From 9d4c61cc54a0280e0cde2f1ae19d29a2e4cee3ef Mon Sep 17 00:00:00 2001
From: Github-Bot <github-bot@example.com>
Date: Sat, 13 Apr 2024 23:25:32 +0000
Subject: [PATCH] Updated by Github Bot

---
 cache/RedQueen.dat         |  10 +++
 cache/Tenable (Nessus).dat |  10 +++
 data/cves.db               | Bin 47071232 -> 47083520 bytes
 docs/index.html            | 162 ++++++++++++++++++-------------------
 4 files changed, 101 insertions(+), 81 deletions(-)

diff --git a/cache/RedQueen.dat b/cache/RedQueen.dat
index e4648c4ca2b..fd14fe26772 100644
--- a/cache/RedQueen.dat
+++ b/cache/RedQueen.dat
@@ -111,3 +111,13 @@ e8c7132832b8c0457c9738cf22d54c39
 e2356450a8e3cea869f4ab9f384576f0
 5c646c0ff6db3301cd6604c10c94f479
 b8ac67ce43f7aed557d15eb9505552c9
+aa51b0f30e2c3691d842a8e2c66f4957
+6086b68aa48d324f3bbc4c53c2c723e7
+2b560c06437b96f3df4c593464e68589
+84e83374ff34c49bf7e90751a458c780
+643fddbc522c3912e57856e31dffa5ed
+895f1645c8892e4ee85005154416a193
+cc96f68cf2bfcf578d886579d983567f
+4550e052219e884aaa2d000778b46ec9
+c6fc0f1e11b594ee91e2af7ff115c3b6
+f8aa964dcb4956c9baacad51d77f32bc
diff --git a/cache/Tenable (Nessus).dat b/cache/Tenable (Nessus).dat
index 0ada6dcfaa7..22cb71a7643 100644
--- a/cache/Tenable (Nessus).dat	
+++ b/cache/Tenable (Nessus).dat	
@@ -114,3 +114,13 @@ f055ab7fbcada08b35fbb3cfaa461b47
 d6e69687d570799e00c72934be69ee83
 2294de2743ac043fbc4fa1e30c6c20f7
 19243d5e8ea0ce74eb09c5fc33114ec8
+ff20f9e131b02fcf47f054144fd32463
+4ccfcb06f80909959f881e16781b18bf
+835c1d006d96d491862095cc05b3d57f
+63babce91580538085ca1cf65a58d9af
+886a5a065150997c6a1672b5ef4e8f4b
+4e583a2247233ca8c909462f2a208012
+fa25e69baf68c9828ef342387ff593c6
+96f091e6f1eaaf18d3b11f8f9c7cd66c
+d060e0fe962b3d81454627d10fba89a5
+31ed67f1094c4ca8d945e256f6166b2c
diff --git a/data/cves.db b/data/cves.db
index a682669aaf98f35105f6a421dbc38a2b560371cf..1726005f48e32721b56548b0bb5bb4432cd197a2 100644
GIT binary patch
delta 7204
zcmeI#X>=7;wg+&kG7v(5L?Fy?5yGI{q~-wyWK@(P3?hn{UAJykawW-y+=PGwB<c>L
zGB`$5EN~VTf>RJ>bOxjWdr;d(aPDr0#&&Ak;r%NpuUWEu?}N+t<*mi<uwdP)bIv~d
zoU^O0?y3B`Lr>+e?2(b*s@0GWu8)im^6QC7U=o?qn9`Xtm@=7KGi5QgVajG|%ap^^
zj;TFU2c}%6Jf@SFIx=-)>dchS)P<=lQ#YpWOg)%-GWBBW&D4h}!qk`PWTt*h{h11w
z1~3g|8pJf1=@h0@nT9Y$nF^VTm?S2dNnui%G$x(NU^1C3CYxy}(`ihnGYw-J&NPDQ
z45pDxqnJiBjbR$gG>+*^rn8vFGo8(J4$}mtiA<B2CNmW?O<|hKG>vIG)45DDn9gIG
z$#g!`1x&M;E@Ya`bP-bt6XN4A#h6^CIFrZZGnF!xF(sHTW}3rP&Q!rv$&_T8%QTOv
ziYdiZ%~ZoQpQ)B<0n<XJOPDTYx{T>^rbSGPnd+G8nXX{ElIbcYW@=zs!gMv$Ql@K|
zu4TH8X&KXUrWH&pnXYHLf$2u3o0x89x`nBc=~kvyOt&%J&U6RUYNk7x0;V-gYnkq1
zx|``9rhA$0W4fQ|0j39;)-gTA^f1#SOzW98Ff}o4WO|h8F{a0vo?v>CshMdL(^E{F
znVx2PhG`4aR;F!C+nIJS?PPkE={ct7nO<Oek?AF-mzj1k?Pl7;^a|5nrr$B`W7^Mj
zfaz7H-!uJz>5oi*VtS3~b*49%{>=0y(_felGQGugi0LrX+f45;z033-)B8*xFn!4M
zSEj!){hjF}rjMCEVfvKmA52G>K4bbP)8|ZIFn!7N71P&D|6=-v>EBG>GJVJNJ<|_M
zNmxb#h>!;9kO7&{8nU1bWJ6oXfp*XyIzTSu!AZ~&Izea1hc3_+x<Pm70X?A?^oBkV
zfxd7u^n?CT00Uqk41&RM3Y-c<APR+01QN)gfC?JuV1Nl0*f11MgVSLc42KbL28@JJ
zFdD|dSQrOq!dWmL&W3Yf0!)NSFd2$r3QUD*Fdfc?8E_uVg!AD7m<1QYY`6$YAdJ5Q
zF>oOc9{5lSWsrc2VGfi-1yn*3=E6Lvf)rFk4a|pHSO5#*61WsDgUewNEQUI$hb!Pp
zxC$5=U<q6eOW_*07OsP3upCyvO1K_wfE(c^xEXGNMz|GL!EJCm+ySfMP6%KPtcAPa
zZny{Th5O)scmN)Rb?^{843EHi*Z@ti5gvud;Bj~Yo`h!D1W&<ccp9F8EwB}~!FJdI
zJK<S)4xWb>;6-=|UWQ$;8}`5}uor#@`(QsDfLG!7@CW!K{0Uxz*WnHLGrS3ZfrIcC
z9D>8}HoODx!h7&Od;lN9U*T`?clZcChEL#A_y-(;&)}c%IeY<M!dLJ${0qK;f5W%%
z9efWz2un%C_6HHtARRIw6Iw$Sw1I4B3pvmZ+CvA(g*-S3IzlJt4EfLnx<WVT4n3eJ
z^n%{d2O`iHPKJKa9|~Xq41_^27*2sxVF*N_5Q;zo85B@K104)7!2%nG!f9|i41?h?
z0?vSuFbYP)7#IuV;7m9R#>3fg4orZFFbO6@F-(D}Fb$@|xiACHgPCwXTmZA+LYNH~
zK?#KMcOV8X#K8j}N}&uAa52n*a;ShxNWxs02UU=QYN&zvPzwuSAzT8N!ewwdEP};Q
z2la3TTnSeJLjx><t6?cz1J}ZJund;N3Rnr(!wqmF+ypnnEzk(J!Ya58ZihQyHQWgS
ztbw&~7u*f^z`bxE+z$`HgRl-Bf`{P|SPvVZ2{yu`@EAM}Pr#Gn7HSsnc`Ivc+Uize
zvDbL8YWTQd-_AS5oNX5!Y8LyaW#(+k*_g9#+tu$hi=SsT=H*V2Iu3cCo7&^&?{QOG
z{Piw3wO+C9qh=A!rm%S`Y&M6@(_!;W*lY=#tzok*Y_^BZj<DGoHqVC5b7Av**t`%n
zFNV!aVe@j>><XLRVY5fvw(X-=#Id7$w->){)vjyKl(x0mkG1)tO<~r>t?$l!J@cfD
zN$J<5J=>hSa`PMFsQOVDUz>^D1}9s!tJi(Yaco12yD`ny4cCr2j_bsAIc}Q1s>Iw6
zHsAH$%H^YHjEyRiqDEC!Qtdl??Gn2OO?%dhXZo@!$+5T{kH&pjk7}~wMPsV#M`Iq|
zf_KTbYJ@#z9_!IHd{^>iPnKi4t$Cg;dy3<mzAwwVtHz9<_o(Sdd(6FHBYISI)pKH=
z8pWedRP#+WYFnlpbv;W`Jxs$hjQSDWlo9rr2<NEjy5vc^qR6&qS(@WGN?ej8)3jom
z;kot+dNhyr*kQ*Oaf~lnmMVEMI~q4UJF0oE7PVqZEQ)Bka$HtpzN3UarXTCkb#22p
zEZ0|JzU%9z6}K!yH|@A>sk&kMC+N}o&mJ{ZvTZqrNhziq)lA=vI*zGFbxF1*0~6Ox
zFN|v1v8Y<M?#qUzyOw1u9>QwrlBCPJrpbnbMfiD-`f*XUU96uPv!aruN>R<S<fwyn
ziW+LnlpJ4m@ZS2d+$4rQ)`U?tG}VvCV=m(Asx}rL)6@-5mE*qe=wAE;JsRO0dj!Qt
z_K4$sth?^XdJL<ldQnZW+^7?C)hP19lj5eQ`id0JQTXpUYM!O4rsn&q=4y7#H$7W2
zb=lE$%QY?O1U>$kt3PIrrpm6Sx>3)SW%MYUQCo?dQ5jK=`JU^WT1)1%I<}5VOgAJ~
z!c@%|R#c7qnycHYW@w&a>DCD{$B=(q$J6$TV?Ec!dP{l~iQq@E$=s-==}J_N#bjik
zg#N<Kv0?GCDH@Vx#0>07&5Emv=Bu%oi!N1HaZN?_%%4xu)Q)x-PVuZkwyf*Eu0><A
zuSGRmwWBdbR-$psP;|+TDXQ+&+q_{>(00`}ar3svhwc?8WOQhU!!BL8x>ZhP)|!k~
zLUUej{X!wykivPEJuy0%FID+c2bqBN!FJUxNmnh&(p^V(eM5J2D{eO)E*;-3I8^$I
znBGyd%yKW4id2_XC2LB{B8ILu9yz$IW8;=?E3(VxC!B~Asq|{g6O~@XEpw_Ix7w?U
zBr5TM7pZhAyhzf=Py9r=HzX4CT&E`GMdsBcs}q%_kwhv|kw}#}mGN>f9zGQQEPSZY
zEsTs^Ft<FJsCKFo$;zN<m?m~g!?Qu(4nu_Q{lg!&ygoG~lB#jbB2G9&ujK`)h_|2`
z0|}B}r3v|xQ{|Q==6lD#FyfS_l94KJUQMFPJNoE^vD2naE*?9naqX8|I%i|BHPv`!
zA{C5S@~)7tS2&dmBW|*yB3T)6os^d<#38ChB`qqe5m_IKKf3b&p+czI9T%#`{hv-9
z6g162GD%3LB|W$)8;Llup+IdYD8ZJ(u`5YN+&1ExEhD!jTX$VakEwCJao+a}x&_7k
z_loJk&YRW?eR{bID`Z(xB9*0y$_3|nv2({qYUW0&lM%JhE(~PrDzR&@?}66@xr3jm
zjE_#%R925#IHks`3igl66FRjoc1pdX+S=M8Cmx?XKbUuGnotmoPv0Qq1wYJe5V{1p
zXCD+=2TiMGVNpjz(oN&IWj2Fk^DeR9Z#s<ha2Sn;tyu-C7FA8vTr!@U+O&jln%Xd}
zL~~u=jY)=YNj7d8-S%<dd$M6#xOA*wO5KZMk2E|N%o}-782Ud9J+J-)p?6TUx2u?u
zUhGtt1v|3a3LSG>!saF`{i2jJ-y2;K$g|oD{oAyxLd(wtvsUQT`0du&U4l)!1VIYu
zf$_pr(U5{O-u1+RL8R~%F)Jh7DOPagmS@HM;86cZ#Z!9z;&T4FgGoaigTBqn#iC%1
zzgz4jnX0v<9XDmQgtCj;(51x3HRao$tjaM-!DWxjTGBOH)BNxN59CR^#hxM}dAMMq
zp!fWxTny@8+9O!O_N=x-X6u&dRX9O#^QS`3VEc=+#FK)^+e^i0u=2atg^OASw$Z#x
zFoVdtJz_?77$&>rKnd!<TJ>x9B;-6To}Y(=u*0h&Ev<X29BQ4F)|^*&M;oy@vSxg`
z5M7c$72Fb+l-iIgK~1E42I|SM4zex9@^EV_s)a%iH)!L=zVV-S>EYFz#mInB=S0TL
zn2HKg(jqwAkN!iEjUV@FcyLOZ9BeFDC-e(e>V}{e#=ZFo*DI__%^i`PTRkkbFg3uf
zhz~0%DVbI>8K##^Eg4%fvSi}OnfSlp$oe9oU+ao^tf(UH25U2Y@z$0wIvELJ@X;`~
zWSbHUpS}s%w*AcmLi_*2acz8Sw>UvE75SQJ+|(|N?9$ol(%B`Nr(3F{C>kmP)pZbE
z$<_?TR~$vMq{ba%&i*N~LjAd7Bq)A(s+it6GTHYLt>eNe1v}a{2s6?rI*H1FdN@MY
z+lC9d`IEfbNU@Vj)h4UrMWeBU6IB(F;y@_*MCc;O!HO3S2m^xn%MF4O%-y<GoEfZ~
z=87Z2jVn(m6;}rPu%MZ(k6v<WP&nyHv0pG5gUI;p2C*tQRMIT=l##M}czxuwB<9iU
z!!jJ*kqi{aIQmQ%<*{L+(DQthmwuys*!wYjf*P#dqY1r#dDHH@{1ahjaH#wdAv3rl
zt&Q06xUE|dP@o9|gSy#@u(aiJ(2u(uw3d^t->=q1%fTOve1Eu5(6Qy@H(EAqCbi0m
zwD~4;TizL`i<8rurKXG1)1pf{b5mYRVEU*HeM(f>i{slwMmC}5bWqf3x~J&)kdX}|
z)|l7j_Mh_VdU3sQY7i-x!^^MRWHCFqp!Z&}e?X7z!%o`z{c<rY`1-7Ouu*e2>=Adg
z%v(Ng-f~dbW0^SafAe&>M;i~%|9Ai@C)JegtNL<NE=E20%E9WDgPpi!;N#BsY(v5I
zZ^@dDy<o;=$&Wc!qx9LN?m^w>+r{)WOE!bUsqNwz$Ek?V@#8}yVOi-q<>g5ib!4g<
zU#wx_Ip>n2|Ahj<nV(FAHD<L}iUKt`->dS=leLlQsPMvvQzv*jo<xxv9G*T}>@=vh
zEP*PsB2ijaeeB`mqM(Eawk-d)!)p5<!wQ_C1-Me0mc1-y6v^h2S=`j2B_TYu!7ITR
zkA$x@10U;-<IDIWiOI5W`L=7iaU<A28dn=Gpm|x{gdRcNCoc)vg$bv!)+;ZMj6;bW
z8IQn~mnTZS%Ie5yRKek~UR>@}`$?Q9a-m!p?0-kVL0kOcVPQnu3O_XoCBEww%?*T}
zJB7|cU49daxC5^r5Qe0ersB21ymgDkhr5Kejq>w222HOn5(|Ed5ge_q`ab_iL1vhe
Giu7Nx70e<4

delta 2751
zcmWmG^Ox5N7>41Q@62Rla!s~v+jc$KwkJH<wrx+ICVN}E+O2i#*1SJIT=yUFob#UZ
z#y&eA9UFT-dU>{}P*_;87b{|FhKFX#3b#U5gcWH;S&6K~RuU_zmCQ<RrLa<3sjSpi
z8Y``p&Ps1(urgZFRwgU6mBq?xWwWwdIjo#kE-S{$ZRN4@TKTN}RspM^RmduA6|st1
z#jN6139F=4$|`M@vC3NItnyX`tD;rOs%%xUs#?{o>Q)V_rd7+TZPl^rTJ@~@Rs*Y{
z)yQgWHL;pn&8+5D3#+Bo%4%)3vD#YgtoBw1tE1J)>TGqfx?0_=?p6=0r^P<Ktlm~1
ztFP71>TeCO23mux!PXFKs5Q(QZjG=;TBEGd));H7HO?AuO|T|fldQ?s6l<zA&6;k_
zuwt#5)+}qbHOI0w*P3U|w-#6ntwq*iYl*egT4pV`R#+>oRn}^2jkVTVXRWt3SR1WP
z)@Eyqwbj~YZMSw<JFQ*TZflRV*V<?8w+>hbtwYvf>xgyKI%XZWPFN?cQ`TwgjCIzE
zv(8!Ptqayg>ymZZx?;s!SFHr=nswc}VcoQDS+}h_)?MqKb>DhmJ+vNKuUU_+*R40K
zH?6m<x2<=qcdhrV_pJ}C53P@^kF6)xQ|p=aiS?=V+<IYsW_@mbVSQ<RWqoaZW4*M#
zwZ5~yw|=mGw0^RFwq9AkSif4oS-)F<Sbti7S$|vqSpQo8El~Ipg(HLrL?Q}_kQhmj
z6v>brDUcGWkQ!-_7U_^48ITdt$b`(uf~?4f?8t$f$b}f>MjqrvKIBIM6ht8uMiCT6
zF%(A$ltd|%Mj4bvIh02QR753IMio>=HB?6p)I=@RMjg~eJ=8}7G(;mbMiVqeGc-pF
zv_vbkMjNz6JG4g!bVMg~Mi+ENH*`l2^hB_KFZ4zq^hH1P#{dk(APmM348<@E#|VtX
zD2&D!jKw&N#{^8oBuvH>OvN-z#|*?`CT3wa=D?VXd6<s{ScpYfj3ro#Wmt|CScz3w
zjWt+{by$xL*oaNoj4jxTZP<<-*oj@(jXl_leb|o!IEX_yj3YRTV>pfzIEhm@jWall
zIGn?IT);(K!ev}RJgy=E*Ki#-a1*z18+ULQ_i!H%@DPvi8Xn_yyn#3I7T(4?co*;C
zeSClq@ew}86FkK;e1cE$953)0KF1gM5?|qKe1n(x7T@7}{D2?v6Mn`k{DNQc8-B+h
z_!EEOZ~TLQ@n84?g*bnN5P?WUArTTI36dfik|PCDA{A024bmbV(jx;hA{v>H8Cj4O
z*^nJMkQ2EOgWSl2yvT?AD1d?}gu*C-q9}&qD1nkFh0-X4vM7i0sDO&7gvzLbs;GwQ
zsDYZOh1#ftx~PZxXn=-jgvMxsrf7!dXn~e!h1O_;wrGd;=zxysgwE)KuIPsD=z*RH
z_V0z>=!3rKhyECVff$6r7=ob~hT#~2kr;*17=y7Ghw+$ziI{}Rn1ZR8hUu7rSj@yM
z%*GrTb1@I|u>cFP2#c`<OR)^gu>vcx3ahaOYq1XNu>l*g37fG6Td@t>u>(7?3%jug
zd$AAuaR3K#2#0Y5M{x|taRMiC3a4=fXG5127ux+a$;F5*VZpPv?#bvH4YobLwl$O@
zzQ?n;P`-#neZ9APSXli0=W(G|Nw%ep8694KS;EV>5IGm*e2@!4E(W<2<Z_TJLE?j4
z4U!P#T9E5OZUng*<W`W|LGA>(8{}S)`#~Or;uBsz4ArfhJTlp-u#}lov`#)DS$x`B
e8Nzo)#K)w$9%>L7S898^OQHBvRUU<!NBs}Fnkv%(

diff --git a/docs/index.html b/docs/index.html
index 83d4ce8ba81..56d7ed942ab 100644
--- a/docs/index.html
+++ b/docs/index.html
@@ -1,4 +1,4 @@
-<!-- RELEASE TIME : 2024-04-13 03:20:07 -->
+<!-- RELEASE TIME : 2024-04-13 23:25:31 -->
 <html lang="zh-cn">
 
  <head>
@@ -283,6 +283,86 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <th width="43%">TITLE</th>
        <th width="5%">URL</th>
       </tr>
+      <tr>
+       <td>ff20f9e131b02fcf47f054144fd32463</td>
+       <td>CVE-2024-3739</td>
+       <td>2024-04-13 19:15:53 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability classified as critical was found in cym1102 nginxWebUI up to 3.9.9. This vulnerability affects unknown code of the file /adminPage/main/upload. The manipulation of the argument file leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-260578 is the identifier assigned to this vulnerability.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3739">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>4ccfcb06f80909959f881e16781b18bf</td>
+       <td>CVE-2024-3738</td>
+       <td>2024-04-13 18:15:07 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability classified as critical has been found in cym1102 nginxWebUI up to 3.9.9. This affects the function handlePath of the file /adminPage/conf/saveCmd. The manipulation of the argument nginxPath leads to improper certificate validation. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260577 was assigned to this vulnerability.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3738">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>835c1d006d96d491862095cc05b3d57f</td>
+       <td>CVE-2024-3737</td>
+       <td>2024-04-13 17:15:50 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been rated as critical. Affected by this issue is the function findCountByQuery of the file /adminPage/www/addOver. The manipulation of the argument dir leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260576.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3737">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>63babce91580538085ca1cf65a58d9af</td>
+       <td>CVE-2024-32487</td>
+       <td>2024-04-13 15:15:52 <img src="imgs/new.gif" /></td>
+       <td>less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-32487">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>886a5a065150997c6a1672b5ef4e8f4b</td>
+       <td>CVE-2024-3736</td>
+       <td>2024-04-13 14:15:07 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability was found in cym1102 nginxWebUI up to 3.9.9. It has been declared as problematic. Affected by this vulnerability is the function upload of the file /adminPage/main/upload. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260575.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3736">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>4e583a2247233ca8c909462f2a208012</td>
+       <td>CVE-2024-3735</td>
+       <td>2024-04-13 13:15:46 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability was found in Smart Office up to 20240405. It has been classified as problematic. Affected is an unknown function of the file Main.aspx. The manipulation of the argument New Password/Confirm Password with the input 1 leads to weak password requirements. It is possible to launch the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. VDB-260574 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3735">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>fa25e69baf68c9828ef342387ff593c6</td>
+       <td>CVE-2024-3721</td>
+       <td>2024-04-13 12:15:12 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability was found in TBK DVR-4104 and DVR-4216 up to 20240412 and classified as critical. This issue affects some unknown processing of the file /device.rsp?opt=sys&cmd=___S_O_S_T_R_E_A_MAX___. The manipulation of the argument mdb/mdc leads to os command injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-260573 was assigned to this vulnerability.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3721">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>96f091e6f1eaaf18d3b11f8f9c7cd66c</td>
+       <td>CVE-2024-3720</td>
+       <td>2024-04-13 12:15:11 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability has been found in Tianwell Fire Intelligent Command Platform 1.1.1.1 and classified as critical. This vulnerability affects unknown code of the file /mfsNotice/page of the component API Interface. The manipulation of the argument gsdwid leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-260572.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3720">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>d060e0fe962b3d81454627d10fba89a5</td>
+       <td>CVE-2024-26817</td>
+       <td>2024-04-13 12:15:11 <img src="imgs/new.gif" /></td>
+       <td>In the Linux kernel, the following vulnerability has been resolved: amdkfd: use calloc instead of kzalloc to avoid integer overflow This uses calloc instead of doing the multiplication which might overflow.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-26817">详情</a></td>
+      </tr>
+
+      <tr>
+       <td>31ed67f1094c4ca8d945e256f6166b2c</td>
+       <td>CVE-2024-3719</td>
+       <td>2024-04-13 11:15:46 <img src="imgs/new.gif" /></td>
+       <td>A vulnerability, which was classified as critical, was found in Campcodes House Rental Management System 1.0. This affects an unknown part of the file ajax.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-260571.</td>
+       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3719">详情</a></td>
+      </tr>
+
       <tr>
        <td>4fb231048c1f9f7ab953622d4993218e</td>
        <td>CVE-2024-3698</td>
@@ -443,86 +523,6 @@ <h2><a href="https://exp-blog.com" target="_blank">眈眈探求</a> | <a href="h
        <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-32108">详情</a></td>
       </tr>
 
-      <tr>
-       <td>5b04a3e27db944229f192131fe1caf90</td>
-       <td>CVE-2024-31944</td>
-       <td>2024-04-10 18:15:08</td>
-       <td>Cross-Site Request Forgery (CSRF) vulnerability in Octolize WooCommerce UPS Shipping – Live Rates and Access Points.This issue affects WooCommerce UPS Shipping – Live Rates and Access Points: from n/a through 2.2.4.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31944">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>cdbe7700995e9888a647e8c1ae7d9e5d</td>
-       <td>CVE-2024-31943</td>
-       <td>2024-04-10 18:15:08</td>
-       <td>Cross-Site Request Forgery (CSRF) vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through 1.9.2.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31943">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>fc6d41a82e26c8569cb87356890f3624</td>
-       <td>CVE-2024-31461</td>
-       <td>2024-04-10 18:15:07</td>
-       <td>Plane, an open-source project management tool, has a Server-Side Request Forgery (SSRF) vulnerability in versions prior to 0.17-dev. This issue may allow an attacker to send arbitrary requests from the server hosting the application, potentially leading to unauthorized access to internal systems. The impact of this vulnerability includes, but is not limited to, unauthorized access to internal services accessible from the server, potential leakage of sensitive information from internal services, manipulation of internal systems by interacting with internal APIs. Version 0.17-dev contains a patch for this issue. Those who are unable to update immediately may mitigate the issue by restricting outgoing network connections from servers hosting the application to essential services only and/or implementing strict input validation on URLs or parameters that are used to generate server-side requests.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31461">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>6cca780c86ce5fa125cd1ce5392903e1</td>
-       <td>CVE-2024-31242</td>
-       <td>2024-04-10 18:15:07</td>
-       <td>Missing Authorization vulnerability in Bricksforge.This issue affects Bricksforge: from n/a through 2.0.17.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31242">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>b43b364de3a6ebb5359192440d49ef1e</td>
-       <td>CVE-2024-31230</td>
-       <td>2024-04-10 18:15:07</td>
-       <td>Missing Authorization vulnerability in ShortPixel ShortPixel Adaptive Images.This issue affects ShortPixel Adaptive Images: from n/a through 3.8.2.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31230">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>3a56c25d315675184cadfedd77c1ea2e</td>
-       <td>CVE-2024-31214</td>
-       <td>2024-04-10 18:15:07</td>
-       <td>Traccar is an open source GPS tracking system. Traccar versions 5.1 through 5.12 allow arbitrary files to be uploaded through the device image upload API. Attackers have full control over the file contents, full control over the directory where the file is stored, full control over the file extension, and partial control over the file name. While it's not for an attacker to overwrite an existing file, an attacker can create new files with certain names and attacker-controlled extensions anywhere on the file system. This can potentially lead to remote code execution, XSS, DOS, etc. The default install of Traccar makes this vulnerability more severe. Self-registration is enabled by default, allowing anyone to create an account to exploit this vulnerability. Traccar also runs by default with root/system privileges, allowing files to be placed anywhere on the file system. Version 6.0 contains a fix for the issue. One may also turn off self-registration by default, as that would make most vulnerabilities in the application much harder to exploit by default and reduce the severity considerably.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-31214">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>3f471ecf5f8dd2e5b932d7c9366e7b60</td>
-       <td>CVE-2024-3570</td>
-       <td>2024-04-10 17:15:58</td>
-       <td>A stored Cross-Site Scripting (XSS) vulnerability exists in the chat functionality of the mintplex-labs/anything-llm repository, allowing attackers to execute arbitrary JavaScript in the context of a user's session. By manipulating the ChatBot responses, an attacker can inject malicious scripts to perform actions on behalf of the user, such as creating a new admin account or changing the user's password, leading to a complete takeover of the AnythingLLM application. The vulnerability stems from the improper sanitization of user and ChatBot input, specifically through the use of `dangerouslySetInnerHTML`. Successful exploitation requires convincing an admin to add a malicious LocalAI ChatBot to their AnythingLLM instance.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3570">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>c6c2b4de3819a8a9e164ce228bf5af3d</td>
-       <td>CVE-2024-3569</td>
-       <td>2024-04-10 17:15:58</td>
-       <td>A Denial of Service (DoS) vulnerability exists in the mintplex-labs/anything-llm repository when the application is running in 'just me' mode with a password. An attacker can exploit this vulnerability by making a request to the endpoint using the [validatedRequest] middleware with a specially crafted 'Authorization:' header. This vulnerability leads to uncontrolled resource consumption, causing a DoS condition.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3569">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>da3606d440a3a32031edd55a2aaf4665</td>
-       <td>CVE-2024-3568</td>
-       <td>2024-04-10 17:15:58</td>
-       <td>The huggingface/transformers library is vulnerable to arbitrary code execution through deserialization of untrusted data within the `load_repo_checkpoint()` function of the `TFPreTrainedModel()` class. Attackers can execute arbitrary code and commands by crafting a malicious serialized payload, exploiting the use of `pickle.load()` on data from potentially untrusted sources. This vulnerability allows for remote code execution (RCE) by deceiving victims into loading a seemingly harmless checkpoint during a normal training process, thereby enabling attackers to execute arbitrary code on the targeted machine.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3568">详情</a></td>
-      </tr>
-
-      <tr>
-       <td>6514fc5e7e0ac13c0aa1d2fe4b25f166</td>
-       <td>CVE-2024-3388</td>
-       <td>2024-04-10 17:15:57</td>
-       <td>A vulnerability in the GlobalProtect Gateway in Palo Alto Networks PAN-OS software enables an authenticated attacker to impersonate another user and send network packets to internal assets. However, this vulnerability does not allow the attacker to receive response packets from those internal assets.</td>
-       <td><a target="_blank" href="https://www.tenable.com/cve/CVE-2024-3388">详情</a></td>
-      </tr>
-
      </tbody>
     </table>
    </div>