diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat index 4fdc3deb0cb..ec8ee9265a7 100644 --- a/cache/Tenable (Nessus).dat +++ b/cache/Tenable (Nessus).dat @@ -102,3 +102,13 @@ e35683925b14e304537319db4fa9a916 dab11fa1400700787b766753e088e193 a8e87a5c7cd45c454e29bffc4b5bf64f b2f96993ae3781ad684605ac69f217d3 +b803b349c35d632b3cf6a7dba45ceba0 +12727cb7dfddc82e51c7b448710cb05c +ba63dfef634a2fe0687179acf7d464e8 +baed5a479cb89eea0ae03744791b412f +edeaf99f5aa6e681e896b69ee375c365 +d30a6a0a871c08efe722fa0218fa92fe +7caf3ddef8fd06a87306652a96e9be1f +2e70d46367c2fe2fd630bfe42ed30405 +f1290c5f5300021600825d693b2501cb +7450e61446c158e6a5881d1fb9cab4e6 diff --git a/data/cves.db b/data/cves.db index 94f7b45e6cc..e83cfcea9be 100644 Binary files a/data/cves.db and b/data/cves.db differ diff --git a/docs/index.html b/docs/index.html index 93aa569acc9..379ba74a306 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -283,6 +283,86 @@

眈眈探求 | TITLE URL + + b803b349c35d632b3cf6a7dba45ceba0 + CVE-2024-52277 + 2024-12-04 11:30:51 + ** INITIAL LIMITED RELEASE ** User Interface (UI) Misrepresentation of Critical Information vulnerability in [WITHHELD] allows Content Spoofing.This issue affects [WITHHELD]: through [WITHHELD]. + 详情 + + + + 12727cb7dfddc82e51c7b448710cb05c + CVE-2024-52276 + 2024-12-04 11:30:50 + ** INITIAL LIMITED RELEASE ** User Interface (UI) Misrepresentation of Critical Information vulnerability in [WITHHELD] allows Content Spoofing.This issue affects [WITHHELD]: through 2024-12-04. + 详情 + + + + ba63dfef634a2fe0687179acf7d464e8 + CVE-2024-52275 + 2024-12-04 11:30:50 + Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromWizardHandle modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50. + 详情 + + + + baed5a479cb89eea0ae03744791b412f + CVE-2024-52274 + 2024-12-04 11:30:50 + Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoubleL2tpConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50 + 详情 + + + + edeaf99f5aa6e681e896b69ee375c365 + CVE-2024-52273 + 2024-12-04 11:30:50 + Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoublePppoeConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50 + 详情 + + + + d30a6a0a871c08efe722fa0218fa92fe + CVE-2024-52272 + 2024-12-04 11:30:50 + Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromAdvSetLanip(overflow arg:lanMask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50 + 详情 + + + + 7caf3ddef8fd06a87306652a96e9be1f + CVE-2024-12107 + 2024-12-04 11:15:05 + Double-Free Vulnerability in uD3TN BPv7 Caused by Malformed Endpoint Identifier allows remote attacker to reliably cause DoS + 详情 + + + + 2e70d46367c2fe2fd630bfe42ed30405 + CVE-2024-11814 + 2024-12-04 10:15:05 + The Additional Custom Order Status for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the wfwp_wcos_delete_finished, wfwp_wcos_delete_fallback_finished, wfwp_wcos_delete_fallback_orders_updated, and wfwp_wcos_delete_fallback_status parameters in all versions up to, and including, 1.6.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. + 详情 + + + + f1290c5f5300021600825d693b2501cb + CVE-2024-5020 + 2024-12-04 09:15:04 + Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions 1.3.4 to 3.5.7) in various versions due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. + 详情 + + + + 7450e61446c158e6a5881d1fb9cab4e6 + CVE-2024-11952 + 2024-12-04 09:15:04 + The Classic Addons – WPBakery Page Builder plugin for WordPress is vulnerable to Limited Local PHP File Inclusion in all versions up to, and including, 3.0 via the 'style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, and permissions granted by an Administrator, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. The vulnerability is limited to PHP files in a Windows environment. + 详情 + + bb2e9775a85894d4704f09c64d2bc95f CVE-2024-11326 @@ -443,86 +523,6 @@

眈眈探求 | 详情 - - 46e099e3b49bdebccb6a3ca57e3151a3 - CVE-2024-53786 - 2024-11-30 22:15:19 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Codeless Cowidgets – Elementor Addons allows Stored XSS.This issue affects Cowidgets – Elementor Addons: from n/a through 1.2.0. - 详情 - - - - 30f3e76a59e0cfd4e16fd26bc0d3e0fb - CVE-2024-53778 - 2024-11-30 22:15:19 - Cross-Site Request Forgery (CSRF) vulnerability in Essential Marketer Essential Breadcrumbs allows Stored XSS.This issue affects Essential Breadcrumbs: from n/a through 1.1.1. - 详情 - - - - 25c336b74dd634eb2872622c82bf86a1 - CVE-2024-53774 - 2024-11-30 22:15:19 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sparkle WP Sparkle Elementor Kit allows DOM-Based XSS.This issue affects Sparkle Elementor Kit: from n/a through 2.0.9. - 详情 - - - - c4f29c6a89c087493cc0d1151d7ca82b - CVE-2024-53773 - 2024-11-30 22:15:19 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Praca.Pl sp. Z o.O. Znajdź Pracę z Praca.Pl allows DOM-Based XSS.This issue affects Znajdź Pracę z Praca.Pl: from n/a through 2.2.3. - 详情 - - - - 813fa77b4b0e45970aef0dc45a6bf424 - CVE-2024-53772 - 2024-11-30 22:15:18 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in PickPlugins Mail Picker allows DOM-Based XSS.This issue affects Mail Picker: from n/a through 1.0.14. - 详情 - - - - 35661668d9313d99d7c60a846857f3f0 - CVE-2024-53771 - 2024-11-30 22:15:18 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Sergio Micó SimpleSchema allows DOM-Based XSS.This issue affects SimpleSchema: from n/a through 1.7.6.9. - 详情 - - - - 623993476f1983760b45238a67110a24 - CVE-2024-53767 - 2024-11-30 22:15:18 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pixobe Pixobe Cartography allows DOM-Based XSS.This issue affects Pixobe Cartography: from n/a through 1.0.1. - 详情 - - - - d2694f90c50308543b3e40e158888e6a - CVE-2024-53766 - 2024-11-30 22:15:18 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Devnex Devnex Addons For Elementor allows DOM-Based XSS.This issue affects Devnex Addons For Elementor: from n/a through 1.0.8. - 详情 - - - - 13d203bb65465af07b6238ad30c0b47f - CVE-2024-53764 - 2024-11-30 22:15:18 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SoftHopper Softtemplates For Elementor allows DOM-Based XSS.This issue affects Softtemplates For Elementor: from n/a through 1.0.8. - 详情 - - - - f9e8a430a3187ba744befd4cccf35eeb - CVE-2024-53763 - 2024-11-30 22:15:18 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rejuan Ahamed Best Addons for Elementor allows Stored XSS.This issue affects Best Addons for Elementor: from n/a through 1.0.5. - 详情 - -