Skip to content

Commit

Permalink
Updated by Github Bot
Browse files Browse the repository at this point in the history
  • Loading branch information
Github-Bot committed Apr 15, 2024
1 parent e5ba80c commit 3e447a3
Show file tree
Hide file tree
Showing 4 changed files with 93 additions and 81 deletions.
2 changes: 2 additions & 0 deletions cache/RedQueen.dat
View file
Original file line number Diff line number Diff line change
Expand Up @@ -122,3 +122,5 @@ cc96f68cf2bfcf578d886579d983567f
c6fc0f1e11b594ee91e2af7ff115c3b6
f8aa964dcb4956c9baacad51d77f32bc
62f2b04710edcb61e6205b457d95317d
727168f026184cc424466bbecdef04bd
3a71226a12484d9d0e5a316e649805d8
10 changes: 10 additions & 0 deletions cache/Tenable (Nessus).dat
View file
Original file line number Diff line number Diff line change
Expand Up @@ -128,3 +128,13 @@ d060e0fe962b3d81454627d10fba89a5
7b365de29b57e13e83919e392bd443f1
659aedab25cbfdcf57ce246f4ec11de4
b75eebe5840caaaa3860b868e8bc793c
798ab6950f0b1f5c226d38ef48ceab68
bdb154373697347c3d5b0c14e78dfcfd
9245743bf25d8b2b7893466790f8be07
cb0a0970e03dde886437af4ccd433898
8bca410bebefa3784283edfa816a4c90
4b9fb08bec71f969dd0e415b4d7020df
04c1d2e1a3b44b4e3f493bfdac25a70c
4864020290eca316abee9e517ddb48b1
a40fb99669c21a8f7d4fc696875a4e20
fd3f3eefeb8141fb8d3c8ded8ac20735
Binary file modified data/cves.db
View file
Binary file not shown.
162 changes: 81 additions & 81 deletions docs/index.html
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
<!-- RELEASE TIME : 2024-04-15 03:39:14 -->
<!-- RELEASE TIME : 2024-04-15 23:23:16 -->
<html lang="zh-cn">

<head>
Expand Down Expand Up @@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<th width="43%">TITLE</th>
<th width="5%">URL</th>
</tr>
<tr>
<td>798ab6950f0b1f5c226d38ef48ceab68</td>
<td>CVE-2024-31652</td>
<td>2024-04-15 21:15:07 <img src="imgs/new.gif" /></td>
<td>A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Search parameter.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31652">详情</a></td>
</tr>

<tr>
<td>bdb154373697347c3d5b0c14e78dfcfd</td>
<td>CVE-2024-31650</td>
<td>2024-04-15 21:15:07 <img src="imgs/new.gif" /></td>
<td>A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Last Name parameter.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31650">详情</a></td>
</tr>

<tr>
<td>9245743bf25d8b2b7893466790f8be07</td>
<td>CVE-2024-31649</td>
<td>2024-04-15 21:15:07 <img src="imgs/new.gif" /></td>
<td>A cross-site scripting (XSS) in Cosmetics and Beauty Product Online Store v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Product Name parameter.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31649">详情</a></td>
</tr>

<tr>
<td>cb0a0970e03dde886437af4ccd433898</td>
<td>CVE-2024-31648</td>
<td>2024-04-15 21:15:07 <img src="imgs/new.gif" /></td>
<td>Cross Site Scripting (XSS) in Insurance Management System v1.0, allows remote attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Category Name parameter at /core/new_category2.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31648">详情</a></td>
</tr>

<tr>
<td>8bca410bebefa3784283edfa816a4c90</td>
<td>CVE-2024-23561</td>
<td>2024-04-15 21:15:07 <img src="imgs/new.gif" /></td>
<td>HCL DevOps Deploy / HCL Launch is vulnerable to sensitive information disclosure vulnerability due to insufficient obfuscation of sensitive values.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-23561">详情</a></td>
</tr>

<tr>
<td>4b9fb08bec71f969dd0e415b4d7020df</td>
<td>CVE-2024-23558</td>
<td>2024-04-15 21:15:07 <img src="imgs/new.gif" /></td>
<td>HCL DevOps Deploy / HCL Launch does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-23558">详情</a></td>
</tr>

<tr>
<td>04c1d2e1a3b44b4e3f493bfdac25a70c</td>
<td>CVE-2024-3804</td>
<td>2024-04-15 20:15:11 <img src="imgs/new.gif" /></td>
<td>A vulnerability, which was classified as critical, has been found in Vesystem Cloud Desktop up to 20240408. This issue affects some unknown processing of the file /Public/webuploader/0.1.5/server/fileupload2.php. The manipulation of the argument file leads to unrestricted upload. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260777 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3804">详情</a></td>
</tr>

<tr>
<td>4864020290eca316abee9e517ddb48b1</td>
<td>CVE-2024-32036</td>
<td>2024-04-15 20:15:11 <img src="imgs/new.gif" /></td>
<td>ImageSharp is a 2D graphics API. A heap-use-after-free flaw was found in ImageSharp's JPEG and TGA decoders. This vulnerability is triggered when an attacker passes a specially crafted JPEG or TGA image file to ImageSharp for conversion, potentially leading to information disclosure. The problem has been patched in v3.1.4 and v2.1.8.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-32036">详情</a></td>
</tr>

<tr>
<td>a40fb99669c21a8f7d4fc696875a4e20</td>
<td>CVE-2024-32035</td>
<td>2024-04-15 20:15:11 <img src="imgs/new.gif" /></td>
<td>ImageSharp is a 2D graphics API. A vulnerability discovered in the ImageSharp library, where the processing of specially crafted files can lead to excessive memory usage in image decoders. The vulnerability is triggered when ImageSharp attempts to process image files that are designed to exploit this flaw. This flaw can be exploited to cause a denial of service (DoS) by depleting process memory, thereby affecting applications and services that rely on ImageSharp for image processing tasks. Users and administrators are advised to update to the latest version of ImageSharp that addresses this vulnerability to mitigate the risk of exploitation. The problem has been patched in v3.1.4 and v2.1.8.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-32035">详情</a></td>
</tr>

<tr>
<td>fd3f3eefeb8141fb8d3c8ded8ac20735</td>
<td>CVE-2024-31990</td>
<td>2024-04-15 20:15:11 <img src="imgs/new.gif" /></td>
<td>Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The API server does not enforce project sourceNamespaces which allows attackers to use the UI to edit resources which should only be mutable via gitops. This vulenrability is fixed in 2.10.7, 2.9.12, and 2.8.16.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31990">详情</a></td>
</tr>

<tr>
<td>34289f659d466a7e6c7c77846c04e973</td>
<td>CVE-2024-3762</td>
Expand Down Expand Up @@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-22334">详情</a></td>
</tr>

<tr>
<td>3315ff09ef4002882586b280ebba5973</td>
<td>CVE-2024-0157</td>
<td>2024-04-12 17:17:21</td>
<td>Dell Storage Resource Manager, 4.9.0.0 and below, contain(s) a Session Fixation Vulnerability in SRM Windows Host Agent. An adjacent network unauthenticated attacker could potentially exploit this vulnerability, leading to the hijack of a targeted user's application session.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-0157">详情</a></td>
</tr>

<tr>
<td>d6e69687d570799e00c72934be69ee83</td>
<td>CVE-2024-3707</td>
<td>2024-04-12 14:15:09</td>
<td>Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to enumerate all files in the web tree by accessing a php file.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3707">详情</a></td>
</tr>

<tr>
<td>2294de2743ac043fbc4fa1e30c6c20f7</td>
<td>CVE-2024-3706</td>
<td>2024-04-12 14:15:09</td>
<td>Information exposure vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to view a php backup file (controlaccess.php-LAST) where database credentials are stored.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3706">详情</a></td>
</tr>

<tr>
<td>19243d5e8ea0ce74eb09c5fc33114ec8</td>
<td>CVE-2024-3705</td>
<td>2024-04-12 14:15:08</td>
<td>Unrestricted file upload vulnerability in OpenGnsys affecting version 1.1.1d (Espeto). This vulnerability allows an attacker to send a POST request to the endpoint '/opengnsys/images/M_Icons.php' modifying the file extension, due to lack of file extension verification, resulting in a webshell injection.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3705">详情</a></td>
</tr>

<tr>
<td>513133c591989f557bb35bec9e5077fd</td>
<td>CVE-2024-30273</td>
<td>2024-04-11 18:15:07</td>
<td>Illustrator versions 28.3, 27.9.2 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-30273">详情</a></td>
</tr>

<tr>
<td>f6b8f13db1401a8ba826ede7e715fcc1</td>
<td>CVE-2024-30272</td>
<td>2024-04-11 18:15:07</td>
<td>Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-30272">详情</a></td>
</tr>

<tr>
<td>1c90d23ed00ba1a43ab95e7925d74016</td>
<td>CVE-2024-30271</td>
<td>2024-04-11 18:15:07</td>
<td>Illustrator versions 28.3, 27.9.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-30271">详情</a></td>
</tr>

<tr>
<td>aac4c1426c19d0045cf88150ce31e439</td>
<td>CVE-2023-50949</td>
<td>2024-04-11 17:15:30</td>
<td>IBM QRadar SIEM 7.5 could allow an unauthorized user to perform unauthorized actions due to improper certificate validation. IBM X-Force ID: 275706.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2023-50949">详情</a></td>
</tr>

<tr>
<td>a5e43454e3256085139beec86ec6d1f0</td>
<td>CVE-2024-31678</td>
<td>2024-04-11 16:15:25</td>
<td>Sourcecodester Loan Management System v1.0 is vulnerable to SQL Injection via the "password" parameter in the "login.php" file.</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31678">详情</a></td>
</tr>

<tr>
<td>b616bedffb88e07bfa65121ffc7a7a9d</td>
<td>CVE-2024-0881</td>
<td>2024-04-11 16:15:24</td>
<td>The Post Grid, Form Maker, Popup Maker, WooCommerce Blocks, Post Blocks, Post Carousel WordPress plugin before 2.2.76 does not prevent password protected posts from being displayed in the result of some unauthenticated AJAX actions, allowing unauthenticated users to read such posts</td>
<td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-0881">详情</a></td>
</tr>

</tbody>
</table>
</div>
Expand Down

0 comments on commit 3e447a3

Please sign in to comment.