Updated by Github Bot

EXP-Tools · Apr 11, 2024 · 957444b · 957444b
1 parent 1e5399c
commit 957444b
Show file tree

Hide file tree

Showing 3 changed files with 146 additions and 131 deletions.
diff --git a/cache/Nsfocus.dat b/cache/Nsfocus.dat
@@ -108,3 +108,18 @@ d33b688af63d379d5aec6cbd3a8f185f
 61b631139a4c43596e3bb7d08650d007
 c8dca40b1538a38b54be4ebdd0ab53ef
 b10d9937169dd5a5b5ee32a9b399e278
+7c796199f0ba4ec3d406dbe761df0a15
+ca73a9afdc1bcf67ae254d281e869309
+6c72ab15071fdb079e5ee4df3213e205
+30af9581a8aad0636dea26728df0c7c4
+7ecabc54fbd9ba486d1eff76e6551e05
+214f57797af8c7207b5238db1f272604
+57e147f23673a0b0e53d9cb31f2daa6a
+a324309e4135bf2a9f1ebbfef8971e9a
+d10cf74ea30ec61041e4b8b5fd45dae9
+9b7821027931d07669d614ef2180a96d
+907ddae2e6f7e98f6c7a5a08b6a7549d
+fce267a6a830ea86d26cbdfb6579eb8e
+43b7a052057479d47d281562142917c7
+b357202ac42195302f3df71826de45b3
+8fc63adb5630e37211409e2e4c582c87
diff --git a/data/cves.db b/data/cves.db
diff --git a/docs/index.html b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-04-10 23:24:04 -->
+<!-- RELEASE TIME : 2024-04-11 13:25:03 -->
 <html lang="zh-cn">
 
  <head>
@@ -366,79 +366,79 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
       <tr>
        <td>64c99d4e452f362d5321dbc16228f326</td>
        <td>CVE-2024-3545</td>
-       <td>2024-04-09 19:15:41 <img src="imgs/new.gif" /></td>
+       <td>2024-04-09 19:15:41</td>
        <td>Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations contained in the offline cache file by gaining access to a computer where the software is installed even though the offline mode is disabled.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3545">详情</a></td>
       </tr>
 
       <tr>
        <td>57f39a3baee4cc784c673b545110a6f9</td>
        <td>CVE-2024-3514</td>
-       <td>2024-04-09 19:15:41 <img src="imgs/new.gif" /></td>
+       <td>2024-04-09 19:15:41</td>
        <td>The Responsive Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tabs_color value in all versions up to, and including, 4.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3514">详情</a></td>
       </tr>
 
       <tr>
        <td>ea89e5eb40cfcd53b5f3907742de5974</td>
        <td>CVE-2024-3512</td>
-       <td>2024-04-09 19:15:41 <img src="imgs/new.gif" /></td>
+       <td>2024-04-09 19:15:41</td>
        <td>The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'note_color' shortcode in all versions up to, and including, 7.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3512">详情</a></td>
       </tr>
 
       <tr>
        <td>5d05c256dd0c25e0c7aff1279b8129d5</td>
        <td>CVE-2024-3267</td>
-       <td>2024-04-09 19:15:40 <img src="imgs/new.gif" /></td>
+       <td>2024-04-09 19:15:40</td>
        <td>The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_price_list shortcode in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3267">详情</a></td>
       </tr>
 
       <tr>
        <td>f91acb3e5908a92502d4388db5a7c091</td>
        <td>CVE-2024-3266</td>
-       <td>2024-04-09 19:15:40 <img src="imgs/new.gif" /></td>
+       <td>2024-04-09 19:15:40</td>
        <td>The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of widgets in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3266">详情</a></td>
       </tr>
 
       <tr>
        <td>81d201d38d511297f30f5fd4c927a1d7</td>
        <td>CVE-2024-3244</td>
-       <td>2024-04-09 19:15:40 <img src="imgs/new.gif" /></td>
+       <td>2024-04-09 19:15:40</td>
        <td>The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedpress_calendar' shortcode in all versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3244">详情</a></td>
       </tr>
 
       <tr>
        <td>b04503ac83847773e3c1913a29e3d53f</td>
        <td>CVE-2024-3214</td>
-       <td>2024-04-09 19:15:40 <img src="imgs/new.gif" /></td>
+       <td>2024-04-09 19:15:40</td>
        <td>The Relevanssi – A Better Search plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3214">详情</a></td>
       </tr>
 
       <tr>
        <td>bda0d0c8b970be70e8cfb0f831f0c387</td>
        <td>CVE-2024-3213</td>
-       <td>2024-04-09 19:15:40 <img src="imgs/new.gif" /></td>
+       <td>2024-04-09 19:15:40</td>
        <td>The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssi_update_counts() function in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to execute expensive queries on the application that could lead into DOS.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3213">详情</a></td>
       </tr>
 
       <tr>
        <td>0e58afa56a2d326d843b06d379a76859</td>
        <td>CVE-2024-3208</td>
-       <td>2024-04-09 19:15:40 <img src="imgs/new.gif" /></td>
+       <td>2024-04-09 19:15:40</td>
        <td>The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 1.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3208">详情</a></td>
       </tr>
 
       <tr>
        <td>8220ef4a0604d6d98fea2628e6433290</td>
        <td>CVE-2024-3167</td>
-       <td>2024-04-09 19:15:39 <img src="imgs/new.gif" /></td>
+       <td>2024-04-09 19:15:39</td>
        <td>The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘twitter_username’ parameter in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.</td>
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3167">详情</a></td>
       </tr>
@@ -1971,6 +1971,126 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>7c796199f0ba4ec3d406dbe761df0a15</td>
+       <td>CVE-2024-20840</td>
+       <td>2024-04-11 13:22:51 <img src="imgs/new.gif" /></td>
+       <td>Samsung Voice Recorder访问控制错误漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/93362">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>ca73a9afdc1bcf67ae254d281e869309</td>
+       <td>CVE-2023-42419</td>
+       <td>2024-04-11 13:22:51 <img src="imgs/new.gif" /></td>
+       <td>Cybellum硬编码私钥漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/93361">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>6c72ab15071fdb079e5ee4df3213e205</td>
+       <td>CVE-2024-27627</td>
+       <td>2024-04-11 13:22:51 <img src="imgs/new.gif" /></td>
+       <td>SuperCali跨站脚本漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/93360">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>30af9581a8aad0636dea26728df0c7c4</td>
+       <td>CVE-2023-45597</td>
+       <td>2024-04-11 13:22:51 <img src="imgs/new.gif" /></td>
+       <td>AiLux imx6公式元素中和错误漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/93359">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>7ecabc54fbd9ba486d1eff76e6551e05</td>
+       <td>CVE-2023-5456</td>
+       <td>2024-04-11 13:22:51 <img src="imgs/new.gif" /></td>
+       <td>AiLux imx6硬编码凭据使用漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/93358">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>214f57797af8c7207b5238db1f272604</td>
+       <td>CVE-2024-20838</td>
+       <td>2024-04-11 13:22:51 <img src="imgs/new.gif" /></td>
+       <td>Samsung Internet输入验证错误漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/93357">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>57e147f23673a0b0e53d9cb31f2daa6a</td>
+       <td>CVE-2024-20839</td>
+       <td>2024-04-11 13:22:51 <img src="imgs/new.gif" /></td>
+       <td>Samsung Voice Recorder访问控制错误漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/93356">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>a324309e4135bf2a9f1ebbfef8971e9a</td>
+       <td>CVE-2023-45596</td>
+       <td>2024-04-11 13:22:51 <img src="imgs/new.gif" /></td>
+       <td>AiLux imx6授权错误漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/93355">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>d10cf74ea30ec61041e4b8b5fd45dae9</td>
+       <td>CVE-2024-20837</td>
+       <td>2024-04-11 13:22:51 <img src="imgs/new.gif" /></td>
+       <td>Samsung Internet授权处理错误漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/93354">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>9b7821027931d07669d614ef2180a96d</td>
+       <td>CVE-2024-20841</td>
+       <td>2024-04-11 13:22:51 <img src="imgs/new.gif" /></td>
+       <td>Samsung Account权限不足处理错误漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/93353">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>907ddae2e6f7e98f6c7a5a08b6a7549d</td>
+       <td>CVE-2024-27625</td>
+       <td>2024-04-11 13:22:51 <img src="imgs/new.gif" /></td>
+       <td>CMS Made Simple跨站脚本漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/93352">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>fce267a6a830ea86d26cbdfb6579eb8e</td>
+       <td>CVE-2023-45598</td>
+       <td>2024-04-11 13:22:51 <img src="imgs/new.gif" /></td>
+       <td>AiLux imx6授权错误漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/93351">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>43b7a052057479d47d281562142917c7</td>
+       <td>CVE-2023-45599</td>
+       <td>2024-04-11 13:22:51 <img src="imgs/new.gif" /></td>
+       <td>AiLux imx6依赖文件名或外部提供文件的扩展名漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/93350">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>b357202ac42195302f3df71826de45b3</td>
+       <td>CVE-2023-45600</td>
+       <td>2024-04-11 13:22:51 <img src="imgs/new.gif" /></td>
+       <td>AiLux imx6会话过期不足漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/93349">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>8fc63adb5630e37211409e2e4c582c87</td>
+       <td>CVE-2024-20836</td>
+       <td>2024-04-11 13:22:51 <img src="imgs/new.gif" /></td>
+       <td>SAMSUNG Mobile Devices越界读取漏洞</td>
+       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/93348">详情</a></td>
+      </tr>
+
       <tr>
        <td>8c4cbc4ecac9b97b1c149b2159bc3102</td>
        <td>CVE-2019-3816</td>
@@ -2091,126 +2211,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="http://www.nsfocus.net/vulndb/93274">详情</a></td>
       </tr>
 
-      <tr>
-       <td>685b4ec3b543163ab6443c55f8d4b4ab</td>
-       <td>CVE-2024-28903</td>
-       <td>2024-04-10 07:21:43 <img src="imgs/new.gif" /></td>
-       <td>Microsoft Windows Secure Boot安全功能绕过漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/93192">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>39f1f00b5f69fc1b767b21ec8917e0d0</td>
-       <td>CVE-2024-28905</td>
-       <td>2024-04-10 07:21:43 <img src="imgs/new.gif" /></td>
-       <td>Microsoft Brokering File System权限提升漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/93191">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>a53f2235a091e17c9d295515ff0898b3</td>
-       <td>CVE-2024-28906</td>
-       <td>2024-04-10 07:21:43 <img src="imgs/new.gif" /></td>
-       <td>Microsoft Windows OLE DB Driver for SQL Server远程代码执行漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/93190">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>dc0fd950eff478e619ace32047304926</td>
-       <td>CVE-2024-28908</td>
-       <td>2024-04-10 07:21:43 <img src="imgs/new.gif" /></td>
-       <td>Microsoft Windows OLE DB Driver for SQL Server远程代码执行漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/93189">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>6dcc24a6b55861931e6e0b516de8b6ac</td>
-       <td>CVE-2024-28909</td>
-       <td>2024-04-10 07:21:43 <img src="imgs/new.gif" /></td>
-       <td>Microsoft Windows OLE DB Driver for SQL Server远程代码执行漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/93188">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>7638ee75c2c6541878fb0a86b1fc7e01</td>
-       <td>CVE-2024-28919</td>
-       <td>2024-04-10 07:21:43 <img src="imgs/new.gif" /></td>
-       <td>Microsoft Windows Secure Boot安全功能绕过漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/93187">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>cc5d8787be06891f082742dce9f0171f</td>
-       <td>CVE-2024-28921</td>
-       <td>2024-04-10 07:21:43 <img src="imgs/new.gif" /></td>
-       <td>Microsoft Windows Secure Boot安全功能绕过漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/93186">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>9c1b87268aceb973f6ee41a6836126f3</td>
-       <td>CVE-2024-26179</td>
-       <td>2024-04-10 07:21:43 <img src="imgs/new.gif" /></td>
-       <td>Microsoft Windows Routing and Remote Access Service远程代码执行漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/93185">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>1125665b7018cfcb9ed101b34c55c29f</td>
-       <td>CVE-2024-26200</td>
-       <td>2024-04-10 07:21:43 <img src="imgs/new.gif" /></td>
-       <td>Microsoft Windows Routing and Remote Access Service远程代码执行漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/93184">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>210ea9ad108098fb1e5a7fdcccfa3d00</td>
-       <td>CVE-2024-26205</td>
-       <td>2024-04-10 07:21:43 <img src="imgs/new.gif" /></td>
-       <td>Microsoft Windows Routing and Remote Access Service远程代码执行漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/93183">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>081c3431576624317b45406ec6087952</td>
-       <td>CVE-2024-26202</td>
-       <td>2024-04-10 07:21:43 <img src="imgs/new.gif" /></td>
-       <td>Microsoft Windows DHCP Server Service远程代码执行漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/93182">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>9603be14e9a2a6587d9b466ffee271cd</td>
-       <td>CVE-2024-26232</td>
-       <td>2024-04-10 07:21:43 <img src="imgs/new.gif" /></td>
-       <td>Microsoft Windows Message Queuing (MSMQ)远程代码执行漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/93181">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>14dc8a4e512046b21479a8cda4d4498b</td>
-       <td>CVE-2024-28920</td>
-       <td>2024-04-10 07:21:43 <img src="imgs/new.gif" /></td>
-       <td>Microsoft Windows Secure Boot安全功能绕过漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/93180">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>b7bc998f048bccce1f79bfaab964663b</td>
-       <td>CVE-2024-28922</td>
-       <td>2024-04-10 07:21:43 <img src="imgs/new.gif" /></td>
-       <td>Microsoft Windows Secure Boot安全功能绕过漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/93179">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>f1db819a5c62f9d68c9e3dd30ad44869</td>
-       <td>CVE-2024-28910</td>
-       <td>2024-04-10 07:21:43 <img src="imgs/new.gif" /></td>
-       <td>Microsoft Windows OLE DB Driver for SQL Server远程代码执行漏洞</td>
-       <td><a target="_blank" href="http://www.nsfocus.net/vulndb/93178">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>