Updated by Github Bot

EXP-Tools · Nov 25, 2024 · 2cfd30e · 2cfd30e
1 parent 3f9a598
commit 2cfd30e
Show file tree

Hide file tree

Showing 3 changed files with 102 additions and 87 deletions.
diff --git a/cache/Nsfocus.dat b/cache/Nsfocus.dat
@@ -105,3 +105,18 @@ c1104e121dedd93008ec08ec6d99ead2
 2582f2f830bccde9b8335adc68d16c6a
 5cb8905bf02711857d8047922e64a66f
 9c40576dc6b23a4860b784361f146cf1
+caadcc05c1989a087e6db4fc6e8253f8
+b330203da07b0eb590da57ad5678c3cf
+a7c420f4d7cf17b006a54a151b0f3595
+924b4ba551fad3642be6b2e804bb472c
+38581a23d63e63403f15028f1610c49e
+2d4edd918ce1ca3dc9e82719be1b071d
+2854d8150ae02684543f313a8963619b
+0e56769fcaf815af6d808232aee51fd9
+ca02ac81b19cd0cddddfcbdd3690cdfd
+4d963cb9b306d566e111a67cb1e792e6
+a271b99ab7121de68330567567375694
+0db2cc897276c86e072bd6cf5d307191
+a8c356386402871a9f587e9a452afa6b
+3ed137719ee4b0d107ce01cbe2f52365
+1a658c7b99bbcd91fae75f04ba20b368
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-11-24 12:42:49 -->
+<!-- RELEASE TIME : 2024-11-25 03:36:30 -->
 <html lang="zh-cn">
 
  <head>
@@ -286,87 +286,87 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       <tr>
        <td>7cf182d7dfaf5be3a714a67d8476d761</td>
        <td>CVE-2024-9941</td>
-       <td>2024-11-23 07:38:07 <img src="imgs/new.gif" /></td>
+       <td>2024-11-23 07:38:07</td>
        <td>The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the MJ_gmgt_add_staff_member() function in all versions up to, and including, 67.1.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to create new user accounts with the administrator role.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9941">详情</a></td>
       </tr>
 
       <tr>
        <td>0af5445422ab6764bf54061a07e955bd</td>
        <td>CVE-2024-9659</td>
-       <td>2024-11-23 07:38:07 <img src="imgs/new.gif" /></td>
+       <td>2024-11-23 07:38:07</td>
        <td>The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_user_avatar_image_upload() function in all versions up to, and including, 91.5.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9659">详情</a></td>
       </tr>
 
       <tr>
        <td>5054c6ddf6ddeb68ca5e05444b88ac19</td>
        <td>CVE-2024-9942</td>
-       <td>2024-11-23 07:38:06 <img src="imgs/new.gif" /></td>
+       <td>2024-11-23 07:38:06</td>
        <td>The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the MJ_gmgt_user_avatar_image_upload() function in all versions up to, and including, 67.1.0. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9942">详情</a></td>
       </tr>
 
       <tr>
        <td>e6b8002cb5ae32707c799f07b2d9205e</td>
        <td>CVE-2024-9511</td>
-       <td>2024-11-23 07:38:05 <img src="imgs/new.gif" /></td>
+       <td>2024-11-23 07:38:05</td>
        <td>The FluentSMTP – WP SMTP Plugin with Amazon SES, SendGrid, MailGun, Postmark, Google and Any SMTP Provider plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.2.82 via deserialization of untrusted input in the 'formatResult' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. The vulnerability was partially patched in version 2.2.82.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9511">详情</a></td>
       </tr>
 
       <tr>
        <td>0a29dabfcf6574494793f93d3bfff212</td>
        <td>CVE-2024-9660</td>
-       <td>2024-11-23 07:38:03 <img src="imgs/new.gif" /></td>
+       <td>2024-11-23 07:38:03</td>
        <td>The School Management System for Wordpress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the mj_smgt_load_documets_new() and mj_smgt_load_documets() functions in all versions up to, and including, 91.5.0. This makes it possible for authenticated attackers, with Student-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9660">详情</a></td>
       </tr>
 
       <tr>
        <td>2d6b9cccf49c2a0bd5fbbf159c3678a9</td>
        <td>CVE-2024-9635</td>
-       <td>2024-11-23 06:54:54 <img src="imgs/new.gif" /></td>
+       <td>2024-11-23 06:54:54</td>
        <td>The Checkout with Cash App on WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the '_wp_http_referer' parameter in several files in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-9635">详情</a></td>
       </tr>
 
       <tr>
        <td>934bb8c7462f1e55c43359863405ab50</td>
        <td>CVE-2024-11446</td>
-       <td>2024-11-23 06:54:53 <img src="imgs/new.gif" /></td>
+       <td>2024-11-23 06:54:53</td>
        <td>The Chessgame Shizzle plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'cs_nonce' parameter in all versions up to, and including, 1.3.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11446">详情</a></td>
       </tr>
 
       <tr>
        <td>ef48c3d67afee75497134f509e35a1bb</td>
        <td>CVE-2024-11330</td>
-       <td>2024-11-23 06:54:49 <img src="imgs/new.gif" /></td>
+       <td>2024-11-23 06:54:49</td>
        <td>The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg & remove_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.3.0. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11330">详情</a></td>
       </tr>
 
       <tr>
        <td>5a8bb5df857fa16e7071e4dc822400ff</td>
        <td>CVE-2024-11188</td>
-       <td>2024-11-23 05:40:11 <img src="imgs/new.gif" /></td>
+       <td>2024-11-23 05:40:11</td>
        <td>The Formidable Forms – Contact Form Plugin, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress is vulnerable to POST-Based Reflected Cross-Site Scripting via the Custom HTML Form parameters in all versions up to, and including, 6.16.1.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11188">详情</a></td>
       </tr>
 
       <tr>
        <td>b688fdc46d864b07a4ba6049b4bcd0a1</td>
        <td>CVE-2024-11426</td>
-       <td>2024-11-23 04:32:22 <img src="imgs/new.gif" /></td>
+       <td>2024-11-23 04:32:22</td>
        <td>The AutoListicle: Automatically Update Numbered List Articles plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'auto-list-number' shortcode in all versions up to, and including, 1.2.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11426">详情</a></td>
       </tr>
 
       <tr>
        <td>20f9a755b404dbb1c0dc76f18a615bfe</td>
        <td>CVE-2024-11586</td>
-       <td>2024-11-23 02:05:58 <img src="imgs/new.gif" /></td>
+       <td>2024-11-23 02:05:58</td>
        <td>Ubuntu's implementation of pulseaudio can be crashed by a malicious program if a bluetooth headset is connected.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-11586">详情</a></td>
       </tr>
@@ -2108,123 +2108,123 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       </tr>
 
       <tr>
-       <td>cb6aea0071b7a39741788c4fb57cba5b</td>
-       <td>CVE-2020-11850</td>
-       <td>2024-11-25 03:30:34 <img src="imgs/new.gif" /></td>
-       <td>OpenText Self Service Password Reset跨站脚本漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/106270">详情</a></td>
+       <td>caadcc05c1989a087e6db4fc6e8253f8</td>
+       <td>CVE-2024-49675</td>
+       <td>2024-11-25 03:34:23 <img src="imgs/new.gif" /></td>
+       <td>WordPress plugin iBryl Switch User认证绕过漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/106499">详情</a></td>
       </tr>
 
       <tr>
-       <td>770d478ba8e0f37d04724782037a69d1</td>
-       <td>CVE-2024-37008</td>
-       <td>2024-11-25 03:30:34 <img src="imgs/new.gif" /></td>
-       <td>Autodesk Revit基于栈的缓冲区溢出漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/106269">详情</a></td>
+       <td>b330203da07b0eb590da57ad5678c3cf</td>
+       <td>CVE-2024-47904</td>
+       <td>2024-11-25 03:34:23 <img src="imgs/new.gif" /></td>
+       <td>Siemens InterMesh 7177和Siemens InterMesh命令执行漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/106498">详情</a></td>
       </tr>
 
       <tr>
-       <td>49cb105a55db96d7875934cc7d8f2010</td>
-       <td>CVE-2023-49198</td>
-       <td>2024-11-25 03:30:34 <img src="imgs/new.gif" /></td>
-       <td>Apache SeaTunnel信息泄露漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/106268">详情</a></td>
+       <td>a7c420f4d7cf17b006a54a151b0f3595</td>
+       <td>CVE-2024-47575</td>
+       <td>2024-11-25 03:34:23 <img src="imgs/new.gif" /></td>
+       <td>Fortinet FortiManager访问控制错误漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/106497">详情</a></td>
       </tr>
 
       <tr>
-       <td>6b32df25960aadfcdf8b712f6a2ee707</td>
-       <td>CVE-2023-22576</td>
-       <td>2024-11-25 03:30:34 <img src="imgs/new.gif" /></td>
-       <td>Dell Repository Manager本地权限提升漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/106267">详情</a></td>
+       <td>924b4ba551fad3642be6b2e804bb472c</td>
+       <td>CVE-2024-49370</td>
+       <td>2024-11-25 03:34:23 <img src="imgs/new.gif" /></td>
+       <td>Pimcore信息泄露漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/106496">详情</a></td>
       </tr>
 
       <tr>
-       <td>185d7a461bb56ebfdb136c3074b93b14</td>
-       <td>CVE-2024-7854</td>
-       <td>2024-11-25 03:30:34 <img src="imgs/new.gif" /></td>
-       <td>WordPress插件Woo Inquiry SQL注入漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/106266">详情</a></td>
+       <td>38581a23d63e63403f15028f1610c49e</td>
+       <td>CVE-2024-10290</td>
+       <td>2024-11-25 03:34:23 <img src="imgs/new.gif" /></td>
+       <td>ZZCMS信息泄露漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/106495">详情</a></td>
       </tr>
 
       <tr>
-       <td>fc6732cd537d4949db843a1f57a662f0</td>
-       <td>CVE-2024-7651</td>
-       <td>2024-11-25 03:30:34 <img src="imgs/new.gif" /></td>
-       <td>WordPress插件App Builder有限SQL注入漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/106265">详情</a></td>
+       <td>2d4edd918ce1ca3dc9e82719be1b071d</td>
+       <td>CVE-2024-10283</td>
+       <td>2024-11-25 03:34:23 <img src="imgs/new.gif" /></td>
+       <td>Tenda缓冲区溢出漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/106494">详情</a></td>
       </tr>
 
       <tr>
-       <td>0e40a1a31f88e929617a398dff784790</td>
-       <td>CVE-2024-7647</td>
-       <td>2024-11-25 03:30:34 <img src="imgs/new.gif" /></td>
-       <td>WordPress插件OTA Sync Booking Engine Widget跨站请求伪造漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/106264">详情</a></td>
+       <td>2854d8150ae02684543f313a8963619b</td>
+       <td>CVE-2024-50050</td>
+       <td>2024-11-25 03:34:23 <img src="imgs/new.gif" /></td>
+       <td>Meta Llama Llama Stack远程代码执行漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/106493">详情</a></td>
       </tr>
 
       <tr>
-       <td>6b022e6d47ab8aac3f3876957d59c406</td>
-       <td>CVE-2024-7998</td>
-       <td>2024-11-25 03:30:34 <img src="imgs/new.gif" /></td>
-       <td>Octopus Server Cookie使用错误过期时间漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/106263">详情</a></td>
+       <td>0e56769fcaf815af6d808232aee51fd9</td>
+       <td>CVE-2024-10280</td>
+       <td>2024-11-25 03:34:23 <img src="imgs/new.gif" /></td>
+       <td>Tenda多款产品存在代码问题漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/106492">详情</a></td>
       </tr>
 
       <tr>
-       <td>4b951bf11171b68468c1d3c493b0c35c</td>
-       <td>CVE-2024-5335</td>
-       <td>2024-11-25 03:30:34 <img src="imgs/new.gif" /></td>
-       <td>WordPress插件Ultimate Store Kit PHP对象注入漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/106262">详情</a></td>
+       <td>ca02ac81b19cd0cddddfcbdd3690cdfd</td>
+       <td>CVE-2024-10250</td>
+       <td>2024-11-25 03:34:23 <img src="imgs/new.gif" /></td>
+       <td>WordPress plugin Nioland跨站脚本漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/106491">详情</a></td>
       </tr>
 
       <tr>
-       <td>6af3fbe5d64ca5cf96ebcd47fa183832</td>
-       <td>CVE-2024-6339</td>
-       <td>2024-11-25 03:30:34 <img src="imgs/new.gif" /></td>
-       <td>WordPress主题Phlox PRO反射型跨站脚本漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/106261">详情</a></td>
+       <td>4d963cb9b306d566e111a67cb1e792e6</td>
+       <td>CVE-2024-10041</td>
+       <td>2024-11-25 03:34:23 <img src="imgs/new.gif" /></td>
+       <td>Linux Linux-pam命令执行漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/106490">详情</a></td>
       </tr>
 
       <tr>
-       <td>79f6ab7f554c8dcef937b7babac593a4</td>
-       <td>CVE-2024-7629</td>
-       <td>2024-11-25 03:30:34 <img src="imgs/new.gif" /></td>
-       <td>WordPress视频插件Responsive存储型跨站脚本漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/106260">详情</a></td>
+       <td>a271b99ab7121de68330567567375694</td>
+       <td>CVE-2024-49653</td>
+       <td>2024-11-25 03:34:23 <img src="imgs/new.gif" /></td>
+       <td>WordPress plugin Portfolleo文件无限制上传漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/106489">详情</a></td>
       </tr>
 
       <tr>
-       <td>ecff4bdb9561d6a89d2c3e45771f245e</td>
-       <td>CVE-2024-7390</td>
-       <td>2024-11-25 03:30:34 <img src="imgs/new.gif" /></td>
-       <td>WordPress插件WP Testimonial Widget未授权数据修改漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/106259">详情</a></td>
+       <td>0db2cc897276c86e072bd6cf5d307191</td>
+       <td>CVE-2024-49657</td>
+       <td>2024-11-25 03:34:23 <img src="imgs/new.gif" /></td>
+       <td>WordPress plugin 3D Work In Progress缺少授权漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/106488">详情</a></td>
       </tr>
 
       <tr>
-       <td>4d8ba8452ee0e04c237766dd6f29d784</td>
-       <td>CVE-2024-45242</td>
-       <td>2024-11-22 09:24:20</td>
-       <td>EnGenius ENH1350EXT命令执行漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/106258">详情</a></td>
+       <td>a8c356386402871a9f587e9a452afa6b</td>
+       <td>CVE-2024-49676</td>
+       <td>2024-11-25 03:34:23 <img src="imgs/new.gif" /></td>
+       <td>WordPress plugin Custom Icons for Elementor代码问题漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/106487">详情</a></td>
       </tr>
 
       <tr>
-       <td>fb6ef77fd43b58da25f1b8f830cec2c9</td>
-       <td>CVE-2024-6814</td>
-       <td>2024-11-22 09:24:20</td>
-       <td>NETGEAR ProSAFE Network Management System SQL注入漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/106257">详情</a></td>
+       <td>3ed137719ee4b0d107ce01cbe2f52365</td>
+       <td>CVE-2024-49684</td>
+       <td>2024-11-25 03:34:23 <img src="imgs/new.gif" /></td>
+       <td>WordPress plugin Backup and Staging by WP Time Capsule代码问题漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/106486">详情</a></td>
       </tr>
 
       <tr>
-       <td>7ea647e0658782efd486684c34638c6c</td>
-       <td>CVE-2024-48424</td>
-       <td>2024-11-22 09:24:20</td>
-       <td>assimp堆栈缓冲区溢出漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/106256">详情</a></td>
+       <td>1a658c7b99bbcd91fae75f04ba20b368</td>
+       <td>CVE-2024-49669</td>
+       <td>2024-11-25 03:34:23 <img src="imgs/new.gif" /></td>
+       <td>WordPress plugin INK Official代码问题漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/106485">详情</a></td>
       </tr>
 
      </tbody>