diff --git a/cache/Nsfocus.dat b/cache/Nsfocus.dat index 18ccf49fd1f..fb127d08ca1 100644 --- a/cache/Nsfocus.dat +++ b/cache/Nsfocus.dat @@ -108,3 +108,18 @@ d33b688af63d379d5aec6cbd3a8f185f 61b631139a4c43596e3bb7d08650d007 c8dca40b1538a38b54be4ebdd0ab53ef b10d9937169dd5a5b5ee32a9b399e278 +7c796199f0ba4ec3d406dbe761df0a15 +ca73a9afdc1bcf67ae254d281e869309 +6c72ab15071fdb079e5ee4df3213e205 +30af9581a8aad0636dea26728df0c7c4 +7ecabc54fbd9ba486d1eff76e6551e05 +214f57797af8c7207b5238db1f272604 +57e147f23673a0b0e53d9cb31f2daa6a +a324309e4135bf2a9f1ebbfef8971e9a +d10cf74ea30ec61041e4b8b5fd45dae9 +9b7821027931d07669d614ef2180a96d +907ddae2e6f7e98f6c7a5a08b6a7549d +fce267a6a830ea86d26cbdfb6579eb8e +43b7a052057479d47d281562142917c7 +b357202ac42195302f3df71826de45b3 +8fc63adb5630e37211409e2e4c582c87 diff --git a/data/cves.db b/data/cves.db index 158ea5326c1..afc3a5db512 100644 Binary files a/data/cves.db and b/data/cves.db differ diff --git a/docs/index.html b/docs/index.html index d9c7a4570bd..b1d07899fab 100644 --- a/docs/index.html +++ b/docs/index.html @@ -1,4 +1,4 @@ - + @@ -366,7 +366,7 @@

眈眈探求 | + 2024-04-09 19:15:41 Improper permission handling in the vault offline cache feature in Devolutions Remote Desktop Manager 2024.1.20 and earlier on windows and Devolutions Server 2024.1.8 and earlier allows an attacker to access sensitive informations contained in the offline cache file by gaining access to a computer where the software is installed even though the offline mode is disabled. 详情 @@ -374,7 +374,7 @@

眈眈探求 | + 2024-04-09 19:15:41 The Responsive Tabs plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the tabs_color value in all versions up to, and including, 4.0.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 详情 @@ -382,7 +382,7 @@

眈眈探求 | + 2024-04-09 19:15:41 The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'note_color' shortcode in all versions up to, and including, 7.0.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 详情 @@ -390,7 +390,7 @@

眈眈探求 | + 2024-04-09 19:15:40 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's bt_bb_price_list shortcode in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 详情 @@ -398,7 +398,7 @@

眈眈探求 | + 2024-04-09 19:15:40 The Bold Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL attribute of widgets in all versions up to, and including, 4.8.8 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 详情 @@ -406,7 +406,7 @@

眈眈探求 | + 2024-04-09 19:15:40 The EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'embedpress_calendar' shortcode in all versions up to, and including, 3.9.14 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 详情 @@ -414,7 +414,7 @@

眈眈探求 | + 2024-04-09 19:15:40 The Relevanssi – A Better Search plugin for WordPress is vulnerable to CSV Injection in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to embed untrusted input into exported CSV files, which can result in code execution when these files are downloaded and opened on a local system with a vulnerable configuration. 详情 @@ -422,7 +422,7 @@

眈眈探求 | + 2024-04-09 19:15:40 The Relevanssi – A Better Search plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the relevanssi_update_counts() function in all versions up to, and including, 4.22.1. This makes it possible for unauthenticated attackers to execute expensive queries on the application that could lead into DOS. 详情 @@ -430,7 +430,7 @@

眈眈探求 | + 2024-04-09 19:15:40 The Sydney Toolbox plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Filterable Gallery widget in all versions up to, and including, 1.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 详情 @@ -438,7 +438,7 @@

眈眈探求 | + 2024-04-09 19:15:39 The Ocean Extra plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘twitter_username’ parameter in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. 详情 @@ -1971,6 +1971,126 @@

眈眈探求 | TITLE URL + + 7c796199f0ba4ec3d406dbe761df0a15 + CVE-2024-20840 + 2024-04-11 13:22:51 + Samsung Voice Recorder访问控制错误漏洞 + 详情 + + + + ca73a9afdc1bcf67ae254d281e869309 + CVE-2023-42419 + 2024-04-11 13:22:51 + Cybellum硬编码私钥漏洞 + 详情 + + + + 6c72ab15071fdb079e5ee4df3213e205 + CVE-2024-27627 + 2024-04-11 13:22:51 + SuperCali跨站脚本漏洞 + 详情 + + + + 30af9581a8aad0636dea26728df0c7c4 + CVE-2023-45597 + 2024-04-11 13:22:51 + AiLux imx6公式元素中和错误漏洞 + 详情 + + + + 7ecabc54fbd9ba486d1eff76e6551e05 + CVE-2023-5456 + 2024-04-11 13:22:51 + AiLux imx6硬编码凭据使用漏洞 + 详情 + + + + 214f57797af8c7207b5238db1f272604 + CVE-2024-20838 + 2024-04-11 13:22:51 + Samsung Internet输入验证错误漏洞 + 详情 + + + + 57e147f23673a0b0e53d9cb31f2daa6a + CVE-2024-20839 + 2024-04-11 13:22:51 + Samsung Voice Recorder访问控制错误漏洞 + 详情 + + + + a324309e4135bf2a9f1ebbfef8971e9a + CVE-2023-45596 + 2024-04-11 13:22:51 + AiLux imx6授权错误漏洞 + 详情 + + + + d10cf74ea30ec61041e4b8b5fd45dae9 + CVE-2024-20837 + 2024-04-11 13:22:51 + Samsung Internet授权处理错误漏洞 + 详情 + + + + 9b7821027931d07669d614ef2180a96d + CVE-2024-20841 + 2024-04-11 13:22:51 + Samsung Account权限不足处理错误漏洞 + 详情 + + + + 907ddae2e6f7e98f6c7a5a08b6a7549d + CVE-2024-27625 + 2024-04-11 13:22:51 + CMS Made Simple跨站脚本漏洞 + 详情 + + + + fce267a6a830ea86d26cbdfb6579eb8e + CVE-2023-45598 + 2024-04-11 13:22:51 + AiLux imx6授权错误漏洞 + 详情 + + + + 43b7a052057479d47d281562142917c7 + CVE-2023-45599 + 2024-04-11 13:22:51 + AiLux imx6依赖文件名或外部提供文件的扩展名漏洞 + 详情 + + + + b357202ac42195302f3df71826de45b3 + CVE-2023-45600 + 2024-04-11 13:22:51 + AiLux imx6会话过期不足漏洞 + 详情 + + + + 8fc63adb5630e37211409e2e4c582c87 + CVE-2024-20836 + 2024-04-11 13:22:51 + SAMSUNG Mobile Devices越界读取漏洞 + 详情 + + 8c4cbc4ecac9b97b1c149b2159bc3102 CVE-2019-3816 @@ -2091,126 +2211,6 @@

眈眈探求 | 详情 - - 685b4ec3b543163ab6443c55f8d4b4ab - CVE-2024-28903 - 2024-04-10 07:21:43 - Microsoft Windows Secure Boot安全功能绕过漏洞 - 详情 - - - - 39f1f00b5f69fc1b767b21ec8917e0d0 - CVE-2024-28905 - 2024-04-10 07:21:43 - Microsoft Brokering File System权限提升漏洞 - 详情 - - - - a53f2235a091e17c9d295515ff0898b3 - CVE-2024-28906 - 2024-04-10 07:21:43 - Microsoft Windows OLE DB Driver for SQL Server远程代码执行漏洞 - 详情 - - - - dc0fd950eff478e619ace32047304926 - CVE-2024-28908 - 2024-04-10 07:21:43 - Microsoft Windows OLE DB Driver for SQL Server远程代码执行漏洞 - 详情 - - - - 6dcc24a6b55861931e6e0b516de8b6ac - CVE-2024-28909 - 2024-04-10 07:21:43 - Microsoft Windows OLE DB Driver for SQL Server远程代码执行漏洞 - 详情 - - - - 7638ee75c2c6541878fb0a86b1fc7e01 - CVE-2024-28919 - 2024-04-10 07:21:43 - Microsoft Windows Secure Boot安全功能绕过漏洞 - 详情 - - - - cc5d8787be06891f082742dce9f0171f - CVE-2024-28921 - 2024-04-10 07:21:43 - Microsoft Windows Secure Boot安全功能绕过漏洞 - 详情 - - - - 9c1b87268aceb973f6ee41a6836126f3 - CVE-2024-26179 - 2024-04-10 07:21:43 - Microsoft Windows Routing and Remote Access Service远程代码执行漏洞 - 详情 - - - - 1125665b7018cfcb9ed101b34c55c29f - CVE-2024-26200 - 2024-04-10 07:21:43 - Microsoft Windows Routing and Remote Access Service远程代码执行漏洞 - 详情 - - - - 210ea9ad108098fb1e5a7fdcccfa3d00 - CVE-2024-26205 - 2024-04-10 07:21:43 - Microsoft Windows Routing and Remote Access Service远程代码执行漏洞 - 详情 - - - - 081c3431576624317b45406ec6087952 - CVE-2024-26202 - 2024-04-10 07:21:43 - Microsoft Windows DHCP Server Service远程代码执行漏洞 - 详情 - - - - 9603be14e9a2a6587d9b466ffee271cd - CVE-2024-26232 - 2024-04-10 07:21:43 - Microsoft Windows Message Queuing (MSMQ)远程代码执行漏洞 - 详情 - - - - 14dc8a4e512046b21479a8cda4d4498b - CVE-2024-28920 - 2024-04-10 07:21:43 - Microsoft Windows Secure Boot安全功能绕过漏洞 - 详情 - - - - b7bc998f048bccce1f79bfaab964663b - CVE-2024-28922 - 2024-04-10 07:21:43 - Microsoft Windows Secure Boot安全功能绕过漏洞 - 详情 - - - - f1db819a5c62f9d68c9e3dd30ad44869 - CVE-2024-28910 - 2024-04-10 07:21:43 - Microsoft Windows OLE DB Driver for SQL Server远程代码执行漏洞 - 详情 - -