12-19TraggoServer /graphql 默认口令漏洞
- 2025-12-19ERPNext /api/method/erpnext.crm.doctype.contract_template.contract_template.get_contract_template SQL 注入漏洞(CVE-2025-66435)
- 2025-12-19ERPNext /api/method/erpnext.accounts.doctype.dunning.dunning.get_dunning_letter_text SQL 注入漏洞(CVE-2025-66434)
- 2025-12-19Fortinet FortiOS等 签名验证不当漏洞
- 2025-12-19Codeastro Real_estate_management_system注入漏洞(CVE-2025-14899)
- 2025-12-19Codeastro Real_estate_management_system注入漏洞(CVE-2025-14897)
- 2025-12-19Campcodes Advanced_voting_management_system不正确的权限分配漏洞(CVE-2025-14889)
- 2025-12-18Carmelo Simple_stock_system注入漏洞(CVE-2025-14834)
- POC 2025-12-17帆软报表 export/excel SQL 注入漏洞
- 2025-12-16(CVE-2023-53891)Blackcat CMS 1.4存储型跨站脚本漏洞
- 2025-12-16(CVE-2023-53892)Blackcat CMS 1.4远程代码执行漏洞
- 2025-12-16(CVE-2023-53885)Webutler v3.2 PHAR文件远程代码执行漏洞
- 2025-12-16(CVE-2023-53886)Xlight FTP Server 3.9.3.6 "Execute Program"配置栈缓冲区溢出漏洞
- 2025-12-16(CVE-2023-53884)Webedition CMS v2.9.8.8 存储型跨站脚本漏洞
- 2025-12-16(CVE-2023-53882) JLex GuestBook 1.6.4 反射型跨站脚本漏洞
- 2025-12-16(CVE-2023-53883)Webedition CMS 远程代码执行漏洞
- 2025-12-16(CVE-2023-53878)Member Login Script 3.3客户端去同步漏洞
- 2025-12-16(CVE-2023-53879)NVClient 5.0用户配置联系人字段栈溢出漏洞导致拒绝服务
- 2025-12-16(CVE-2023-53869)WEBIGniter 28.7.23文件上传漏洞允许远程代码执行
- 2025-12-16Netty Netty CRLF注入漏洞
- 2025-12-16帆软报表存在未授权访问漏洞
- POC 2025-12-12CVE-2019-14950: WP Live Chat Support <= 8.0.27 — Stored Cross-Site Scripting
- POC 2025-12-12CVE-2019-4061: IBM BigFix Platform - Information Disclosure
- POC 2025-12-12CVE-2020-26836: SAP Solution Manager - Open Redirect
- POC 2025-12-12CVE-2021-4073: RegistrationMagic <= 5.0.1.7 - Authentication Bypass
- POC 2025-12-12CVE-2023-23897: Ozette Plugins - Cross-Site Request Forgery
- POC 2025-12-12CVE-2023-3388: Beautiful Cookie Consent Banner < 2.10.2 - Cross-Site Scripting
- POC 2025-12-12CVE-2023-37999: HT Mega – Absolute Addons for Elementor <= 2.2.0 - Missing Authorization to Privilege Escalation
- POC 2025-12-12CVE-2023-40211: Post Grid <= 2.2.50 - Information Exposure via REST API
- POC 2025-12-12CVE-2023-45038: QNAP Music Station < 5.4.0 - Authentication Bypass
- POC 2025-12-12CVE-2024-28253: OpenMetaData - SpEL Injection in PUT /api/v1/policies
- POC 2025-12-12CVE-2024-31223: Fides Privacy Center ≤ 2.39.1 - Server-Side URL Disclosure
- POC 2025-12-12CVE-2024-39646: WordPress Custom 404 Pro <= 3.11.1 - Reflected XSS
- POC 2025-12-12CVE-2024-47374: LiteSpeed Cache <= 6.5.0.2 - Stored XSS
- POC 2025-12-12CVE-2024-6220: WordPress Keydatas ≤ 2.5.2 - Arbitrary File Upload
- POC 2025-12-12CVE-2025-34299: Monsta FTP <= 2.11.2 - Unauthenticated Remote Code Execution
- POC 2025-12-12CVE-2025-47445: WordPress Eventin (Themewinter) ≤ 4.0.26 - Arbitrary File Download
- POC 2025-12-12CVE-2025-5301: ONLYOFFICE Docs (DocumentServer) - Reflected Cross-Site Scripting
- POC 2025-12-12CVE-2025-55182: React Server Components - Remote Code Execution
- POC 2025-12-12bitrix-log-file-disclosure: Bitrix Site Manager - Log File Disclosure
- POC 2025-12-12wp-easy-google-fonts-log-disclosure: WordPress Easy Google Fonts - Error Log Disclosure
- POC 2025-12-12wp-importer-log-disclosure: WordPress Importer - Error Log Disclosure
- POC 2025-12-12buildpath-file-disclosure: .buildpath - File Disclosure
- POC 2025-12-12eslint-ignore-exposure: Eslint Ignore File Exposure
- POC 2025-12-12metabase-installer-exposure: Metabase Installer - Exposure
- POC 2025-12-12jfrog-artifactory-exposure: JFrog Artifactory Artifacts Exposure
- POC 2025-12-12nexus-repository-anonymous-access: Nexus Repository Manager - Anonymous Access Enabled
- POC 2025-12-12unauth-munin: Munin Monitoring Dashboard - Exposure
- POC 2025-12-12x-backend-server-header-detect: X-Backend-Server Header - Exposure
- POC 2025-12-12sharepoint-lists-api-disclosure: Microsoft SharePoint - List API Disclosure
- 2025-12-12mJobtime /Default.aspx/update_profile_Server 命令执行漏洞(CVE-2025-51683)
- 2025-12-12(CVE-2025-14611)Gladinet CentreStack和Triofox AES加密硬编码漏洞导致任意文件包含及安全降级
- 2025-12-12vulhub httpd apache 解析漏洞
- 2025-12-08Linux ABRT 需授权 命令注入漏洞 可导致权限提升
- 2025-12-05Next.js 代码执行漏洞
- POC 2025-12-05朗新sTalent api/Report/SaveNewReport 文件上传漏洞
- 2025-12-05Astro Web Framework Cloudflare /_image 服务器端请求伪造漏洞(CVE-2025-58179)
- 2025-12-05ZKTeco ZKBio CVSecurity /app/v1/photoBase64 目录遍历漏洞(CVE-2024-35431)
- 2025-12-05Twonky Server /nmc/rpc/log_getfile 信息泄露漏洞(CVE-2025-13315)
- 2025-12-05motionEye /login/ 默认口令漏洞
- POC 2025-12-04React Server Components 远程代码执行漏洞(CVE-2025-55182)
- 2025-12-04Apache Struts2 资源释放不当漏洞
- 2025-12-03XWiki Platform 文件读取漏洞(CVE-2025-55749)
- POC 2025-12-02CVE-2017-5983: JIRA Workflow Designer Plugin in Atlassian JIRA Server > 6.3.0 - Remote Code Execution (XXE)
- POC 2025-12-02CVE-2020-11732: Media Library Assistant < 2.82 - Unauthenticated Limited Local File Inclusion
- POC 2025-12-02CVE-2021-36888: WordPress Image Hover Ultimate - Unauthenticated Settings Update
- POC 2025-12-02CVE-2021-4462: Employee Records System 1.0 - Unauthenticated File Upload RCE
- POC 2025-12-02CVE-2022-28666: Custom Product Tabs for WooCommerce < 1.7.8 - Unauthenticated Toggle Content Setting Update
- POC 2025-12-02CVE-2022-31101: Prestashop Blockwishlist 2.1.0 SQL Injection
- POC 2025-12-02CVE-2022-34487: ShortCode Addons - Unauthenticated Options Update
- POC 2025-12-02CVE-2023-2734: MStore API <= 3.9.1 - Authentication Bypass
- POC 2025-12-02CVE-2023-30869: Easy Digital Downloads - Privilege Escalation
- POC 2025-12-02CVE-2023-3277: MStore API <= 4.10.7 - Unauthorized Account Access and Privilege Escalation
- POC 2025-12-02CVE-2023-38875: PHP Login System 2.0.1 - Cross-Site Scripting
- POC 2025-12-02CVE-2024-47308: Templately <= 3.1.2 - Broken Access Control
- POC 2025-12-02CVE-2024-9161: Rank Math SEO < 1.0.229 - Unauthenticated User and Term Metadata Insert/Update/Deletion
- POC 2025-12-02CVE-2025-10204: AC Smart II - Authentication Bypass
- POC 2025-12-02CVE-2025-11833: Post SMTP <= 3.6.0 - Email Log Disclosure
- POC 2025-12-02CVE-2025-13315: Twonky Server 8.5.2 on Linux and Windows - Log File Exposure
- POC 2025-12-02CVE-2025-51586: PrestaShop - Information Disclosure
- POC 2025-12-02CVE-2025-64525: Astro - Broken Access Control
- POC 2025-12-02CVE-2025-64764: Astro - Reflected XSS via server islands feature
- POC 2025-12-02traggo-default-login: Traggo - Default Login
- POC 2025-12-02blackbox-exporter-exposure: Blackbox Exporter - Exposure
- POC 2025-12-02cluster-trino-admin-login: Cluster Overview Trino - Admin Login
- POC 2025-12-02memtracker-exposure: MemTracker - Exposure
- POC 2025-12-02sharepoint-layouts-disclosure: Microsoft SharePoint - Layouts Disclosure
- POC 2025-12-02sharepoint-masterpage-disclosure: Microsoft SharePoint - Master Page Disclosure
- POC 2025-12-02sharepoint-site-metadata-disclosure: Microsoft SharePoint - Site Metadata Disclosure
- POC 2025-12-02sharepoint-sitepages-disclosure: Microsoft SharePoint - Site Pages Disclosure
- POC 2025-12-02postgresql-cluster-config: PostgreSQL Cluster - Configuration
- POC 2025-12-02postrest-api-exposure: PostgREST API Server - Exposure
- POC 2025-12-02unauth-kafka-config-editor: Kafka Config Editor - Unauthenticated Access
- POC 2025-12-02unauth-qdrantui: Qdrant UI - Unauthenticated Access
- POC 2025-12-02unauth-supervisor-dashboard: Unauth Supervisor Dashboard - Detect
- POC 2025-12-02weak-csp-detect: Weak Content Security Policy - Detect
- POC 2025-12-02wp-twenty-theme-fpd: WordPress Twenty Seventeen - Full Path Disclosure
- POC 2025-12-02wp-twentysixteen-fpd: WordPress Twenty Sixteen - Full Path Disclosure
- POC 2025-12-02functions-php-disclosure: functions.php Full Path Disclosure
- 2025-12-02OpenPrinting CUPS get_addr_and_mask 拒绝服务漏洞
- 2025-12-01AstrBot 存在上传插件RCE漏洞(CVE-2025-55449)
- 2025-12-01(CVE-2025-13791)Scada-LTS Project Import组件Common.getHomeDir文件路径遍历漏洞
- 2025-11-30(CVE-2025-13788)Chanjet CRM /tools/upgradeattribute.php gblOrgID参数SQL注入漏洞
- 2025-11-30(CVE-2025-13786) taosir WTCMS代码注入漏洞
- 2025-11-30(CVE-2025-13790)Scada-LTS 2.7.8.1跨站请求伪造漏洞
- 2025-11-28Wifi-soft UniBox /authentication/logout.php 命令执行漏洞 (CVE-2025-6102)
- 2025-11-28ZTE ZXHN-F660T和ZXHN-F660A /getpage.gch 默认口令漏洞(CVE-2025-53558)
- 2025-11-28Dataiku DSS /dip/api/login 默认口令漏洞
- 2025-11-28Centreon Web /centreon/api/latest/authentication/providers/configurations/local 默认口令漏洞
- 2025-11-28Vite /.env/. 目录遍历漏洞(CVE-2025-46565)
- POC 2025-11-28华天动力协同办公系统travelAjax存在SQL注入漏洞
- 2025-11-28(CVE-2025-12421) Mattermost账户接管漏洞
- 2025-11-28(CVE-2025-12559)Mattermost团队电子邮件地址信息泄露漏洞
- 2025-11-28(CVE-2025-13765)Devolutions Server邮件服务凭据泄露漏洞
- 2025-11-28(CVE-2025-13757) Devotions Server最后一次使用日志SQL注入漏洞
- 2025-11-28Devolutions Server 安全漏洞
- 2025-11-27(CVE-2025-10476) WP Fastest Cache插件权限验证漏洞
- 2025-11-27(CVE-2025-12758)validator包isLength函数Unicode变化符处理不当导致字符串长度计算错误漏洞
- 2025-11-27Twonky Server 凭证管理不当漏洞
- 2025-11-27Md-To-Pdf 未授权 代码注入漏洞
- 2025-11-26东方通 TongWeb /ejbserver/ejb 代码执行漏洞
- 2025-11-26重庆中联信息产业有限责任公司-中联Web服务托管工具接口文档管理 ExecuteQuery 存在SQL注入
- 2025-11-26上海汉傲电信科技有限公司 SmartDesk 存在文件上传
- 2025-11-25Anthropic Claude Code 命令注入漏洞
- 2025-11-24Oracle Identity Manager /iam/governance/applicationmanagement/api/v1/applications/groovyscriptstatus;.wadl 命令执行漏洞(CVE-2025-61757)
- 2025-11-24建文工程项目管理软件 ProjectMap 存在SQL 注入漏洞
- 2025-11-24Oracle Identity Manager 访问控制不当漏洞
- 2025-11-21TVT 数码科技 NVMS-1000 / 文件读取漏洞
- 2025-11-21KINGOSOFT高校智慧校园教学综合服务平台 /jw/lessonchangeapply/jwComFileDownload.action 文件读取漏洞
- 2025-11-21N-central /dms/services/ServerMMS XML 外部实体注入漏洞(CVE-2025-11700)
- 2025-11-21Tplay-cms /admin/common/upload 文件上传漏洞
- 2025-11-21Fortinet FortiWeb /api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi 权限绕过漏洞(CVE-2025-64446/CVE-2025-58034)
- POC 2025-11-21CVE-2018-13317: TOTOLINK A3002RU 1.0.8 - Information Disclosure
- POC 2025-11-21CVE-2019-19822: TOTOLINK/Realtek Routers - Information Disclosure
- POC 2025-11-21CVE-2019-19823: TOTOLINK/Realtek Routers - Information Disclosure
- POC 2025-11-21CVE-2019-19825: TOTOLINK/Realtek Routers - CAPTCHA Bypass
- POC 2025-11-21CVE-2021-34427: Eclipse BIRT Viewer - Remote Code Execution
- POC 2025-11-21CVE-2025-11700: N-central - XML External Entities Injection
- POC 2025-11-21CVE-2025-49706: Microsoft SharePoint Server - Authentication Bypass
- POC 2025-11-21CVE-2025-55523: Agent-Zero 0.8.0 - 0.9.4 - Arbitrary File Download
- POC 2025-11-21CVE-2025-61757: Oracle Identity Manager REST WebServices - Authentication Bypass
- POC 2025-11-21CVE-2025-9316: N-central - Authentication Bypass
- POC 2025-11-21vtigercrm-default-login: Vtiger CRM - Default Login
- POC 2025-11-21vtigercrm-exposed-directory: Vtiger CRM - Exposed Directory
- POC 2025-11-21wp-security-hidden-login-exposure: WordPress All-in-One Security <=4.4.1 - Hidden Login Page Exposure
- 2025-11-20AstrBot 存在未授权访问漏洞
- 2025-11-20(CVE-2025-64764) Astro服务器岛功能反射型XSS漏洞
- 2025-11-19TPshop后台 弱口令漏洞
- 2025-11-19Fortinet FortiWeb 需授权 命令注入漏洞
- 2025-11-19OAuth2-Proxy 需授权 中和不当漏洞
- 2025-11-18AstrBot /api/plugin/install-upload 命令执行漏洞(CVE-2025-55449)
- POC 2025-11-18CVE-2025-64446: FortiWeb - Authentication Bypass
- 2025-11-17Fortinet FortiWeb /api/v2.0/cmdb/system/admin%3f/../../../../../cgi-bin/fwbcgi 权限绕过漏洞(CVE-2025-64446)
- 2025-11-17Fortiweb 存在路径穿越漏洞(CVE-2025-64446)
- 2025-11-17AstrBot 身份验证缺陷 可导致远程代码执行
- 2025-11-15(CVE-2025-4617)Palo Alto Networks Prisma Browser截图控制绕过漏洞
- 2025-11-15(CVE-2025-4618)Palo Alto Networks Prisma Browser敏感信息泄露漏洞
- POC 2025-11-15Fortinet FortiWeb 未授权身份验证绕过漏洞(CVE-2025-64446)
- POC 2025-11-14CVE-2021-4374: WordPress Automatic Plugin - Unauthenticated Options Change
- POC 2025-11-14CVE-2024-8852: All-in-One WP Migration < 7.87 - Unauthenticated Information Disclosure
- POC 2025-11-14erpnext-default-login: ERPNext - Default Login
- 2025-11-14Windows PolicyConfiguration 计划任务特权提升漏洞(CVE-2025-60710)
- 2025-11-14NetMizer 日志管理系统 /data/chart/hostdelay.php 命令执行漏洞
- 2025-11-14DbGate /runners/load-reader 文件读取漏洞(CVE-2025-50185)
- 2025-11-14DbGate /uploads/get 目录遍历漏洞(CVE-2025-50184)
- 2025-11-14School Fees Payment System /student.php SQL 注入漏洞(CVE-2025-6403)
- 2025-11-14TDuck /login/account 默认口令漏洞
- 2025-11-14Agent-Zero /download_work_dir_file 文件读取漏洞(CVE-2025-55523)
- 2025-11-14MapTiler-Tileserver-php /tileserver.php/x/1/1/1 目录遍历漏洞(CVE-2025-44137)
- 2025-11-14东方通 TongWeb 应用服务器 ejbserver 远程代码执行漏洞
- 2025-11-13(CVE-2025-11700) N-central XML外部实体注入信息泄露漏洞
- 2025-11-13东方通 TongWeb EJB 未授权 反序列化漏洞
- POC 2025-11-12CVE-2025-12480: Triofox - Improper Access Control
- POC 2025-11-11CVE-2024-50857: GestioIP - Reflected Cross-Site Scripting
- POC 2025-11-11CVE-2025-31486: Vite server.fs.deny Bypass - Local File Inclusion
- POC 2025-11-11cl-te-http-smuggling: Basic CL.TE - HTTP request smuggling
- POC 2025-11-11te-cl-http-smuggling: Basic TE.CL - HTTP Request Smuggling
- 2025-11-11(CVE-2025-12101)NetScaler ADC和Gateway配置为网关或AAA虚拟服务器时的跨站脚本漏洞
- 2025-11-11(CVE-2021-4462)Employee Records System 1.0任意文件上传漏洞
- 2025-11-10(CVE-2025-12480)Triofox初始设置页面访问控制漏洞
- POC 2025-11-07CVE-2024-0799: Arcserve Unified Data Protection - Authentication Bypass
- POC 2025-11-07CVE-2024-0801: Arcserve Unified Data Protection - Unauthenticated DoS in ASNative.dll
- POC 2025-11-07CVE-2024-28623: RiteCMS 3.0.0 - Cross-site Scripting
- POC 2025-11-07CVE-2025-1302: JSONPath Plus < 10.3.0 - Remote Code Execution
- POC 2025-11-07CVE-2025-32429: XWiki Platform - SQL Injection
- POC 2025-11-07CVE-2025-44136: MapTiler Tileserver-php v2.0 - Unauthenticated XSS
- POC 2025-11-07CVE-2025-44137: MapTiler Tileserver-php v2.0 - Unauthenticated File Read
- POC 2025-11-07CVE-2025-51482: Letta Letta 0.7.12 - Remote Code Execution
- POC 2025-11-07CVE-2025-58443: FOGProject <= 1.5.10.1673 - Authentication Bypass
- POC 2025-11-07CVE-2025-6403: Code-Projects School Fees Payment System 1.0 - SQL Injection
- POC 2025-11-07CVE-2025-9985: Featured Image from URL (FIFU) <= 5.2.7 - Unauthenticated Information Exposure via Log File
- POC 2025-11-07bentoml-ssrf: Bentoml - Server Side Request Forgery
- POC 2025-11-07xss-uri-reflected: Reflected XSS
- 2025-11-07TDuck /user/form/data/download/file SQL 注入漏洞(CVE-2025-57631)
- 2025-11-07TDuck /user/form/data/query SQL 注入漏洞(CVE-2023-51805)
- 2025-11-07WordPress Events Manager /wp-admin/admin-ajax.php SQL 注入漏洞(CVE-2025-6970)
- 2025-11-07Tautulli /image/images 目录遍历漏洞(CVE-2025-58760)
- 2025-11-07DataEase /de2api/datasource/validate 命令执行漏洞(CVE-2025-62420)
- 2025-11-07AbanteCart /index.php template 目录遍历漏洞(CVE-2025-50971)
- 2025-11-06WatchGuard Fireware OS 越界写入漏洞 可导致远程代码执行
- 2025-11-05Control Web Panel CWP 未授权 命令注入漏洞
- 2025-11-04飞致云 Dataease 需授权 代码注入漏洞
- 2025-11-04飞致云 Dataease 需授权 服务器端请求伪造(SSRF)漏洞
- 2025-11-04Facebook React Native CLI 未授权 命令注入漏洞
- 2025-11-04Elastic Cloud Enterprise 访问控制不当漏洞 可导致权限提升
- 2025-11-03XWiki Platform /bin/register/XWiki/XWikiRegister 代码执行漏洞(CVE-2024-21650)
- 2025-11-03CCU-Historian /query/jsonrpc.gy 命令执行漏洞
- 2025-11-03Progress Chef Automate /api/v0/compliance/profiles/search SQL 注入漏洞(CVE-2025-8868)
- 2025-11-03AbanteCart /index.php tmpl_id SQL 注入漏洞(CVE-2025-50972)
- 2025-11-03Optilink 管理系统 /cgi/fsystem/gene.php 命令执行漏洞
- 2025-11-03PrestaShop tshirtecommerce /tshirtecommerce/fonts.php 目录遍历漏洞(CVE-2023-27640)
- 2025-11-03HJSoft HCM Human Resources Management System /selfservice/lawresource/downlawbase SQL 注入漏洞(CVE-2025-10197)
- 2025-11-03Trinity Audio /wp-content/plugins/trinity-audio/admin/inc/phpinfo.php 信息泄露漏洞(CVE-2025-9196)
- 2025-11-03Tautulli /real_pms_image_proxy 目录遍历漏洞(CVE-2025-58761)
- 2025-11-03XWiki Platform /bin/ssx/Main/WebHome 目录遍历漏洞(CVE-2025-55748)
- 2025-11-03Gladinet CentreStack & TrioFox /storage/t.dn 目录遍历漏洞(CVE-2025-11371)
- 2025-11-03Adobe Commerce/Magento SessionReaper /customer/address_file/upload 文件上传漏洞(CVE-2025-54236)
- 2025-11-02(CVE-2025-12593)code-projects Simple Online Hotel Reservation System 2.0 Photo Handler组件任意文件上传漏洞
- 2025-10-29(CVE-2025-4665) Contact Form CFDB7 SQL注入与不安全反序列化漏洞
- 2025-10-29关于portal端importExcelTemplate接口任意文件上传漏洞修复通告
- POC 2025-10-28维达外贸客户关系管理系统 AccountSelect 存在SQL注入漏洞
- 2025-10-28Apache Tomcat URL重写绕过漏洞 (CVE-2025-55752)
- 2025-10-28Apache Tomcat 存在路径遍历漏洞(CVE-2025-55752)
- 2025-10-27(CVE-2025-29927) Next.js 中间件授权检查绕过漏洞
- 2025-10-27(CVE-2025-5777)Citrix NetScaler管理接口输入验证不足导致内存读取越界漏洞
- 2025-10-24Atlassian Jira Software Data Center And Server 需授权 路径遍历漏洞
- 2025-10-24(CVE-2015-10137)WordPress Contact Form With File Upload插件任意文件上传漏洞
- 2025-10-22(CVE-2025-61757)Oracle Identity Manager REST WebServices远程接管漏洞
- 2025-10-22(CVE-2025-62522)Vite开发服务器Windows环境下文件泄露漏洞
- 2025-10-22Cisco IOS XE Software 命令注入漏洞
- 2025-10-17(CVE-2025-53770)Microsoft SharePoint Server反序列化漏洞允许远程代码执行
- 2025-10-17PrestaShop MyPrestaModules send.php 信息泄露漏洞(CVE-2023-39677)
- 2025-10-17PrestaShop /module/xipblog/archive SQL 注入漏洞(CVE-2023-27847)
- 2025-10-17飞致云 DataEase 需授权 代码注入漏洞
- 2025-10-17飞致云 Dataease 需授权 SQL注入漏洞
- 2025-10-17飞致云 Dataease 未授权 跨站点脚本攻击(XSS)
- 2025-10-17飞致云 Dataease 需授权 JDBC注入漏洞
- 2025-10-17Spring Cloud Gateway SpEL 表达式注入漏洞
- 2025-10-17JBOSS Netty SMTP 未授权 命令注入漏洞
- 2025-10-17Apache ActiveMQ NMS AMQP Client 反序列化漏洞
- 2025-10-17(CVE-2015-10139)WPLMS WordPress主题权限提升漏洞
- 2025-10-17(CVE-2015-10138) WordPress Work The Flow File Upload插件任意文件上传漏洞
- 2025-10-17(CVE-2016-15043)WP Mobile Detector插件任意文件上传漏洞
- 2025-10-17(CVE-2025-11849)Mammoth包目录遍历漏洞
- 2025-10-15Project-Online-Shopping-Website SQL注入漏洞
- 2025-10-14WordPress plugin WP JobHunt 跨站脚本漏洞
- 2025-10-14Code-Projects Project Monitoring System SQL注入漏洞
- 2025-10-14CodeAstro Gym Management System SQL注入漏洞
- 2025-10-14CodeAstro Gym Management System SQL注入漏洞
- 2025-10-14Apache ActiveMQ Artemis 控制台 弱口令漏洞
- 2025-10-14(CVE-2025-9242) WatchGuard Fireware OS 未授权远程代码执行漏洞
- 2025-10-14(CVE-2025-61884) Oracle配置器运行时UI未授权访问漏洞
- 2025-10-13Traccar 本地文件包含(CVE-2025-61666)
- 2025-10-13Vite 文件读取权限绕过(CVE-2025-46565)
- 2025-10-13(CVE-2025-9196)Trinity Audio插件敏感信息泄露漏洞
- 2025-10-13Cherry Studio 未授权 代码注入漏洞
- 2025-10-13Oracle E-Business Suite 存在访问控制不当漏洞(CVE-2025-61884)
- 2025-10-11GitLab GitLab CE/EE 权限管理不当漏洞
- 2025-10-11用友 畅捷通T+ InitContext 登录绕过漏洞
- 2025-10-11用友 畅捷通T+ SaveFileInfoToFile 任意文件上传漏洞
- 2025-10-11用友 畅捷通T+ GetRecordAll 敏感信息泄露漏洞
- 2025-10-10DataHub /logIn 默认口令漏洞
- 2025-10-10ZYCOO CooVox Series IP Phone System /login 默认口令漏洞
- 2025-10-10Pterodactyl Panel /locales/locale.json 信息泄露漏洞(CVE-2025-49132)
- 2025-10-10Oracle E-Business Suite 未授权访问漏洞(CVE-2025-61882)
- 2025-10-10(CVE-2025-36604)Dell Unity OS命令注入漏洞
- 2025-10-10PRTG 网络监视器 弱口令漏洞
- 2025-10-10TRUfusion Enterprise 认证绕过漏洞(CVE-2025-27223)
- 2025-10-10Unity Runtime 访问控制不当漏洞
- 2025-10-09TRUfusion Enterprise 目录遍历漏洞(CVE-2025-27222)
- 2025-10-09TRUfusion Enterprise 未授权访问漏洞(CVE-2025-27225)
- 2025-10-09(CVE-2025-4322)WordPress Motors主题权限提升漏洞
- 2025-10-09(CVE-2025-8085)Ditty WordPress插件displayItems端点未授权访问漏洞
- 2025-10-09GitLab CE/EE GraphQL 身份验证缺陷漏洞
- 2025-10-08Oracle E-Business Suite 远程代码执行漏洞
- 2025-10-07(CVE-2025-61882)Oracle Concurrent Processing BI Publisher Integration 远程接管漏洞
- 2025-10-06Oracle E-Business Suite 存在远程代码执行漏洞
- 2025-10-02CodeAstro Online Leave Application SQL注入漏洞
- 2025-10-02CodeAstro Online Leave Application SQL注入漏洞
- 2025-10-02PHPGurukul Employee Record Management System 代码注入漏洞
- 2025-10-02Code-Projects Simple Scheduling System SQL注入漏洞
- 2025-10-02Code-Projects Simple Scheduling System SQL注入漏洞
- 2025-10-02CodeAstro Student Grading System SQL注入漏洞
- 2025-10-02itsourcecode Hostel Management System 代码注入漏洞
- 2025-10-02Code-Projects Simple Scheduling System SQL注入漏洞
- 2025-10-01itsourcecode Open Source Job Portal SQL注入漏洞
- 2025-10-01CourseSelectionSystem SQL注入漏洞
- 2025-10-01Code-Projects E-Commerce Website SQL注入漏洞
- 2025-09-30Chinabugotech Hutool 代码注入漏洞
- 2025-09-30(CVE-2025-21013)Galaxy Watch SemSensorManager访问控制漏洞导致敏感信息泄露
- 2025-09-30(CVE-2025-21011)三星Galaxy Watch SemSensorService访问控制漏洞允许本地攻击者获取敏感传感器信息
- 2025-09-30(CVE-2025-21012)Galaxy Watch跌倒检测功能不正确的访问控制漏洞允许本地攻击者修改配置
- 2025-09-30(CVE-2025-21019) 三星健康未授权访问漏洞
- 2025-09-30(CVE-2025-21017)Blockchain Keystore越界写入漏洞
- 2025-09-30(CVE-2025-41246) VMware Tools for Windows授权不当漏洞
- 2025-09-30(CVE-2025-41250)VMware vCenter SMTP头部注入漏洞
- 2025-09-29Tencent WeKnora 未授权 服务器端请求伪造(SSRF)漏洞
- 2025-09-29Cisco Secure Firewall Adaptive Security Appliance 缓冲区溢出漏洞
- 2025-09-28Sim Studio AI 服务端请求伪造漏洞(CVE-2025-9805)
- 2025-09-28NVIDIA Triton Inference Server 未授权 命令注入漏洞
- 2025-09-26PHPJABBERS Restaurant Menu Maker Project 代码注入漏洞
- 2025-09-26SourceCodester Pet Grooming Management Software SQL注入漏洞
- 2025-09-26SourceCodester Pet Grooming Management Software SQL注入漏洞
- 2025-09-26(CVE-2025-20362)思科ASA和FTD VPN Web服务器输入验证漏洞导致未授权访问受限URL
- 2025-09-26TurboMail mailmain 信息泄露漏洞
- 2025-09-26WordPress Featured Image from URL plugin信息泄露漏洞(CVE-2025-9985)
- 2025-09-26GitLab CE/EE 资源分配控制不当漏洞 可导致拒绝服务
- 2025-09-26(CVE-2025-20333)思科ASA和FTD软件VPN Web服务器输入验证漏洞导致任意代码执行
- 2025-09-25Fortra GoAnywhere MFT 未授权 反序列化漏洞 可导致命令注入
- 2025-09-25(CVE-2025-20240) Cisco IOS XE Software Web UI反射型跨站脚本漏洞
- 2025-09-24Spring Cloud Gateway 信息泄露漏洞(CVE-2025-41243)
- 2025-09-24Spring Cloud Gateway环境属性修改漏洞 (CVE-2025-41243)
- 2025-09-22IBM Watsonx.data 跨站脚本漏洞
- 2025-09-22SourceCodester Pet Grooming Management Software SQL注入漏洞
- 2025-09-22Snipe-IT 跨站脚本漏洞
- 2025-09-22Spring Cloud Gateway WebFlux 存在表达式注入漏洞
- 2025-09-19Wordpress Plugin Ultimate Auction Pro /wp-admin/admin-ajax.php uwa_see_more_bids_ajax SQL 注入漏洞 (CVE-2025-4204)
- 2025-09-19Wordpress WooCommerce Ultimate Gift Card /wp-admin/admin-ajax.php mwb_wgm_preview_mail 文件上传漏洞(CVE-2024-8425)
- 2025-09-19PrestaShop /module/tshirtecommerce/designer SQL 注入漏洞(CVE-2023-27637)
- 2025-09-19PrestaShop SQL 注入漏洞(CVE-2023-46358)
- 2025-09-19PrestaShop /module/askforaquote/QuotesCart SQL 注入漏洞(CVE-2023-27843)
- 2025-09-18QNAP Qsync Central 路径遍历漏洞
- 2025-09-18QNAP Qsync Central 路径遍历漏洞
- 2025-09-18QNAP Qsync Central SQL注入漏洞
- 2025-09-18QNAP VioStor 路径遍历漏洞
- 2025-09-18QNAP Systems Photo Station 跨站脚本漏洞
- 2025-09-18(CVE-2025-10035)Fortra GoAnywhere MFT License Servlet反序列化漏洞可能导致命令注入
- 2025-09-17Vmware Spring Security 逻辑缺陷漏洞
- 2025-09-16HP 1820-8G Switch J9979A 弱口令漏洞
- 2025-09-16OpenPrinting CUPS 身份验证缺陷漏洞
- 2025-09-15itC 中心管理服务器 uploadFileApp.do 任意文件上传漏洞
- 2025-09-15飞致云 Dataease DB2 需授权 服务器端请求伪造(SSRF)漏洞
- 2025-09-15飞致云 Dataease Impala 需授权 代码注入漏洞
- 2025-09-15飞致云 Dataease Redshift 需授权 代码注入漏洞
- 2025-09-14(CVE-2025-10204)AC Smart II 未授权管理员密码重置漏洞
- 2025-09-12Fujitsu IP Series 权限绕过漏洞(CVE-2023-38433)
- 2025-09-12MagicINFO SWUpdateFileUploader 文件上传漏洞
- 2025-09-12DataCube3 exec.php SQL 注入漏洞(CVE-2024-25833)
- 2025-09-12Appsmith postgres 代码执行漏洞(CVE-2024-55963)
- 2025-09-12BLINK routers set_AdvDns_cfg 命令执行漏洞
- 2025-09-12XWiki Platform /rest/wikis/xwiki/pages 权限绕过漏洞(CVE-2025-29925)
- 2025-09-12Next.js Middleware 服务器端请求伪造漏洞(CVE-2025-57822)
- 2025-09-12Commvault /commandcenter/publicLink.do 权限绕过漏洞(CVE-2025-57788)
- 2025-09-11WordPress Ditty 存在 SSRF 漏洞(CVE-2025-8085)
- 2025-09-11西部数码 NAS sendLogToSupport.php 远程代码执行漏洞
- 2025-09-11SAP Netweaver 未授权 反序列化漏洞
- 2025-09-11(CVE-2025-9910)jsondiffpatch 0.7.2前版本跨站脚本漏洞
- 2025-09-10华天软件InforCenter PLM uploadFileHttp 任意文件上传漏洞
- 2025-09-09(CVE-2025-58751) Vite server.fs 安全绕过漏洞
- 2025-09-09Next.js Middleware SSRF漏洞(CVE-2025-57822)
- 2025-09-09FOG Project FOG 权限管理不当漏洞
- 2025-09-09Microsoft Web Deploy 需授权 反序列化漏洞 可导致任意代码执行
- 2025-09-08Apache Jackrabbit 代码注入漏洞
- 2025-09-06(CVE-2025-58443) FOG认证绕过漏洞
- POC 2025-09-05用友NC IMsgCenterWebService 命令执行漏洞
- 2025-09-05帆软报表 /WebReport/ReportServe?op=plugin_logdb 代码执行漏洞
- 2025-09-05JetBrains TeamCity 认证绕过漏洞(CVE-2024-23917)
- 2025-09-05(CVE-2025-58179)Astro Cloudflare适配器SSRF漏洞允许绕过第三方域限制
- 2025-09-04Windows NTLMv2-SSP Hash信息泄露漏洞(CVE-2025-50154)
- 2025-09-04(CVE-2025-2411) TaskPano身份验证绕过漏洞
- 2025-09-04Netty Netty-Codec-Compression等 编码不规范漏洞 可导致 DoS
- 2025-09-03Jeecgboot /jmreport/save远程代码执行漏洞
- POC 2025-09-03Smartbi /imageimport.jsp 存在任意文件上传
- 2025-09-03Gitness LFS 需授权 路径遍历漏洞 可导致远程代码执行
- 2025-09-03(CVE-2025-20280) 思科EPNM和Prime Infrastructure存储型跨站脚本漏洞
- 2025-09-03(CVE-2025-20328)思科Webex会议系统用户资料组件输入验证不足导致跨站脚本漏洞
- 2025-09-03(CVE-2025-20291)思科Webex会议系统URL验证不足导致开放重定向漏洞
- 2025-09-03(CVE-2025-20270)思科EPNM和Prime基础架构API请求验证不当导致信息泄露漏洞
- 2025-09-02WordPress plugin Events Addon for Elementor 跨站脚本漏洞
- 2025-09-02WordPress plugin Related Posts Lite 跨站请求伪造漏洞
- 2025-09-02WordPress plugin TablePress 跨站脚本漏洞
- 2025-09-02WordPress plugin Ocean Extra 跨站脚本漏洞
- 2025-09-02(CVE-2025-2413) Akinsoft ProKuafor 身份验证尝试限制漏洞 访问控制漏洞
- 2025-09-01宏景人力资源信息管理系统 KhFieldTree 存在SQL注入漏洞
- 2025-09-01畅捷通T+ ME_MemberIntegral_IntegralAdjust 存在反序列化漏洞
- 2025-09-01畅捷通T+ getdecallusers信息泄露漏洞
- 2025-09-01禅道 zahost-create.html 存在命令执行漏洞
- 2025-09-01百卓Smart uploadfile存在任意文件上传漏洞
- 2025-09-01Panabit iXCache /cgi-bin/Maintain/date_config 远程命令执行漏洞
- 2025-09-01Oracle E-Business Suite /OA_HTML/jtfwrepo.xml 敏感信息泄漏漏洞
- 2025-09-01CVE-2019-11510: Pulse Connect Secure SSL VPN Arbitrary File Read
- 2025-09-01CVE-2019-16278: Nostromo 1.9.6 - Remote Code Execution
- 2025-09-01CVE-2019-16759: vBulletin v5.0.0-v5.5.4 Remote Command Execution
- 2025-09-01CVE-2019-16996: Metinfo 7.0.0beta SQL Inject
- 2025-09-01CVE-2019-16997: Metinfo sql inject
- 2025-09-01CVE-2019-17418: Metinfo sql inject
- 2025-09-01CVE-2019-19781: Citrix Application Delivery Controller (ADC) and Gateway Directory Traversal.
- 2025-09-01CVE-2019-19985: WordPress Plugin Email Subscribers & Newsletters 4.2.2 - Unauthenticated File Download
- 2025-09-01CVE-2019-20085: TVT NVMS 1000 - Directory Traversal
- 2025-09-01CVE-2019-7192: QNAP PhotoStation Unauthorizated File Read
- 2025-09-01CVE-2019-9670: Zimbra Collaboration XXE
- 2025-09-01ibm-storage-default-password: IBM Storage Management Default Login
- 2025-09-01telecom-gateway-default-password: Telecom Gateway Default Password
- 2025-09-01tomcat-default-login: Apahce Tomcat Manager Default Login
- 2025-09-01trilithic-viewpoint-default-password: Trilithic Viewpoint Default Login
- 2025-09-01nsfocus-uts-password-leak: Nsfocus uts password leak
- 2025-09-01alertmanager-unauth: Alertmanager 未授权访问
- 2025-09-01bt742-pma-unauthorized-access: BT742 PMA Unauthorized Access
- 2025-09-01druid-monitor-unauth: Druid Monitor Unauth
- 2025-09-01etcd-unauth: ETCD Unauth
- 2025-09-01qizhi-fortressaircraft-unauthorized: qizhi fortressaircraft unauthorized
- 2025-09-01springboot-actuator-unauth: Springboot Actuator Unauth
- 2025-09-01amtt-hiboss-server-ping-rce: Amtt hiboss Server Ping RCE
- 2025-09-01cellinxnvt-getfilecontent-cgi-fileread: Cellinx NVT - GetFileContent.cgi - FileRead
- 2025-09-01chanjet-tplus-checkpassword-sqli: 用友 畅捷通T+ CheckPassword SQL注入漏洞
- 2025-09-01docker-registry-api-unauth: docker registry api 未经批准
- 2025-09-01docker-registry: Docker Registry Listing
- 2025-09-01esafenet-cdgserver3-autosignservice1-rce: 亿赛通电子文档系统 AutoSignService1 RCE
- 2025-09-01esafenet-cdgserver3-clientloginweb-rce: 亿赛通电子文档系统 ClientLoginWeb RCE
- 2025-09-01esafenet-cdgserver3-decryptionapp-rce: 亿赛通电子文档系统 DecryptionApp RCE
- 2025-09-01esafenet-cdgserver3-fileauditservice-rce: 亿赛通电子文档系统 FileAuditService RCE
- 2025-09-01esafenet-sql-mysql-fileread: 亿赛通未授权文件下载
- 2025-09-01fastjson-rce-all: Fastjson Deserialization RCE
- 2025-09-01finereport-directory-traversal: Finereport Directory Traversal
- 2025-09-01gitlab-api-user-enum: GitLab - User Information Disclosure Via Open API
- 2025-09-01hikvision-center-fastjson-rce: 海康威视综合安防-运行管理中心-Fastjson-远程命令执行漏洞
- 2025-09-01honeypot-detection: Honeypot Detection
- 2025-09-01huatiandongli-ntkodownload-fileread: 华天动力 ntkoDownload 任意文件读取
- 2025-09-01huatiandongli-templateservice-fileread: 华天动力 ntkoDownload 任意文件读取
- 2025-09-01huijietong-cloud-fileread: Huijietong Cloud File Read
- 2025-09-01Jeecg-boot v2.1.2-v3.0.0 后台未授权SQL注入漏洞: Jeecg-boot v2.1.2-v3.0.0 后台未授权SQL注入漏洞
- 2025-09-01jeecgboot-commoncontroller-parserxml-fileupload: Jeecgboot commonController parserXml fileupload
- 2025-09-01pbootcms-database-file-download: Pbootcms Database File Download
- 2025-09-01php-livechat-uploadimg-html-upload: PHP LiveChat Upload
- 2025-09-01sangfor-reporter-anyfileread: Sangfor reporter 任意文件读取
- 2025-09-01smartbi-smartbi-bi-readfile: Smartbi smartbi_bi 任意文件读取
- 2025-09-01spon-ip-intercom-file-read: Spon Ip Intercom File Read
- 2025-09-01tamronos-iptv-rce: Tamronos iptv rce
- 2025-09-01thinkadmin-v6-readfile: Thinkadmin v6 readfile
- 2025-09-01thinkcmf-lfi: Thinkcmf lfi
- 2025-09-01thinkcmf-write-shell: Thinkcmf write shell
- 2025-09-01thinkphp-30-rce: Thinkphp 3.0 RCE
- 2025-09-01thinkphp-5.0.23-rce: Thinkphp debug 执行任意命令
- 2025-09-01thinkphp-50-rce: Thinkphp 5.0 RCE
- 2025-09-01thinkphp-v6-file-write: thinkphp-v6-file-write
- 2025-09-01tongda-handle-sqli: 通达OA handle SQL注入
- 2025-09-01tpshop-directory-traversal: Tpshop Directory Traversal
- 2025-09-01tpshop-sqli: Tpshop sqli
- 2025-09-01typecho-rce: Typecho rce
- 2025-09-01wavlink-router-live-api-cgi-rce: WavLink Router Live API cgi RCE
- 2025-09-01weaver-oa-workrelate-file-upload: Weaver OA Workrelate File Upload
- 2025-09-01western-digital-mycloud-multi-uploadify-file-upload: Western Digital MyCloud Multi Uploadify File Upload
- 2025-09-01wordpress-ext-adaptive-images-lfi: Wordpress Ext Adaptive Images lfi
- 2025-09-01wordpress-ext-mailpress-rce: Wordpress Ext Mailpress RCE
- 2025-09-01yongyou-grp-u8-smartupload01-fileupload: 用友 GRP u8 SmartUpload01 文件上传漏洞
- 2025-09-01yonyou-nc-monitorservlet-rce: Yonyou NC monitors servlet RCE
- 2025-09-01yonyou-nc-portalfile-fileread: 用友NC portal/file 任意文件读取漏洞
- 2025-09-01jndi-test: JNDI Test
- 2025-09-01tcp-demo: TCP Demo
- 2025-09-01brute: brute
- 2025-09-01CVE-2011-2523: VSFTPD 2.3.4 - Backdoor Command Execution
- 2025-09-01CVE-2023-20888: VMware Aria Operations for Networks - Remote Code Execution
- 2025-09-01tidb-unauth: TiDB - Unauthenticated Access
- 2025-09-01youtube: youtube
- 2025-08-29IBM Watson Studio on Cloud Pak for Data 跨站脚本漏洞
- 2025-08-29ainopol IPTV 网关 /network/net/login.php 文件 host 参数 命令执行漏洞
- 2025-08-29UEditor 编辑器 /ueditor/index.html 未授权访问漏洞(CNVD-2019-07933)
- 2025-08-29Next.js X-Middleware-Subrequest 权限绕过漏洞(CVE-2025-29927)
- 2025-08-29Apache Struts2 S2-067 /index.action 文件上传漏洞(CVE-2024-53677)
- 2025-08-29Struts2-062 / 代码执行漏洞(CVE-2021-31805)
- 2025-08-29Apache Struts2 2.0.0~2.2.3 S2-007 /user.action 命令执行漏洞(CVE-2012-0838)
- 2025-08-29(CVE-2025-9377) TP-Link Archer C7/TL-WR841N 家长控制 身份验证绕过漏洞
- 2025-08-28Dell KACE Systems Management Appliance (K1000)存在命令执行漏洞(CVE-2019-20504)
- 2025-08-28Network Technologies Inc ENVIROMUX存在默认口令
- 2025-08-28(CVE-2024-13979) 圣乔ERP系统 SQL注入漏洞
- 2025-08-27CrafterCMS存在XSS漏洞(CVE-2023-4136)
- 2025-08-27Rocket LMS存在默认口令
- 2025-08-27ZKTeco BioTime v8.5.5存在路径遍历漏洞(CVE-2023-38950)
- 2025-08-26Dataease H2 JDBC 远程代码执行漏洞
- 2025-08-26mojoPortal imagehandler存在任意文件读取漏洞
- 2025-08-26(CVE-2025-57772) DataEase H2 JDBC远程代码执行绕过漏洞
- 2025-08-25Atlassian Confluence /json/setup-restore.action 文件上传漏洞(CVE-2023-22518)
- 2025-08-25OpenMetadata存在默认账号密码
- 2025-08-25Apache ActiveMQ Artemis Console存在默认账号密码
- 2025-08-22Docker Desktop Engine API 未授权访问漏洞
- 2025-08-22Stirling-PDF Web Application /api/v1/convert/html/pdf 服务器端请求伪造漏洞(CVE-2025-55150)
- 2025-08-22ProjectSend / 权限绕过漏洞(CVE-2024-11680)
- 2025-08-22Ivanti Pulse Connect Secure VPN /dana-na/auth/saml-sso.cgi XML 外部实体注入漏洞(CVE-2024-22024)
- 2025-08-22NextChat /api/cors 服务器端请求伪造漏洞(CVE-2023-49785)
- 2025-08-22Jeecg-Boot /sys/dict/queryTableData SQL 注入漏洞(CVE-2022-45205)
- 2025-08-22AstrBot /api/auth/login 默认口令漏洞
- 2025-08-22Jeecg-Boot /sys/dict/loadTreeData SQL 注入漏洞(CVE-2023-38992)
- 2025-08-22Smartbi /vision/share.jsp 权限绕过漏洞
- 2025-08-22Oracle PeopleSoft /PSIGW/PeopleSoftServiceListeningConnector XML 外部实体注入漏洞(CVE-2017-3548)
- 2025-08-22Sante PACS Server.exe 路径遍历信息泄露 (CVE-2025-2264)
- 2025-08-21WordPress Business Directory 插件 /business-directory SQL 注入漏洞(CVE-2024-4443)
- 2025-08-21Magento /rest/all/V1/guest-carts/test-assetnote/estimate-shipping-methods XML 外部实体注入漏洞(CVE-2024-34102)
- 2025-08-21JimuReport v1.7.8 /jeecg-boot/jmreport/dict/list 权限绕过漏洞(CVE-2024-44893)
- 2025-08-21TurboMeeting /as/wapi/vmp SQL 注入漏洞(CVE-2024-38289)
- 2025-08-21White Star Software Protop /pt3upd/ 目录遍历漏洞 (CVE-2025-44177)
- 2025-08-21Progress Telerik Report Server /Startup/Register 未授权访问漏洞(CVE-2024-4358)
- 2025-08-21ThinkPHP /index.php 信息泄露漏洞(CVE-2022-25481)
- 2025-08-21WordPress Events Manager <= 7.0.3 SQL注入漏洞(CVE-2025-6970)
- 2025-08-21(CVE-2010-20103)ProFTPD 1.3.3c后门导致远程代码执行漏洞
- 2025-08-20PaloAlto-Expedition OS命令注入漏洞 (CVE-2025-0107)
- 2025-08-20ETQ Reliance存在反射xss漏洞(CVE-2025-34141)
- 2025-08-18Smartbi 远程代码执行漏洞
- 2025-08-17Cisco Secure Firewall Management Center和Cisco Secure Firewall Threat Defense 操作系统命令注入漏洞
- 2025-08-17itsourcecode Online Tour and Travel Management System 注入漏洞
- 2025-08-17Code-Projects Medical Store Management System 注入漏洞
- 2025-08-15MapTiler Tileserver-php v2.0 存在xss漏洞(CVE-2025-44136)
- 2025-08-15MapTiler Tileserver-php v2.0 存在目录遍历漏洞(CVE-2025-44137)
- 2025-08-15Exrick Xboot Swagger SecurityController.java服务器端请求伪造(CVE-2025-8527)
- 2025-08-15(CVE-2025-5047)Autodesk AutoCAD解析DGN文件未初始化变量漏洞
- 2025-08-15(CVE-2025-5046)Autodesk AutoCAD DGN文件处理越界读漏洞
- 2025-08-14Electrolink FM/DAB/TV发射机网络管理系统未授权访问(CVE-2025-51040)
- 2025-08-14MCP Inspector小于版本0.14.1存在未授权访问漏洞
- 2025-08-13Stirling-PDF 服务端请求伪造漏洞(CVE-2025-55150)
- 2025-08-13(CVE-2025-4410)SetupUtility模块缓冲区溢出漏洞
- 2025-08-12Cherry Studio 命令注入漏洞
- 2025-08-12(CVE-2025-55161) Stirling-PDF Markdown转PDF功能中sanitizer绕过导致SSRF漏洞
- 2025-08-11DataGear平台 存在远程代码执行漏洞
- 2025-08-11TiTiler /cog/info存在SSRF漏洞
- 2025-08-10(CVE-2025-8786)Portabilis i-Diario 1.5.0及更早版本跨站脚本(XSS)漏洞
- 2025-08-10(CVE-2025-8791)LitmusChaos Litmus role参数不恰当授权漏洞
- 2025-08-10(CVE-2025-8792)LitmusChaos Litmus服务端安全控制绕过漏洞
- 2025-08-10(CVE-2025-8794)LitmusChaos Litmus授权绕过漏洞
- 2025-08-10(CVE-2025-8764)linlinjava litemall任意文件上传漏洞
- 2025-08-10(CVE-2025-8793)LitmusChaos Litmus项目ID参数不当控制漏洞
- 2025-08-10(CVE-2025-8759)TRENDnet TN-200 1.02b02硬编码加密密钥漏洞
- 2025-08-10(CVE-2025-8772)Vinades NukeViet 4.5.06 Module Handler组件文件处理服务器端请求伪造漏洞
- 2025-08-10(CVE-2025-8787)Portabilis i-Diario 活动记录组件跨站脚本漏洞
- 2025-08-10(CVE-2025-8788)Portabilis i-Diario 1.5.0及之前版本Informações adicionais组件跨站脚本漏洞
- 2025-08-10(CVE-2025-8758) TRENDnet TEW-822DRE设备vsftpd权限提升漏洞
- 2025-08-10(CVE-2025-8775)齐越电子签名平台任意文件上传漏洞
- 2025-08-10(CVE-2025-8765)Datacom DM955 5GT 1200 825.8010.00设备Wireless Basic Settings组件SSID参数跨站脚本漏洞
- 2025-08-10(CVE-2025-8773)Dinstar Monitoring Platform SQL注入漏洞
- 2025-08-09(CVE-2025-5095)Burk Technology ARC Solo 无需认证的密码更改漏洞
- 2025-08-09(CVE-2025-8746) GNU libopts本地内存损坏漏洞
- 2025-08-09(CVE-2025-55008) AuthKit 0.6.1及以下版本敏感认证信息泄露漏洞
- 2025-08-09(CVE-2025-8752)Wangzhixuan Spring-Shiro-Training /role/add命令注入漏洞
- 2025-08-09(CVE-2025-8751)Protected Total WebShield Extension Block Page组件跨站脚本漏洞
- 2025-08-09(CVE-2025-8756)TDuckCloud tduck-platform 5.1授权绕过漏洞
- 2025-08-09(CVE-2025-8753) Linlinjava Litemall 文件删除功能路径遍历漏洞
- 2025-08-09(CVE-2025-55149) Tiny-Scientist 0.1.1及以下版本路径遍历漏洞允许访问任意PDF文件
- 2025-08-09(CVE-2025-8743)Scada-LTS Virtual Data Source Property Handler Name参数跨站脚本漏洞
- 2025-08-09(CVE-2025-8757)TRENDnet TV-IP110WN 1.2.2 Embedded Boa Web Server权限违规漏洞
- 2025-08-08WordPress CZ Loan Management <= 1.1 /wp-admin/admin-ajax.php SQL 注入漏洞 (CVE-2024-5975)
- 2025-08-08WordPress TrueBooker WordPress插件 /wp-content/plugins/truebooker-appointment-booking/main/truebooker-service-price.php SQL 注入漏洞 (CVE-2024-6924)
- 2025-08-08WordPress Web Directory Free < 1.7.0 /wp-admin/admin-ajax.php SQL 注入漏洞 (CVE-2024-3552)
- 2025-08-08MTab书签 /LinkStore/getIcon SQL 注入漏洞 (CVE-2024-35361)
- 2025-08-08ESAFENET CDG /CDGServer3/parameter/HookService;logindojojs SQL 注入漏洞 (CVE-2024-10660)
- 2025-08-08LobeChat /api/proxy 服务器端请求伪造漏洞(CVE-2024-32964)
- 2025-08-08WordPress Plugin NotificationX /wp-json/notificationx/v1/analytics SQL 注入漏洞 (CVE-2024-1698)
- 2025-08-08QNAP QTS 多款设备 /cgi-bin/priv/privWizard.cgi 权限绕过漏洞(CVE-2024-21899)
- 2025-08-08AJ-Report /;swagger-ui/dataSource/pageList SQL 注入漏洞(CVE-2024-5350)
- 2025-08-08Nuxt.js /__nuxt_component_test__ 代码执行漏洞(CVE-2023-3224)
- 2025-08-08SuiteCRM /index.php delegate SQL 注入漏洞(CVE-2024-36412)
- 2025-08-08(CVE-2025-26513)SAN Host Utilities for Windows 8.0前版本安装程序本地权限提升漏洞
- 2025-08-08(CVE-2025-34150)深圳Aitemi M300 Wi-Fi中继器PPPoE配置接口命令注入漏洞
- 2025-08-08(CVE-2025-8697)agentUniverse 远程OS命令注入漏洞
- 2025-08-07Kingdee Cloud-Starry-Sky Enterprise Edition 路径遍历漏洞
- 2025-08-07InvisionCommunity存在代码注入漏洞(CVE-2025-47916)
- 2025-08-07Writebot AI内容生成器任意文件上传(CVE-2025-52078)
- 2025-08-07Wing FTP Server认证绕过导致远程代码执行(CVE-2025-47812)
- 2025-08-07(CVE-2025-8667)SkyworkAI DeepResearchAgent OS命令注入漏洞
- 2025-08-06(CVE-2025-5197)Hugging Face Transformers正则表达式拒绝服务漏洞
- 2025-08-06(CVE-2025-21024) Smart View在Android 16之前版本中因使用隐式意图导致敏感信息泄露漏洞
- 2025-08-06(CVE-2025-21023)Galaxy Watch WcsExtension组件访问控制漏洞
- 2025-08-06(CVE-2025-21021)Blockchain Keystore绘图PIN输入组件越界写入漏洞
- 2025-08-06(CVE-2025-21015)Document scanner路径遍历漏洞允许本地攻击者删除文件
- 2025-08-06(CVE-2025-21016)Android PkgPredictorService访问控制漏洞
- 2025-08-06(CVE-2025-21018)区块链密钥库越界读取漏洞
- 2025-08-06(CVE-2025-21020)Blockchain Keystore 1.3.17.2之前版本创建位图图像时存在越界写入漏洞
- 2025-08-06(CVE-2025-8556)CIRCL FourQ椭圆曲线低阶点注入及验证漏洞
- 2025-08-05Copyparty1.8.6存在XSS漏洞(CVE-2025-54589)
- 2025-08-05(CVE-2025-4604)Liferay Portal和DXP版本验证码绕过导致远程代码执行漏洞
- 2025-08-05(CVE-2025-8555)atjiu pybbs 6.0.0及之前版本跨站脚本漏洞
- 2025-08-05(CVE-2025-8554) Atjiu PyBBS 6.0.0 用户列表页面Username参数跨站脚本漏洞
- 2025-08-04ZKTime 时间精细化管理平台 /api/get_visitor_info 信息泄露漏洞
- 2025-08-04NestJS DevTools Integration interact 存在远程代码执行漏洞(CVE-2025-54782)
- 2025-08-04(CVE-2025-20697)Power HAL越界写入导致本地权限提升漏洞
- 2025-08-04(CVE-2025-20698) Power HAL越界写入漏洞导致本地权限提升
- 2025-08-04(CVE-2025-41658)CODESYS Runtime Toolkit默认文件权限配置漏洞导致敏感文件泄露
- 2025-08-03(CVE-2025-8469)SourceCodester Online Hotel Reservation System 1.0 ID参数SQL注入漏洞
- 2025-08-03(CVE-2025-8495)Code-Projects Intern Membership Management System 1.0 SQL注入漏洞
- 2025-08-03(CVE-2025-8470)SourceCodester Online Hotel Reservation System 1.0 SQL注入漏洞
- 2025-08-03(CVE-2025-8471)ProjectWorlds在线招生系统SQL注入漏洞
- 2025-08-03(CVE-2025-8494)code-projects Intern Membership Management System 1.0 SQL注入漏洞
- 2025-08-02(CVE-2025-54782) Nest框架@nestjs/devtools-integration包远程代码执行漏洞
- 2025-08-02(CVE-2025-8467)Wazifa System 1.0 regcontrol.php Username参数SQL注入漏洞
- 2025-08-02(CVE-2024-13978) LibTIFF t2p_read_tiff_init函数空指针解引用漏洞
- 2025-08-01白星软件Protop 路径穿越(CVE-2025-44177)
- POC 2025-08-01CVE-2025-5777: Citrix NetScaler Memory Disclosure - CitrixBleed 2
- POC 2025-08-01CVE-2025-1974-k8s: Ingress-Nginx Controller - Unauthenticated Remote Code Execution
- POC 2025-08-01CVE-2019-0604: Microsoft SharePoint - Remote Code Execution
- POC 2025-08-01CVE-2020-0646: Microsoft .NET Framework - Remote Code Execution
- POC 2025-08-01CVE-2020-13935: Apache Tomcat WebSocket Frame Payload Length Validation Denial of Service
- POC 2025-08-01CVE-2022-42475: Fortinet SSL-VPN - Heap-Based Buffer Overflow
- POC 2025-08-01CVE-2023-2640: GameOver(lay) - Local Privilege Escalation in Ubuntu Kernel
- POC 2025-08-01CVE-2023-2986: Abandoned Cart Lite for WooCommerce - Authentication Bypass
- POC 2025-08-01CVE-2023-4911: Looney Tunables Linux - Local Privilege Escalation
- POC 2025-08-01CVE-2024-10443: Synology BeeStation BST150-4T - Unauthenticated Command Injection
- POC 2025-08-01CVE-2024-12356: Privileged Remote Access & Remote Support - Command Injection
- POC 2025-08-01CVE-2024-45409: GitLab - SAML Authentication Bypass
- POC 2025-08-01CVE-2024-56331: Uptime-Kuma - Local File Inclusion (LFI)
- POC 2025-08-01CVE-2024-9487: GitHub Enterprise - SAML Authentication Bypass
- POC 2025-08-01CVE-2025-22457: Ivanti Connect Secure - Stack-based Buffer Overflow
- POC 2025-08-01CVE-2025-25291: GitLab - SAML Authentication Bypass
- POC 2025-08-01CVE-2025-32433: Erlang/OTP SSH - Remote Code Execution
- POC 2025-08-01CVE-2025-54309: CrushFTP - Authentication Bypass Race Condition
- POC 2025-08-01CVE-2022-42889: Text4Shell - Remote Code Execution
- POC 2025-08-01CVE-2022-29455-headless: WordPress Elementor Website Builder <= 3.5.5 - DOM Cross-Site Scripting
- POC 2025-08-01CVE-2025-24752: Essential Addons for Elementor < 6.0.15 - Cross-Site Scripting
- POC 2025-08-01CVE-2025-29927-HEADLESS: Next.js Middleware Authorization Bypass
- POC 2025-08-01CVE-2000-0114: Microsoft FrontPage Extensions - Information Disclosure
- POC 2025-08-01CVE-2000-0760: Jakarta Tomcat 3.1 and 3.0 - Information Disclosure
- POC 2025-08-01CVE-2001-0537: Cisco IOS HTTP Configuration - Authentication Bypass
- POC 2025-08-01CVE-2004-1965: Open Bulletin Board (OpenBB) v1.0.6 - Open Redirect/XSS
- POC 2025-08-01CVE-2005-2428: Lotus Domino R5 and R6 WebMail - Information Disclosure
- POC 2025-08-01CVE-2005-3634: SAP Web Application Server 6.x/7.0 - Open Redirect
- POC 2025-08-01CVE-2006-1681: Cherokee HTTPD <=0.5 - Cross-Site Scripting
- POC 2025-08-01CVE-2007-2449: Apache Tomcat 4.x-7.x - Cross-Site Scripting
- POC 2025-08-01CVE-2007-3010: Alcatel-Lucent OmniPCX - Remote Command Execution
- POC 2025-08-01CVE-2007-4556: OpenSymphony XWork/Apache Struts2 - Remote Code Execution
- POC 2025-08-01CVE-2008-1059: WordPress Sniplets 1.1.2 - Local File Inclusion
- POC 2025-08-01CVE-2008-1061: WordPress Sniplets <=1.2.2 - Cross-Site Scripting
- POC 2025-08-01CVE-2008-1547: Microsoft OWA Exchange Server 2003 - 'redir.asp' Open Redirection
- POC 2025-08-01CVE-2008-2398: AppServ Open Project <=2.5.10 - Cross-Site Scripting
- POC 2025-08-01CVE-2008-6172: Joomla! Component RWCards 3.0.11 - Local File Inclusion
- POC 2025-08-01CVE-2008-7269: UC Gateway Investment SiteEngine v5.0 - Open Redirect
- POC 2025-08-01CVE-2009-0347: Autonomy Ultraseek - Open Redirect
- POC 2025-08-01CVE-2009-1496: Joomla! Cmimarketplace 0.1 - Local File Inclusion
- POC 2025-08-01CVE-2009-2100: Joomla! JoomlaPraise Projectfork 2.0.10 - Local File Inclusion
- POC 2025-08-01CVE-2009-4202: Joomla! Omilen Photo Gallery 0.5b - Local File Inclusion
- POC 2025-08-01CVE-2009-4679: Joomla! Portfolio Nexus - Remote File Inclusion
- POC 2025-08-01CVE-2009-5020: AWStats < 6.95 - Open Redirect
- POC 2025-08-01CVE-2010-0982: Joomla! Component com_cartweberp - Local File Inclusion
- POC 2025-08-01CVE-2010-1056: Joomla! Component com_rokdownloads - Local File Inclusion
- POC 2025-08-01CVE-2010-1217: Joomla! Component & Plugin JE Tooltip 1.0 - Local File Inclusion
- POC 2025-08-01CVE-2010-1307: Joomla! Component Magic Updater - Local File Inclusion
- POC 2025-08-01CVE-2010-1308: Joomla! Component SVMap 1.1.1 - Local File Inclusion
- POC 2025-08-01CVE-2010-1312: Joomla! Component News Portal 1.5.x - Local File Inclusion
- POC 2025-08-01CVE-2010-1313: Joomla! Component Saber Cart 1.0.0.12 - Local File Inclusion
- POC 2025-08-01CVE-2010-1315: Joomla! Component webERPcustomer - Local File Inclusion
- POC 2025-08-01CVE-2010-1345: Joomla! Component Cookex Agency CKForms - Local File Inclusion
- POC 2025-08-01CVE-2010-1352: Joomla! Component Juke Box 1.7 - Local File Inclusion
- POC 2025-08-01CVE-2010-1353: Joomla! Component LoginBox - Local File Inclusion
- POC 2025-08-01CVE-2010-1354: Joomla! Component VJDEO 1.0 - Local File Inclusion
- POC 2025-08-01CVE-2010-1429: Red Hat JBoss Enterprise Application Platform - Sensitive Information Disclosure
- POC 2025-08-01CVE-2010-1461: Joomla! Component Photo Battle 1.0.1 - Local File Inclusion
- POC 2025-08-01CVE-2010-1469: Joomla! Component JProject Manager 1.0 - Local File Inclusion
- POC 2025-08-01CVE-2010-1470: Joomla! Component Web TV 1.0 - Local File Inclusion
- POC 2025-08-01CVE-2010-1471: Joomla! Component Address Book 1.5.0 - Local File Inclusion
- POC 2025-08-01CVE-2010-1472: Joomla! Component Horoscope 1.5.0 - Local File Inclusion
- POC 2025-08-01CVE-2010-1473: Joomla! Component Advertising 0.25 - Local File Inclusion
- POC 2025-08-01CVE-2010-1474: Joomla! Component Sweetykeeper 1.5 - Local File Inclusion
- POC 2025-08-01CVE-2010-1475: Joomla! Component Preventive And Reservation 1.0.5 - Local File Inclusion
- POC 2025-08-01CVE-2010-1476: Joomla! Component AlphaUserPoints 1.5.5 - Local File Inclusion
- POC 2025-08-01CVE-2010-1478: Joomla! Component Jfeedback 1.2 - Local File Inclusion
- POC 2025-08-01CVE-2010-1491: Joomla! Component MMS Blog 2.3.0 - Local File Inclusion
- POC 2025-08-01CVE-2010-1494: Joomla! Component AWDwall 1.5.4 - Local File Inclusion
- POC 2025-08-01CVE-2010-1495: Joomla! Component Matamko 1.01 - Local File Inclusion
- POC 2025-08-01CVE-2010-1531: Joomla! Component redSHOP 1.0 - Local File Inclusion
- POC 2025-08-01CVE-2010-1532: Joomla! Component PowerMail Pro 1.5.3 - Local File Inclusion
- POC 2025-08-01CVE-2010-1533: Joomla! Component TweetLA 1.0.1 - Local File Inclusion
- POC 2025-08-01CVE-2010-1534: Joomla! Component Shoutbox Pro - Local File Inclusion
- POC 2025-08-01CVE-2010-1535: Joomla! Component TRAVELbook 1.0.1 - Local File Inclusion
- POC 2025-08-01CVE-2010-1540: Joomla! Component com_blog - Directory Traversal
- POC 2025-08-01CVE-2010-1586: HP System Management Homepage (SMH) v2.x.x.x - Open Redirect
- POC 2025-08-01CVE-2010-1602: Joomla! Component ZiMB Comment 0.8.1 - Local File Inclusion
- POC 2025-08-01CVE-2010-1603: Joomla! Component ZiMBCore 0.1 - Local File Inclusion
- POC 2025-08-01CVE-2010-1607: Joomla! Component WMI 1.5.0 - Local File Inclusion
- POC 2025-08-01CVE-2010-1653: Joomla! Component Graphics 1.0.6 - Local File Inclusion
- POC 2025-08-01CVE-2010-1657: Joomla! Component SmartSite 1.0.0 - Local File Inclusion
- POC 2025-08-01CVE-2010-1658: Joomla! Component NoticeBoard 1.3 - Local File Inclusion
- POC 2025-08-01CVE-2010-1659: Joomla! Component Ultimate Portfolio 1.0 - Local File Inclusion
- POC 2025-08-01CVE-2010-1714: Joomla! Component Arcade Games 1.0 - Local File Inclusion
- POC 2025-08-01CVE-2010-1715: Joomla! Component Online Exam 1.5.0 - Local File Inclusion
- POC 2025-08-01CVE-2010-1717: Joomla! Component iF surfALERT 1.2 - Local File Inclusion
- POC 2025-08-01CVE-2010-1719: Joomla! Component MT Fire Eagle 1.2 - Local File Inclusion
- POC 2025-08-01CVE-2010-1722: Joomla! Component Online Market 2.x - Local File Inclusion
- POC 2025-08-01CVE-2010-1723: Joomla! Component iNetLanka Contact Us Draw Root Map 1.1 - Local File Inclusion
- POC 2025-08-01CVE-2010-1870: ListSERV Maestro <= 9.0-8 RCE
- POC 2025-08-01CVE-2010-1952: Joomla! Component BeeHeard 1.0 - Local File Inclusion
- POC 2025-08-01CVE-2010-1953: Joomla! Component iNetLanka Multiple Map 1.0 - Local File Inclusion
- POC 2025-08-01CVE-2010-1954: Joomla! Component iNetLanka Multiple root 1.0 - Local File Inclusion
- POC 2025-08-01CVE-2010-1955: Joomla! Component Deluxe Blog Factory 1.1.2 - Local File Inclusion
- POC 2025-08-01CVE-2010-1956: Joomla! Component Gadget Factory 1.0.0 - Local File Inclusion
- POC 2025-08-01CVE-2010-1957: Joomla! Component Love Factory 1.3.4 - Local File Inclusion
- POC 2025-08-01CVE-2010-1980: Joomla! Component Joomla! Flickr 1.0 - Local File Inclusion
- POC 2025-08-01CVE-2010-1981: Joomla! Component Fabrik 2.0 - Local File Inclusion
- POC 2025-08-01CVE-2010-1982: Joomla! Component JA Voice 2.0 - Local File Inclusion
- POC 2025-08-01CVE-2010-1983: Joomla! Component redTWITTER 1.0 - Local File Inclusion
- POC 2025-08-01CVE-2010-2033: Joomla! Percha Categories Tree 0.6 - Local File Inclusion
- POC 2025-08-01CVE-2010-2034: Joomla! Component Percha Image Attach 1.1 - Directory Traversal
- POC 2025-08-01CVE-2010-2035: Joomla! Component Percha Gallery 1.6 Beta - Directory Traversal
- POC 2025-08-01CVE-2010-2036: Joomla! Component Percha Fields Attach 1.0 - Directory Traversal
- POC 2025-08-01CVE-2010-2037: Joomla! Component Percha Downloads Attach 1.1 - Directory Traversal
- POC 2025-08-01CVE-2010-2045: Joomla! Component FDione Form Wizard 1.0.2 - Local File Inclusion
- POC 2025-08-01CVE-2010-2122: Joomla! Component simpledownload <=0.9.5 - Arbitrary File Retrieval
- POC 2025-08-01CVE-2010-2307: Motorola SBV6120E SURFboard Digital Voice Modem SBV6X2X-1.0.0.5-SCM - Directory Traversal
- POC 2025-08-01CVE-2010-2507: Joomla! Component Picasa2Gallery 1.2.8 - Local File Inclusion
- POC 2025-08-01CVE-2010-2857: Joomla! Component Music Manager - Local File Inclusion
- POC 2025-08-01CVE-2010-2918: Joomla! Component Visites 1.1 - MosConfig_absolute_path Remote File Inclusion
- POC 2025-08-01CVE-2010-2920: Joomla! Component Foobla Suggestions 1.5.1.2 - Local File Inclusion
- POC 2025-08-01CVE-2010-3203: Joomla! Component PicSell 1.0 - Arbitrary File Retrieval
- POC 2025-08-01CVE-2010-4231: Camtron CMNC-200 IP Camera - Directory Traversal
- POC 2025-08-01CVE-2010-4239: Tiki Wiki CMS Groupware 5.2 - Local File Inclusion
- POC 2025-08-01CVE-2010-4282: phpShowtime 2.0 - Directory Traversal
- POC 2025-08-01CVE-2010-4617: Joomla! Component JotLoader 2.2.1 - Local File Inclusion
- POC 2025-08-01CVE-2010-4719: Joomla! Component JRadio - Local File Inclusion
- POC 2025-08-01CVE-2010-4769: Joomla! Component Jimtawl 1.0.2 - Local File Inclusion
- POC 2025-08-01CVE-2010-4977: Joomla! Component Canteen 1.0 - Local File Inclusion
- POC 2025-08-01CVE-2010-5286: Joomla! Component Jstore - 'Controller' Local File Inclusion
- POC 2025-08-01CVE-2011-1669: WP Custom Pages 0.5.0.1 - Local File Inclusion (LFI)
- POC 2025-08-01CVE-2011-4336: Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting
- POC 2025-08-01CVE-2011-4618: Advanced Text Widget < 2.0.2 - Cross-Site Scripting
- POC 2025-08-01CVE-2011-4640: WebTitan < 3.60 - Local File Inclusion
- POC 2025-08-01CVE-2011-5106: WordPress Plugin Flexible Custom Post Type < 0.1.7 - Cross-Site Scripting
- POC 2025-08-01CVE-2011-5107: Alert Before Your Post <= 0.1.1 - Cross-Site Scripting
- POC 2025-08-01CVE-2011-5181: ClickDesk Live Support Live Chat 2.0 - Cross-Site Scripting
- POC 2025-08-01CVE-2011-5265: Featurific For WordPress 1.6.2 - Cross-Site Scripting
- POC 2025-08-01CVE-2012-0392: Apache Struts2 S2-008 RCE
- POC 2025-08-01CVE-2012-0394: Apache Struts <2.3.1.1 - Remote Code Execution
- POC 2025-08-01CVE-2012-0896: Count Per Day <= 3.1 - download.php f Parameter Traversal Arbitrary File Access
- POC 2025-08-01CVE-2012-0901: YouSayToo auto-publishing 1.0 - Cross-Site Scripting
- POC 2025-08-01CVE-2012-0981: phpShowtime 2.0 - Directory Traversal
- POC 2025-08-01CVE-2012-1835: WordPress Plugin All-in-One Event Calendar 1.4 - Cross-Site Scripting
- POC 2025-08-01CVE-2012-2371: WP-FaceThumb 0.1 - Cross-Site Scripting
- POC 2025-08-01CVE-2012-3153: Oracle Forms & Reports RCE (CVE-2012-3152 & CVE-2012-3153)
- POC 2025-08-01CVE-2012-4032: WebsitePanel before v1.2.2.1 - Open Redirect
- POC 2025-08-01CVE-2012-4273: 2 Click Socialmedia Buttons < 0.34 - Cross-Site Scripting
- POC 2025-08-01CVE-2012-4547: AWStats 6.95/7.0 - 'awredir.pl' Cross-Site Scripting
- POC 2025-08-01CVE-2012-4878: FlatnuX CMS - Directory Traversal
- POC 2025-08-01CVE-2012-4982: Forescout CounterACT 6.3.4.1 - Open Redirect
- POC 2025-08-01CVE-2012-5321: TikiWiki CMS Groupware v8.3 - Open Redirect
- POC 2025-08-01CVE-2012-5913: WordPress Integrator 1.32 - Cross-Site Scripting
- POC 2025-08-01CVE-2012-6499: WordPress Plugin Age Verification v0.4 - Open Redirect
- POC 2025-08-01CVE-2013-1965: Apache Struts2 S2-012 RCE
- POC 2025-08-01CVE-2013-2248: Apache Struts - Multiple Open Redirection Vulnerabilities
- POC 2025-08-01CVE-2013-2251: Apache Struts 2 - DefaultActionMapper Prefixes OGNL Code Execution
- POC 2025-08-01CVE-2013-2621: Telaen => v1.3.1 - Open Redirect
- POC 2025-08-01CVE-2013-4117: WordPress Plugin Category Grid View Gallery 2.3.1 - Cross-Site Scripting
- POC 2025-08-01CVE-2013-4625: WordPress Plugin Duplicator < 0.4.5 - Cross-Site Scripting
- POC 2025-08-01CVE-2013-5528: Cisco Unified Communications Manager 7/8/9 - Directory Traversal
- POC 2025-08-01CVE-2013-7091: Zimbra Collaboration Server 7.2.2/8.0.2 Local File Inclusion
- POC 2025-08-01CVE-2013-7285: XStream <1.4.6/1.4.10 - Remote Code Execution
- POC 2025-08-01CVE-2014-2321: ZTE Cable Modem Web Shell
- POC 2025-08-01CVE-2014-2323: Lighttpd 1.4.34 SQL Injection and Path Traversal
- POC 2025-08-01CVE-2014-2908: Siemens SIMATIC S7-1200 CPU - Cross-Site Scripting
- POC 2025-08-01CVE-2014-2962: Belkin N150 Router 1.00.08/1.00.09 - Path Traversal
- POC 2025-08-01CVE-2014-3120: ElasticSearch v1.1.1/1.2 RCE
- POC 2025-08-01CVE-2014-3206: Seagate BlackArmor NAS - Command Injection
- POC 2025-08-01CVE-2014-3744: Node.js st module Directory Traversal
- POC 2025-08-01CVE-2014-4513: ActiveHelper LiveHelp Server 3.1.0 - Cross-Site Scripting
- POC 2025-08-01CVE-2014-4535: Import Legacy Media <= 0.1 - Cross-Site Scripting
- POC 2025-08-01CVE-2014-4536: Infusionsoft Gravity Forms Add-on < 1.5.7 - Cross-Site Scripting
- POC 2025-08-01CVE-2014-4544: Podcast Channels < 0.28 - Cross-Site Scripting
- POC 2025-08-01CVE-2014-4550: Shortcode Ninja <= 1.4 - Cross-Site Scripting
- POC 2025-08-01CVE-2014-4561: Ultimate Weather Plugin <= 1.0 - Cross-Site Scripting
- POC 2025-08-01CVE-2014-4592: WP Planet <= 0.1 - Cross-Site Scripting
- POC 2025-08-01CVE-2014-4940: WordPress Plugin Tera Charts - Local File Inclusion
- POC 2025-08-01CVE-2014-4942: WordPress EasyCart <2.0.6 - Information Disclosure
- POC 2025-08-01CVE-2014-5111: Fonality trixbox - Local File Inclusion
- POC 2025-08-01CVE-2014-5181: Last.fm Rotation 1.0 - Path Traversal
- POC 2025-08-01CVE-2014-5187: Tom M8te (tom-m8te) Plugin 1.5.3 - Directory Traversal
- POC 2025-08-01CVE-2014-5258: webEdition 6.3.8.0 - Directory Traversal
- POC 2025-08-01CVE-2014-5368: WordPress Plugin WP Content Source Control - Directory Traversal
- POC 2025-08-01CVE-2014-8676: Simple Online Planning Tool <1.3.2 - Local File Inclusion
- POC 2025-08-01CVE-2014-9444: Frontend Uploader <= 0.9.2 - Cross-Site Scripting
- POC 2025-08-01CVE-2014-9606: Netsweeper 4.0.8 - Cross-Site Scripting
- POC 2025-08-01CVE-2014-9607: Netsweeper 4.0.4 - Cross-Site Scripting
- POC 2025-08-01CVE-2014-9608: Netsweeper 4.0.3 - Cross-Site Scripting
- POC 2025-08-01CVE-2014-9609: Netsweeper 4.0.8 - Directory Traversal
- POC 2025-08-01CVE-2014-9614: Netsweeper 4.0.5 - Default Weak Account
- POC 2025-08-01CVE-2014-9615: Netsweeper 4.0.4 - Cross-Site Scripting
- POC 2025-08-01CVE-2014-9617: Netsweeper 3.0.6 - Open Redirection
- POC 2025-08-01CVE-2014-9618: Netsweeper - Authentication Bypass
- POC 2025-08-01CVE-2015-0554: ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure
- POC 2025-08-01CVE-2015-1000005: WordPress Candidate Application Form <= 1.3 - Local File Inclusion
- POC 2025-08-01CVE-2015-1000010: WordPress Simple Image Manipulator < 1.0 - Local File Inclusion
- POC 2025-08-01CVE-2015-1427: ElasticSearch - Remote Code Execution
- POC 2025-08-01CVE-2015-1579: WordPress Slider Revolution - Local File Disclosure
- POC 2025-08-01CVE-2015-1635: Microsoft Windows 'HTTP.sys' - Remote Code Execution
- POC 2025-08-01CVE-2015-1880: Fortinet FortiOS <=5.2.3 - Cross-Site Scripting
- POC 2025-08-01CVE-2015-20067: WP Attachment Export < 0.2.4 - Unrestricted File Download
- POC 2025-08-01CVE-2015-2067: Magento Server MAGMI - Directory Traversal
- POC 2025-08-01CVE-2015-2068: Magento Server Mass Importer - Cross-Site Scripting
- POC 2025-08-01CVE-2015-2080: Eclipse Jetty <9.2.9.v20150224 - Sensitive Information Leakage
- POC 2025-08-01CVE-2015-2166: Ericsson Drutt MSDP - Local File Inclusion
- POC 2025-08-01CVE-2015-2755: WordPress AB Google Map Travel <=3.4 - Stored Cross-Site Scripting
- POC 2025-08-01CVE-2015-2794: DotNetNuke 07.04.00 - Administration Authentication Bypass
- POC 2025-08-01CVE-2015-2807: Navis DocumentCloud <0.1.1 - Cross-Site Scripting
- POC 2025-08-01CVE-2015-2863: Kaseya Virtual System Administrator - Open Redirect
- POC 2025-08-01CVE-2015-3035: TP-LINK - Local File Inclusion
- POC 2025-08-01CVE-2015-3337: Elasticsearch - Local File Inclusion
- POC 2025-08-01CVE-2015-3897: Bonita BPM Portal <6.5.3 - Local File Inclusion
- POC 2025-08-01CVE-2015-4062: WordPress NewStatPress 0.9.8 - SQL Injection
- POC 2025-08-01CVE-2015-4063: NewStatPress <0.9.9 - Cross-Site Scripting
- POC 2025-08-01CVE-2015-4414: WordPress SE HTML5 Album Audio Player 1.1.0 - Directory Traversal
- POC 2025-08-01CVE-2015-4455: WordPress Plugin Aviary Image Editor Addon For Gravity Forms 3.0 Beta - Arbitrary File Upload
- POC 2025-08-01CVE-2015-4666: Xceedium Xsuite <=2.4.4.5 - Local File Inclusion
- POC 2025-08-01CVE-2015-4668: Xsuite <=2.4.4.5 - Open Redirect
- POC 2025-08-01CVE-2015-4694: WordPress Zip Attachments <= 1.1.4 - Arbitrary File Retrieval
- POC 2025-08-01CVE-2015-5461: WordPress StageShow <5.0.9 - Open Redirect
- POC 2025-08-01CVE-2015-5469: WordPress MDC YouTube Downloader 2.1.0 - Local File Inclusion
- POC 2025-08-01CVE-2015-5471: Swim Team <= v1.44.10777 - Local File Inclusion
- POC 2025-08-01CVE-2015-5531: ElasticSearch <1.6.1 - Local File Inclusion
- POC 2025-08-01CVE-2015-6544: Combodo iTop <2.2.0-2459 - Cross-Site Scripting
- POC 2025-08-01CVE-2015-7377: WordPress Pie-Register <2.0.19 - Cross-Site Scripting
- POC 2025-08-01CVE-2015-7823: Kentico CMS 8.2 - Open Redirect
- POC 2025-08-01CVE-2015-8399: Atlassian Confluence <5.8.17 - Information Disclosure
- POC 2025-08-01CVE-2015-9312: NewStatPress <=1.0.4 - Cross-Site Scripting
- POC 2025-08-01CVE-2015-9323: 404 to 301 <= 2.0.2 - Authenticated Blind SQL Injection
- POC 2025-08-01CVE-2015-9480: WordPress RobotCPA 5 - Directory Traversal
- POC 2025-08-01CVE-2016-0957: Adobe AEM Dispatcher <4.15 - Rules Bypass
- POC 2025-08-01CVE-2016-1000126: WordPress Admin Font Editor <=1.8 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000128: WordPress anti-plagiarism <=3.60 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000129: WordPress defa-online-image-protector <=3.3 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000132: WordPress enhanced-tooltipglossary 3.2.8 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000133: WordPress forget-about-shortcode-buttons 1.1.1 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000136: WordPress heat-trackr 1.0 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000138: WordPress Admin Font Editor <=1.8 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000139: WordPress Infusionsoft Gravity Forms <=1.5.11 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000141: WordPress Page Layout builder v1.9.3 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000142: WordPress MW Font Changer <=4.2.5 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000143: WordPress Photoxhibit 2.1.8 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000146: WordPress Pondol Form to Mail <=1.1 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000152: WordPress Tidio-form <=1.0 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-1000153: WordPress Tidio Gallery <=1.1 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-10108: Western Digital MyCloud NAS - Command Injection
- POC 2025-08-01CVE-2016-10367: Opsview Monitor Pro - Local File Inclusion
- POC 2025-08-01CVE-2016-10368: Opsview Monitor Pro - Open Redirect
- POC 2025-08-01CVE-2016-10956: WordPress Mail Masta 1.0 - Local File Inclusion
- POC 2025-08-01CVE-2016-10960: WordPress wSecure Lite < 2.4 - Remote Code Execution
- POC 2025-08-01CVE-2016-10973: Brafton WordPress Plugin < 3.4.8 - Cross-Site Scripting
- POC 2025-08-01CVE-2016-10976: Safe Editor Plugin < 1.2 - CSS/JS-injection
- POC 2025-08-01CVE-2016-10993: ScoreMe Theme - Cross-Site Scripting
- POC 2025-08-01CVE-2016-15042: WordPress Frontend File Manager < 4.0 & N-Media Post Frontend < 1.1 - Arbitrary File Upload
- POC 2025-08-01CVE-2016-1555: NETGEAR WNAP320 Access Point Firmware - Remote Command Injection
- POC 2025-08-01CVE-2016-3081: Apache S2-032 Struts - Remote Code Execution