From 134eda14d333b07a7abb5e1e18f979f253b61450 Mon Sep 17 00:00:00 2001
From: Github-Bot <github-bot@example.com>
Date: Tue, 7 Jan 2025 09:25:41 +0000
Subject: [PATCH] Updated by Github Bot

---
 cache/Nsfocus.dat          |  15 ++
 cache/Tenable (Nessus).dat |  10 +
 data/cves.db               | Bin 50761728 -> 50774016 bytes
 docs/index.html            | 402 ++++++++++++++++++-------------------
 4 files changed, 226 insertions(+), 201 deletions(-)

diff --git a/cache/Nsfocus.dat b/cache/Nsfocus.dat
index 600b6ce27a9..807c86eb4ae 100644
--- a/cache/Nsfocus.dat
+++ b/cache/Nsfocus.dat
@@ -172,3 +172,18 @@ d5d74693004e91fa2fcd4600fbc591bf
 3ae96955ad5b624d5bf9a1a28f2d6eb1
 00fda14f85002f77fc5e8d577e220efb
 4d26bb7bce33b21d8ed4df67ba0d3276
+fcff00dad423fe62de23498dc7be156a
+451236015ab44a80fbeee9bccee45b3c
+3180309a7dd86cafb50d74abb2e11a79
+0b918ce56dfb3886b39f434918f7f366
+1082c92bd9dff774134bda36e240d5a6
+eb73c2e846556015f93923edf29bb83e
+957728602670464b06740645a81bfa4a
+6d99757da01bc88a4f709cb84ed5e797
+cfa05fba505475c3e4f87d459449eda6
+2c87fb2e78c6c493a639abd1b2fdaf67
+b7dcdc95cc91007803f1185d59a60e78
+d93f116334e7eed6cd30b2c8a0509965
+fdfef862e80cbb87b4a50bf2be511692
+19e6e853d0e1499459bcd820954e47a5
+64be1d780362beab8c3bd3d699f86806
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
index 97a754dd194..157baa3d547 100644
--- a/cache/Tenable (Nessus).dat	
+++ b/cache/Tenable (Nessus).dat	
@@ -119,3 +119,13 @@ ee3c810659329ef882690160844749ec
 1633b91171a10eeba66b0ff69ba24096
 363483f60d55ba975abdec6d19f1fcf7
 0648fe87a6a990e03e509e337e14d07e
+63be19dd5c2ac0d998aecc0f2b360595
+f074be0aa58e350379f4e222e2700483
+75986f605b84dd9825845acfa78a834f
+3747ddcbf9fff8ab932954af9425ea8c
+59531298dd12d428d857d43c4c6d90d7
+a2bb0ed948c3ac86b9fd26b12613b33c
+dc64be93961a7abceb14e1de242eebb4
+9fb2022af2d8f5ca72ef649a55b0c402
+06ac2c83c73ee3caa77ef64a11616906
+2d3d3e57c37f5f8043214b162569e9a4
diff --git a/data/cves.db b/data/cves.db
index 816c19ef86a75a4b3965b7eec75de7d622d20955..279ab4a7e4c66c2ffd72953a4915bf92b6c8da14 100644
GIT binary patch
delta 7900
zcmeI$cYG9Ow+C=`HiQHS5IV#%C@qk{?9?3)A@oj=qJo$+von*dCfTrAisjWrI0S5<
zsH=bsD)xd6P*DSR#RB$@AVrM@djoxc123QZg6Q?1d++Do&;8>IpOiVzGv_(a^PEl1
zs%0H(YL<6glGk`+qefEs72?3q##&+uF$qjzrVOUWOqongn6j9%nVK>+V`|Qn!_<PQ
zB~vS=T&C7cZJ63JwPR|})PboZQzxd*OnFSlFdfTu9MkbkB2yQp6PQk9>dMrOsXJ2-
zrk+gsOud+TGZiouGWB8V%Oo*Hm}Dk}NoCTQbS8r-%49P2W9rXz64L;tlbHrG4Pq){
z8q73=X(-b$rr}H@m_{;<Vj9gfhG{I*IHvJT6PSvbCNiDEG>K_4(-fwuOs6uP#&kN<
zG^XiHXE4oRI+Lk{3Hh;@Y^E5K!{jn~Or=a^OmU{On9gP@XR2VTWJ)kqG0kL3GF3CB
zm}W7}W}3q^m+2g)bD7R#I-ltuOcyX+$W+5r%XAUbJf`_f%(Q^1j%gv&BBqO(E@8Tq
z=`yCvnHDoGVY-6pN~WbuS2119bPZFQ=~|}in3gduXIjB@J=01ipJ^4-4NNyO-Ndw-
z>1L)|m~Lgdjp=r#JDBcdx{K*<rhAyyFx|^^AJhFz4=_E*w3cZd(|V?dm>y<&glPlQ
zqfC!6J<e3mw2^5O(-TZjGCjrgG}ALo&oVv7^gPoGOq-crWO|9|Wu{k{wlHmFdX?!l
zrq`L?V0x43EvC1b-eG!|={=_RnLc3pkZBv!M@-w9b})U+w3BHU({83cOrJ1)%Jdmi
z1JmbBUod^i^cB-yrmva4VfvQoJErfMeqj2M=_jV2nSNpVm1!T-ex~1;eqThP%P0f_
zgdqbOLnbtVEXanY&<vVG4zz%l&<b*)HMD`Y&<@%|2j~c$pflvbF>ov#2gid5UEl;b
z5xPP*=ng%gC*(sf=nVx>2z{V0NDu)T6i`6}9Sn$q3H_iyoCE{lWEcp8pa=%T5Eu%>
zU^t9`kuVBI!x$I~<6t~YfMS>kr@$nb3{zk#oC>GG=`anZ!x=CG&V&*O@^66+F>t^I
z4@#j7;&2w64dqY)m5_icm<dU!h7`<#*)Rv@!Z~m*oCoK_Ki~qm5Ne<nE`oV59~c%u
z9V~=Ja4}p0m%?RmIV^@Ha0OfmOW`WG8m@sfTnpF1GFT2P;CfgIKCFTp;6}I!R>RG3
z3)~8~!R>Gd+zEHV-Ea@AfqUUTxE~&X2VpI&gZ1zbJPeP(26z-6gU6vBHo_)&0-l7Y
z;AwaUo`vV&d3XUf!;A0|ybQ0v7T5}}!fWt4ya8{*Tktl#1Mk9n@IHJ1AHp{H2)4rx
z_!xG=F4zrw;1l>1K7$7M9KL`r;Vak+U&A->Eqn*x!w>Ky`~*M4FYqhugZ=Ou{2p3F
z0=7R05QYqB44KdbvLG9pLNjO%InV-HLMzCH*3bspLOW;=9iSt0g3gc!$H1|092^fK
zbb%A#MCc0LpgZ({o{$f{pf?miA@qU1AVCCVP(TF@bTA+aCiH{;a1soFlVKnXf+83U
zLtrQjgW)g&M#3l<4P#&|jDzto0g7QFoC1?zGE9M~a4MVzr^7Uu4rjm&I1@@B$iD?P
z#J~X;JSc@Sh{IWMHk3mJR6+u(U?wD?8d5L|X2Tqq3+KSOa2}iw|9}hNLa2dSxCrLK
zd|+4rb+8Z?!NqV1Tnd-L<**o*z!h*MEQPD!YPbf{a4lR1%V0UIfa_r;_^=9YfE(c^
zSPeJBEpRK`2Dif<a3|aacf&of2JVIX;C^@j9)z{94%Wj%@Gv|A8{koR3?7Gi*a(~8
z33w8of~Vmbcov?6=ivp|3@^e<@G`stTVN}^3a`QI@CLjIZ^7H}4!jHR!Taz5d<fg%
zBiIf*;A7YcyI?o$fluI5_zW80bNB+jgs)&Pd=1~gx9}Z&4?n<<@DuzDzre4s5B9@v
z@Vl^x!r1;GKo~N@k5S|B>XNJ<vj;W`dgS`%`1+Gjy2hHGS>Jlq=ulykbn&2^&TXW#
zxxvJ5oW%_q{)=-%pT(2ojl=bm<C)=m+pC=#o!6*kyu}+WigNts`<qX1_HeV~n$~7N
zn|(}Hyve#IVrEU_j~b87xGST5_<Ui9Ffw$1sC8Oeb@Gt$wXG2=Yh0)NF-p!9$5gyX
zL{}8mHC)%xV~!%(ax7{|nq-=~wr4~Ap5^|Ksly6oNmdIr*;I|OZbhPU?9ig(e*MOe
zNax-uwDbME%y4GN@bBC5y^ue}R3d6^9yb&Qqs+i4w&BE_n5o5LW<-*Vs1ytu)f~;V
zbjdZMM~tFIOhY=gXvBnFtC#J*>+zkB+`4ON?bTcN=lL`<Go0-|fKhr3#VA^BE;kee
zqm05Rn6}~BGUCPbm})APu9%kXL~Pk}EKfHM8$~Hp%!rZR6dG`RQ@om1C`AgTf4#sc
zgw|`@aYOGQ^hAV?c}R$7TbiV)h89y?)r%UAs+p>4x{jqE7FsO~ULX>@fPdGvZ9<nO
ze~4}b(R&?=t~;h_Xoh1+5jz%*TB>JAX3UPNuA{kzdHBQ+MwkC8dNhche<-@C8HOCy
zC0RElRab3EH&jViH7gpiJxjHYGI!<AqE{d@W{~urhm!8vh7yzAsH$t4E=4rYR7_cM
z9ZxoGJF2)xMvq2KeOw~pl)Il^b=@ax*6d!laChyRJy-d=7cSZT=;GZEt~|<W$Wl;F
zJ%TZVa*9Y%IcCbXV>+H^7-~dOZO2k{S5_rQJKAdK=7BfblK-gC<KK&Dys5~M+LqkV
zJ%~LFu_fD#L}RX|JD#mXqq?n_o~o$$re}DHe&k9=BB=GrrwmCXU2*7CKUA<c)cz04
zEz805yB(Uo62S(LOv`Ybs2;OCTaz3^wQQ7bBw`unktvIqx^eXBW2ebV5WDN4*s2zh
zm0%q#TUD*7<k_z4nszMax~gU?u|LK()FAd>?X+PSMGY4H#9)+Qr+G2YlO)G-R9W#{
zU3Od<DT+EV!*(N@et1b8+-asibL;y;8-K>youL+oXD9>lwfc2+nc>k{?Q(D|HVN5{
zT2{9Bu*K-??=s86OG4{&rT52$3g_qJFl;)mu*W<_nWvN}hKdx%Y|r#OFKXEcV`{49
znX0V0mcQxLtwLUAG^!bs%lz%bzZW{Ee{FGX>vXFL`<nV~ZtE7(eCgS&P+x!J;0Hsx
zzjs>4P)6&2?Nm|H`$e>Vk?7xgv}Woyp?f44i6?P`8q9G13}ya|5<@eix~EGT_Oj!c
zQCW*(-{CMZqE=M#BbR(D<h3((1;e=F5G&=DCX(lf#fj=vTAFxf=k%6)%CbXd`lFnM
zUHn$Ucwwu*>g9_=8D0K3%fI>fmZukox+-d6FlJp7Zcu``F343D<d%4nq1vuwSz6Rp
zG)XZ~_pU6<u53t>nl73?q*Gq-pow(4;-o|@Zk3CtBw}Z~DRD>5Qa`fuccFvd`NoTd
z?*6Kb4~4PP9M?^iRJ*BEyt1^qq}rP8_RJTpN=Hl`{*zf%4qm-yzW;UZP9fq~O?y{p
z>_0i`eWA=>vi2+?!|%H-9Ln^IZ)zKA-t#|Bhksk6|GD}2Gj9Dw=!P9?8Ve_KgB;|u
zZn{!8y+l{A7fi>|VzL#JaKc9|Hx`pT*~b3VmWRFw=XJt0C;w;J9KKvSBiyp>fqW+q
zq`S~7Pgp@x{jHzAA*g=ewtIz+^-IF<3fZA<M=OoLTCBeteoN)gLhsP{V8+3D898)b
z;zDsFPH?5`vh7-SG^W^&;^?O7MfIq3wDVH?%ky$Hu9!$|Gj5QAAqE7;z3J+1R8t(u
zji{!HTi1>`QCY%fcU8kWvPV%3{A`?+JbQ{ibJr^2h~sz+!ppTe+|V}&Ulbf>j^|>o
zxWl9vt}Me=an0LUCs#vfWXgvfnMxsMpvmK`>Qur>hk6a~aCq<28sU}T49gHMZIts}
z_UD<8*0)-6edv6lZ=*&Fd!wgAh2+;MN}XbvXjUXywmjL1dRojfWY^PG)6z6simCp@
zx7G@I!y_`9v!F&sClVEtsuIZqyG`^GN%6o})&0cDu2ms+7st9*=`6QE9G*y|Y^%Jy
zKpYvA%Q^T_g>T*QS*TaKxW~jE;T<*C`Y%Vn6g0m+YddzD_3={SB%c=L3!5h%Q9TE?
z`hW4jAKmer@MWLiEf*j?(I7pnD6CjcET}EC6FM$M%Z|BrL`A9Ll9zoewOTmF-?%Is
zZY-*1ke*@5BvLXqQ7TT2yK~&6IQSg#)M9bOtfW7&^h2R%ddY=9wM=hxe`@US&{qn*
zl|G6%J8p?7JUgeV#5&8GTT+>*O2%iGxaG6)o$^F!iIbR9iM{5CMWc&O6D_~XbK64$
z{hCSZgpxi-OVxk#B+l>$?dcXe(I3>~aUnyBs^-ElHy8(wpd6(xr^J$NTXG#!#iq1k
z=w(dLk#!p-6;W)(&+YSykT=25O?{G^Dns3r#!)^MZiS8XB|Nd{v{93AD^<8jOPrL#
ziIb=li<1d)@T^jCaAH<v3RhJ!QJS<W3dAz28Z|kq((xk$ri42At8N(-%1tk^t)^pQ
z<#D$%C8iQ$%BrYB=s9tWX3cWqDG^B)V@da5?0DtThAa@Vu6PU;U*T`fUW88@CqJDh
zH1Wq@wmj6N^U)?*?IvftNq^8W!$NuKRVz==5D$)oX(Z!rbsw>4ZoK-yl#_0`YgN0B
ze_wrPp-snNR|N%87B4L;hm`AxUb!{L|N74AP<y}6{xYF=`GG5}I#E6=NJyVQ-bcp&
zXY=o8GwV<`{h9k76MFXzs&PIV6FsQndAZ8G+!D>yaAc#qbRseu&ZvVv%Tbk>8q=M$
zCC<ppQVY?0X@AnH<@&8k)`z<IHR~@99qUUY_6gZdT-077S?%ZMzaHw4zF@_>9gb}L
z{;X&GThZG32@KP%WiYGYE)cS^8Z{r3Ri9gRUg*d0dXc=$jKYNqH}pSn8T41``dczC
zO~uuWm|}RE7nM|eFj4J@E^E5!nttu3PlUXc8-#Gi)JSmL1wEoT$%<E|`iVoztkj6&
z$ps?*Q47SOMPtVn4l4+@tX+;zC2`N2RgF?D5R2WpZh19+!#%e&Ar_6o%`rEH>tR%d
zRq9*ou0wl%cj4#4@qVkZ#X^fvwcl*v_d@S<Rl|81{*$MFgPr&I{l3uj*pfINa7$8&
zlJdBnw9v91JRf7hj__x0cpF{Z{>+I&Gk=<^3&VW!AH%aX3rC|tEMBoF)Y!lO!jpuq
zWk=aN|3}_!#DOz8voKQEpBwrGtGr-{vS5fM=~fJXrch#r;<`%AvJ4}*^DQ(Q5#2B9
z)lTTVd{88u(MD5H&n|9oEOYV5VsTWZ=Wps#C-n5It{1{5`>kfI#npZ5oQs5<Y_UgG
zSyjB!OZY`k?L+FN0i)40KY<4NIKO7|KH&s^g>$En<*ylaqmb!~x3mmp`-Ar3b3{Q^
z(sf)fUWsFFwv~(r^-?Y3ln>6p>UhfSQ7s-kOZ$kE{rjHY5^Cdbp1UK|JPRv58$G+@
o?|puh&^}$$C6SS?n)hS#u17l$|2Mvfzp>ZnLf3;gYZ#01PlD3*EC2ui

delta 2948
zcmWmGRge$_6op}Sm!-R#rMnwJx?8#r%~H}OAa#JHyOowsg{7D7?nb&(LZ$qD_#W=-
zKXYd8(4q5^4P7`l+2oYL%Ogd~8#*PVRKW6KvI49?E69p$1zS<9s8%#9x)sBUX~nW)
zTXC$oRy-@dmB319C9)D*Nvxz+GAp^2!b)kSvQk@Vth82$mCj0UWw0_@nXJrK7Avcj
z&B|`&uyR_ttlU-}E3cK$%5N303R;D%!d4Nhs8!4=ZhdE!uu59rTcxbhRvD|TRn97J
zRj?{rm8{BE6|1UM&8lwIuxeVhtlCx`>j$f@RnMw#HLx05jjYC26RWA!%xZ46uv%L5
zX=Syx+E{I^c2;|<gVoUrwK`dytu9tqtDE(s)!pi0^|X3fy{$f0U#p+h-x^>Iw0^P%
zS%a-1*3Z^ZYnV0M8exsJY>l!;TVt#+YpgZS8gEUoCR&rM$<`EWsx{4;Zq2Y}TC=R#
z)*NfDHP4!F{bK!UEwC0^i>$@g5^Jfo%=*n*ZmqCZTC1$p)*5TAwa!{^ZLl_4o2=ih
zKdjBx7AxG^YHhQ&TRW_s)-G$e6=ChM_FDU_{ni2NpmoSPY#p(VTF0#8)(PvRb;>$z
zow3eZ=dAPA1?!@9$+~P^v94Oztn1bd>!x+fx^4Yw-LdXk_pJNY1M8vn$a-u&v7TDb
ztmoDX>!tO|dTqV2-dcZI@2vOM2kWEtxAl+pul33LY<;o5THnGHFhKzbL=Yk)7*P-v
z(GVRm5EHQw8*va9@em&gkPwNG7)g*6$&ef=kP@ko8flOgAxMYx$bgK<gv`i-tjLD!
z$bp>5h1|%4yvT?AD1d?}gu*C-q9}&q_zopd65pc~N}~+Qq8!Sj0xF^sDx(Ujq8h5B
z25O=fYNHN*KwZ>BeKbHrG(uxEK~pqCbF@H9{NKM7TB8lxq8-|!13DrUozNLw&=uYA
zBf6spdZHJ4qYwI`ANpee2I40S!e9)+&lrkf7>*Gb31bvSV+_JD7UM7;6EG2zFd0)Y
z71J;sGcXggFdK6)7xOS5zu;Faz(Op-Vl2T@EW>YDjulvmRalKRSc`R7j}6#}P52#u
zU^BKL99yvs+pz;Xu?xEqfj!uZeb|o!IEX_yj3YRTV>pfzIEhm@jWallb2yI+xQI)*
zj4QZ`Yq*XZxQSc1jX!Y*cX1E*@c<9;2#@guPw@=T@d7XL3a{}7Z}Au2;XOX!BmTxe
z_!pn>8DH=f-vYuE$ovtAAVfwmq97`wAv$6pCSoBr;vg>KAwCiyArc`mk{~IPAvsbY
zB~l?Z(jYBDkPhjQ0U41AnUMuqkqz0A138fkxseBXkq`M%00mJ9g;4}WQ4GcL9ZH}i
zzDFsPMj4bvIh02QR753IMio>=HB?6p)I=@RMjiZsx~PZxXn=-jgvMxsrf7!dXn~ga
zzke&VMjNz6JG4g!bVMjRp)<OmE4txFbVm>LL@)G4AM`~(^v3`U#7`K6!5D&{F%-iv
z93wCi#wd)&7=&Rg#$h}rU?L`AGNxcEreQi}U?yf^Hs)Y1=3zd5!LL|=g;<2eSc0Wk
zhTpIpE3gu)uo`Qy7VEGc8?X_Z@H_s%W^6$?wqhH$V+VF(7j`28d$1S#upb9-5QlIW
zM{pF!a2zLa5~pw)XK)tha2^+M5tncoS8x^Aa2+>r6Sr_1f8q}A;vVkf0UqKJ9^(m~
z;u)Uf1zzG6UgHhk;xD|zdwjr0{EdI`FFxTjzThjq1%@ez`6CcPh#a&_!9hz~Mtc{%
zUZnqj<cL_@j|0LJls;89N_gIdHA4a>H3$t3if9lTC1_oe)Ul&(i4-?9&c!%oVlRmG
qC05gz+hV4PF)aGw=&7QGMh%Z2@7}V&@DR0s9XVpl=qN!|qx}b={AoM@

diff --git a/docs/index.html b/docs/index.html
index fa015d77cad..d90862ceb4a 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2025-01-07 03:29:54 -->
+<!-- RELEASE TIME : 2025-01-07 09:25:40 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>63be19dd5c2ac0d998aecc0f2b360595</td>
+       <td>CVE-2024-9702</td>
+       <td>2025-01-07 06:15:18 <img src="imgs/new.gif" /></td>
+       <td>The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'socialrocket-floating' shortcode in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9702">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>f074be0aa58e350379f4e222e2700483</td>
+       <td>CVE-2024-9697</td>
+       <td>2025-01-07 06:15:18 <img src="imgs/new.gif" /></td>
+       <td>The Social Rocket – Social Sharing Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tweet_settings_save() and tweet_settings_update() functions in all versions up to, and including, 1.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update the plugin's settings.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9697">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>75986f605b84dd9825845acfa78a834f</td>
+       <td>CVE-2024-9638</td>
+       <td>2025-01-07 06:15:18 <img src="imgs/new.gif" /></td>
+       <td>The Category Posts Widget WordPress plugin before 4.9.18 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9638">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>3747ddcbf9fff8ab932954af9425ea8c</td>
+       <td>CVE-2024-8857</td>
+       <td>2025-01-07 06:15:18 <img src="imgs/new.gif" /></td>
+       <td>The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitise and escape some of its settings, which could allow high privilege users such as editors to perform Stored Cross-Site Scripting attacks.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8857">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>59531298dd12d428d857d43c4c6d90d7</td>
+       <td>CVE-2024-8855</td>
+       <td>2025-01-07 06:15:17 <img src="imgs/new.gif" /></td>
+       <td>The WordPress Auction Plugin WordPress plugin through 3.7 does not sanitize and escape a parameter before using it in a SQL statement, allowing editors and above to perform SQL injection attacks</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-8855">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>a2bb0ed948c3ac86b9fd26b12613b33c</td>
+       <td>CVE-2024-7696</td>
+       <td>2025-01-07 06:15:17 <img src="imgs/new.gif" /></td>
+       <td>Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for an authenticated malicious client to tamper with audit log creation in AXIS Camera Station, or perform a Denial-of-Service attack on the AXIS Camera Station server using maliciously crafted audit log entries. Axis has released a patched version for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-7696">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>dc64be93961a7abceb14e1de242eebb4</td>
+       <td>CVE-2024-12849</td>
+       <td>2025-01-07 06:15:17 <img src="imgs/new.gif" /></td>
+       <td>The Error Log Viewer By WP Guru plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.0.1.3 via the wp_ajax_nopriv_elvwp_log_download AJAX action. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12849">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>9fb2022af2d8f5ca72ef649a55b0c402</td>
+       <td>CVE-2024-12633</td>
+       <td>2025-01-07 06:15:17 <img src="imgs/new.gif" /></td>
+       <td>The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘page parameter in all versions up to, and including, 5.6.17 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12633">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>06ac2c83c73ee3caa77ef64a11616906</td>
+       <td>CVE-2024-12535</td>
+       <td>2025-01-07 06:15:17 <img src="imgs/new.gif" /></td>
+       <td>The Host PHP Info plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when including the 'phpinfo' function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to read configuration settings and predefined variables on the site's server. The plugin does not need to be activated for the vulnerability to be exploited.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12535">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>2d3d3e57c37f5f8043214b162569e9a4</td>
+       <td>CVE-2024-12471</td>
+       <td>2025-01-07 06:15:17 <img src="imgs/new.gif" /></td>
+       <td>The Post Saint: ChatGPT, GPT4, DALL-E, Stable Diffusion, Pexels, Dezgo AI Text & Image Generator plugin for WordPress is vulnerable to arbitrary files uploads due to a missing capability check and file type validation on the add_image_to_library AJAX action function in all versions up to, and including, 1.3.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files that make remote code execution possible.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-12471">详情</a></td>
+      </tr>
+
       <tr>
        <td>ee3c810659329ef882690160844749ec</td>
        <td>CVE-2024-20154</td>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-41765">详情</a></td>
       </tr>
 
-      <tr>
-       <td>9cdbf81955a5a2bf6a5a2c9d1fe1800d</td>
-       <td>CVE-2025-0201</td>
-       <td>2025-01-04 04:15:05</td>
-       <td>A vulnerability was found in code-projects Point of Sales and Inventory Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /user/update_account.php. The manipulation of the argument username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0201">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>4b87beb1a3e38ff8fc1724c0c3b8803e</td>
-       <td>CVE-2025-0200</td>
-       <td>2025-01-04 03:15:07</td>
-       <td>A vulnerability has been found in code-projects Point of Sales and Inventory Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /user/search_num.php. The manipulation of the argument search leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-0200">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>d0df659ee0ea3e4c12937fc1733651e0</td>
-       <td>CVE-2025-22390</td>
-       <td>2025-01-04 02:15:07</td>
-       <td>An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS due to insufficient enforcement of password complexity requirements. The application permits users to set passwords with a minimum length of 6 characters, lacking adequate complexity to resist modern attack techniques such as password spraying or offline password cracking.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-22390">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>501a24d4a69a334d430572046ee43951</td>
-       <td>CVE-2025-22389</td>
-       <td>2025-01-04 02:15:07</td>
-       <td>An issue was discovered in Optimizely EPiServer.CMS.Core before 12.32.0. A medium-severity vulnerability exists in the CMS, where the application does not properly validate uploaded files. This allows the upload of potentially malicious file types, including .docm .html. When accessed by application users, these files can be used to execute malicious actions or compromise users' systems.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-22389">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>6fe40196ecdc2e0949283269e83be9ef</td>
-       <td>CVE-2025-22388</td>
-       <td>2025-01-04 02:15:07</td>
-       <td>An issue was discovered in Optimizely EPiServer.CMS.Core before 12.22.0. A high-severity Stored Cross-Site Scripting (XSS) vulnerability exists in the CMS, allowing malicious actors to inject and execute arbitrary JavaScript code, potentially compromising user data, escalating privileges, or executing unauthorized actions. The issue exists in multiple areas, including content editing, link management, and file uploads.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-22388">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>44eac3b44a023d55d7d796b7c94ae573</td>
-       <td>CVE-2025-22387</td>
-       <td>2025-01-04 02:15:07</td>
-       <td>An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue exists in requests for resources where the session token is submitted as a URL parameter. This exposes information about the authenticated session, which can be leveraged for session hijacking.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-22387">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>c932818d037f1a535e49a3067c9661ce</td>
-       <td>CVE-2025-22386</td>
-       <td>2025-01-04 02:15:07</td>
-       <td>An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity session issue exists in the Commerce B2B application, affecting the longevity of active sessions in the storefront. This allows session tokens tied to logged-out sessions to still be active and usable.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-22386">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>71db7134a13a57178e6768787426bfaa</td>
-       <td>CVE-2025-22385</td>
-       <td>2025-01-04 02:15:07</td>
-       <td>An issue was discovered in Optimizely Configured Commerce before 5.2.2408. For newly created accounts, the Commerce B2B application does not require email confirmation. This medium-severity issue allows the mass creation of accounts. This could affect database storage; also, non-requested storefront accounts can be created on behalf of visitors.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-22385">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>7d7d6d5787efebf8a08fa7118a91e966</td>
-       <td>CVE-2025-22384</td>
-       <td>2025-01-04 02:15:06</td>
-       <td>An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity issue concerning business logic exists in the Commerce B2B application, which allows storefront visitors to purchase discontinued products in specific scenarios where requests are altered before reaching the server.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-22384">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>9f70458c56528da693544887754b2d73</td>
-       <td>CVE-2025-22383</td>
-       <td>2025-01-04 02:15:06</td>
-       <td>An issue was discovered in Optimizely Configured Commerce before 5.2.2408. A medium-severity input validation issue exists in the Commerce B2B application, affecting the Contact Us functionality. This allows visitors to send e-mail messages that could contain unfiltered HTML markup in specific scenarios.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2025-22383">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>
@@ -1987,6 +1987,126 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>fcff00dad423fe62de23498dc7be156a</td>
+       <td>CVE-2023-39179</td>
+       <td>2025-01-07 09:23:32 <img src="imgs/new.gif" /></td>
+       <td>Linux kernel越界读取漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/109325">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>451236015ab44a80fbeee9bccee45b3c</td>
+       <td>CVE-2024-41974</td>
+       <td>2025-01-07 09:23:32 <img src="imgs/new.gif" /></td>
+       <td>WAGO多款产品权限分配错误漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/109324">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>3180309a7dd86cafb50d74abb2e11a79</td>
+       <td>CVE-2024-41967</td>
+       <td>2025-01-07 09:23:32 <img src="imgs/new.gif" /></td>
+       <td>WAGO多款产品身份认证错误漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/109323">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>0b918ce56dfb3886b39f434918f7f366</td>
+       <td>CVE-2024-11314</td>
+       <td>2025-01-07 09:23:32 <img src="imgs/new.gif" /></td>
+       <td>TRCore DVC路径遍历漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/109322">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>1082c92bd9dff774134bda36e240d5a6</td>
+       <td>CVE-2024-41969</td>
+       <td>2025-01-07 09:23:32 <img src="imgs/new.gif" /></td>
+       <td>WAGO多款产品身份认证错误漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/109321">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>eb73c2e846556015f93923edf29bb83e</td>
+       <td>CVE-2024-48896</td>
+       <td>2025-01-07 09:23:32 <img src="imgs/new.gif" /></td>
+       <td>Moodle错误消息生成漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/109320">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>957728602670464b06740645a81bfa4a</td>
+       <td>CVE-2024-41973</td>
+       <td>2025-01-07 09:23:32 <img src="imgs/new.gif" /></td>
+       <td>WAGO多款产品路径遍历漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/109319">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>6d99757da01bc88a4f709cb84ed5e797</td>
+       <td>CVE-2024-41972</td>
+       <td>2025-01-07 09:23:32 <img src="imgs/new.gif" /></td>
+       <td>WAGO多款产品路径遍历漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/109318">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>cfa05fba505475c3e4f87d459449eda6</td>
+       <td>CVE-2024-41971</td>
+       <td>2025-01-07 09:23:32 <img src="imgs/new.gif" /></td>
+       <td>WAGO多款产品路径遍历漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/109317">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>2c87fb2e78c6c493a639abd1b2fdaf67</td>
+       <td>CVE-2023-39176</td>
+       <td>2025-01-07 09:23:32 <img src="imgs/new.gif" /></td>
+       <td>Linux kernel越界读取漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/109316">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>b7dcdc95cc91007803f1185d59a60e78</td>
+       <td>CVE-2024-41970</td>
+       <td>2025-01-07 09:23:32 <img src="imgs/new.gif" /></td>
+       <td>WAGO多款产品权限分配错误漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/109315">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>d93f116334e7eed6cd30b2c8a0509965</td>
+       <td>CVE-2024-52947</td>
+       <td>2025-01-07 09:23:32 <img src="imgs/new.gif" /></td>
+       <td>LemonLDAP::NG跨站脚本漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/109314">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>fdfef862e80cbb87b4a50bf2be511692</td>
+       <td>CVE-2023-49952</td>
+       <td>2025-01-07 09:23:32 <img src="imgs/new.gif" /></td>
+       <td>Mastodon跨站脚本漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/109313">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>19e6e853d0e1499459bcd820954e47a5</td>
+       <td>CVE-2024-47820</td>
+       <td>2025-01-07 09:23:32 <img src="imgs/new.gif" /></td>
+       <td>MarkUs路径遍历漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/109312">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>64be1d780362beab8c3bd3d699f86806</td>
+       <td>CVE-2024-11315</td>
+       <td>2025-01-07 09:23:32 <img src="imgs/new.gif" /></td>
+       <td>TRCore DVC路径遍历漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/109311">详情</a></td>
+      </tr>
+
       <tr>
        <td>8b05f845bf12351ae917c4c131ef24fb</td>
        <td>CVE-2024-52920</td>
@@ -2107,126 +2227,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/109269">详情</a></td>
       </tr>
 
-      <tr>
-       <td>5ed48df48c1de6d8716a55d4856da6ee</td>
-       <td>CVE-2024-10875</td>
-       <td>2025-01-03 09:22:11</td>
-       <td>WordPress Gallery Manager Plugin跨站脚本漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/109250">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>3b4af430efb262f6e7e1f95f488d959f</td>
-       <td>CVE-2024-10883</td>
-       <td>2025-01-03 09:22:11</td>
-       <td>WordPress SimpleForm – Contact form made simple Plugin跨站脚本漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/109249">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>07f43f2cdca4ed53bdc629ff5e1cc2f8</td>
-       <td>CVE-2024-10884</td>
-       <td>2025-01-03 09:22:11</td>
-       <td>WordPress SimpleForm Contact Form Submissions Plugin跨站脚本漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/109248">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>71f675afbf7537ca883bd9ca11867a14</td>
-       <td>CVE-2024-10533</td>
-       <td>2025-01-03 09:22:11</td>
-       <td>WordPress WP Chat App Plugin未授权插件安装漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/109247">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>a395898fa4fbf109c5b5edc1c733690b</td>
-       <td>CVE-2024-10262</td>
-       <td>2025-01-03 09:22:11</td>
-       <td>WordPress Drop Shadow Boxes Plugin任意短代码执行漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/109246">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>96db2fb57dbba7a435de8cedbc9109a6</td>
-       <td>CVE-2024-10147</td>
-       <td>2025-01-03 09:22:11</td>
-       <td>WordPress Steel Plugin跨站脚本漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/109245">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>a2c5b1dd679fc3b351286b9062fd2632</td>
-       <td>CVE-2024-10017</td>
-       <td>2025-01-03 09:22:11</td>
-       <td>WordPress PJW Mime Config Plugin跨站脚本漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/109244">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>54c30a0d44f1e0f7c9bf2ff2e8a7c978</td>
-       <td>CVE-2024-10015</td>
-       <td>2025-01-03 09:22:11</td>
-       <td>WordPress ConvertCalculator for WordPress Plugin跨站脚本漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/109243">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>ea199bb9e3bb29ef9f8dbf549eb5f1c8</td>
-       <td>CVE-2024-10861</td>
-       <td>2025-01-03 09:22:11</td>
-       <td>WordPress Popup Box Plugin未授权数据修改漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/109242">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>e12d482f8e75ea73a5806cf8b4824249</td>
-       <td>CVE-2024-11085</td>
-       <td>2025-01-03 09:22:11</td>
-       <td>WordPress WP Log Viewer Plugin未授权功能使用漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/109241">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>8617903f91230ae7643974f8c620de58</td>
-       <td>CVE-2024-10795</td>
-       <td>2025-01-03 09:22:11</td>
-       <td>WordPress Popularis Extra Plugin信息泄露漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/109240">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>f02927cbab6877f4bc697c3c3d34679a</td>
-       <td>CVE-2024-10786</td>
-       <td>2025-01-03 09:22:11</td>
-       <td>WordPress Simple Local Avatars Plugin未授权数据修改漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/109239">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>d71012456d73c5082b7f3c24bc1f7b6c</td>
-       <td>CVE-2024-6628</td>
-       <td>2025-01-03 09:22:11</td>
-       <td>WordPress EleForms Plugin跨站请求伪造漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/109238">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>5d2941596dc45ef440eb44008e14570a</td>
-       <td>CVE-2024-9192</td>
-       <td>2025-01-03 09:22:11</td>
-       <td>WordPress Video Robot - The Ultimate Video Importer Plugin权限提升漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/109237">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>f66bf883487750683319dc18a7fbd3d6</td>
-       <td>CVE-2024-8873</td>
-       <td>2025-01-03 09:22:11</td>
-       <td>WordPress PeproDev WooCommerce Receipt Uploader Plugin跨站脚本漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/109236">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>